last executing test programs: 2m28.53481317s ago: executing program 2 (id=31): openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x4, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000000000e00000000000000008500000053000000850000005000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r1}, &(0x7f0000000040), &(0x7f0000000080)=r3}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a40)={{r0}, &(0x7f00000009c0), &(0x7f0000000a00)=r2}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000640)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="18080000cbb60000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000008000000bf092000000000000d1c0100000000009500000000000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000001c00000000000000bf9800000000000056080000000000008500000005000000b70000000200000095"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) 2m28.501097012s ago: executing program 2 (id=32): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) ioprio_set$pid(0x3, 0x0, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, r3) setpgid(0x0, r3) fchdir(r2) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 2m27.589145434s ago: executing program 2 (id=49): socket$vsock_stream(0x28, 0x1, 0x0) socket(0x1d, 0x2, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, 0x0, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f3}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x100, 0x3, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}}}, 0x24}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='-', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m26.676719286s ago: executing program 2 (id=53): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0xfffffe70, 0x1}}, 0x20) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80) pwritev2(r2, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5402, 0x3, 0x4) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(0x0, 0x0, 0x4000000000, 0xffffffffffffffff, 0xa) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) creat(&(0x7f0000000380)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1a, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x4000008]}) 2m25.388416654s ago: executing program 2 (id=56): r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f00000003c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xact\xf4\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xfbF\x99V4\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xe8\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`\x01Os\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x8f\x13\xda\x95\xec\"\x95\xc5B\x9dE\xe1\xd0_b\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W\x06|\x1c\x80\xbc\x840xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05000000000000"], 0x10) syz_usb_connect(0x6, 0x24, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) socket$nl_generic(0x10, 0x3, 0x10) unshare(0x8040480) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4c}, 0x8040) 4.166011736s ago: executing program 4 (id=989): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) unshare(0x62000000) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000100)={'raw\x00', 0x0, [0x401, 0x9, 0xfffffff9, 0x20b, 0x6]}, &(0x7f0000000040)=0x54) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) 4.161059816s ago: executing program 5 (id=1000): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x10, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x1}, 0x2002, 0x32, 0x43a1bd56, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000001140)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe880000000000000000000000000101ac1414bb000000000000005df981990000000000000000000a00000064000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="640101000000000000000000000000000000000032000000ac14143500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff00000000000000000000000800000000000000800000000000000000000000000200000000000000000000000a000400cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000002abd700028bd7000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018"], 0x1a0}}, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r4, 0x2285, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x47, 0xd, 0x0, @tick, {0x40, 0xff}, {0x10, 0x9}, @note={0xa, 0x8, 0xb0, 0x9, 0x3}}, {0x0, 0x0, 0x0, 0x0, @tick=0x46f, {}, {0x80, 0x1}, @connect={{0x40, 0x7}, {0x80, 0xf6}}}], 0x38) ppoll(&(0x7f0000000440)=[{r5, 0x1005}, {r4, 0x4242}], 0x2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002000)=@newtaction={0xeb4, 0x30, 0xb, 0x0, 0x0, {}, [{0xea0, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe54, 0x2, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x5, 0xa, 0x4, 0x1, 0x2000000}, 0x5, 0x1}, [{0x9, 0x80000001, 0x1, 0x630, 0x8, 0x1}, {0xdf, 0x4, 0x5, 0x5, 0x10, 0xe}, {0x1, 0x85a, 0x5, 0xe6db, 0x3, 0xfffffffc}, {0x6, 0x400, 0x9321, 0x9, 0x6, 0x7}, {0x5, 0x5, 0xffffffc0, 0x0, 0x3}, {0xe, 0xf5, 0x3, 0x9, 0xffffbff8, 0x3}, {0x0, 0x7, 0xfff, 0x2, 0x9163ef6c, 0x40080003}, {0x3, 0x3, 0x80, 0x0, 0xacc8, 0x2}, {0x8001, 0xffb, 0x9, 0xffff, 0xfffffffe, 0x81}, {0x8, 0xfff, 0x6, 0xeb84, 0x8, 0x30c4}, {0x7, 0x9, 0xfffffffc, 0x100, 0x4, 0x1000000}, {0x8004, 0x80000001, 0xfffffeff, 0xdf, 0x4, 0x5}, {0x0, 0x80000001, 0x9, 0x7, 0x7fffffff, 0x7}, {0x5, 0x2, 0xfffffffd, 0x9, 0x474, 0x1}, {0x7fffffff, 0x1, 0x8, 0xfffffff9, 0x6, 0xffffffff}, {0x24, 0x5, 0xf, 0x6, 0x6, 0x8000003}, {0xbb, 0x5, 0x2, 0x310, 0xf}, {0x9b7d, 0x52fc, 0x6, 0x40000003, 0x48, 0x9}, {0xbd, 0x8, 0x10, 0xe4d, 0x7f, 0x3}, {0x8, 0x9, 0x9, 0x27, 0x2, 0x5}, {0x4, 0x1000, 0x5, 0x6, 0x93e, 0x6}, {0x1, 0x7, 0x0, 0x1, 0xff, 0x3}, {0xb, 0x7f, 0xfffff417, 0x1, 0x3ff}, {0x4, 0x5, 0x7, 0xb, 0x8, 0x80004d}, {0x34db, 0x3, 0x3, 0x3ff, 0x1, 0x400}, {0x1, 0xcb1d, 0x8, 0x1, 0x0, 0x4}, {0x5, 0x3, 0x7, 0x8, 0x3, 0x984}, {0x2, 0xdfffffff, 0x3, 0x2, 0x9, 0x40}, {0x7, 0x281, 0x7fffffff, 0x381, 0x3, 0x8}, {0x5, 0x4, 0x1, 0x8, 0x4, 0x2f}, {0x6, 0x3, 0x4, 0xd1a1, 0x9, 0x7}, {0x5, 0x3, 0x8, 0x4, 0x16, 0x2}, {0x8001, 0x87, 0x6, 0x1, 0x3, 0x4}, {0x6, 0x9e4, 0x8b7f, 0x11, 0x6, 0x7}, {0x7, 0x1, 0x800, 0x70f, 0x8001, 0x3}, {0x4, 0x10, 0x6, 0x1, 0x4, 0x22ff}, {0x5, 0x10001, 0x9, 0x0, 0x10001, 0x7}, {0xf85, 0x2e, 0x100, 0x3, 0x100, 0xe60c}, {0x2, 0x5, 0x1, 0xe000000, 0xcb06}, {0x4e2, 0x6ae, 0x2, 0x100, 0x5, 0xd}, {0x1, 0xcad, 0xa5, 0x2, 0x4d800, 0x6}, {0x20, 0x7f, 0x33, 0x2, 0x400, 0x4}, {0x4, 0x62e, 0xb, 0x219c, 0x0, 0x5}, {0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0x945a, 0x0, 0x0, 0x8, 0x3}, {0xda1, 0x893, 0x2, 0x9, 0xfffffa2e, 0x6}, {0x1, 0xfffffff3, 0x7fffffff, 0x2, 0x0, 0x1}, {0x2, 0x8, 0x10000002, 0xe, 0x2, 0x2}, {0x6, 0x100, 0xe, 0x10000, 0x5, 0x7}, {0x0, 0x6, 0x7, 0x4, 0xc, 0x800}, {0x8, 0x10000, 0x1, 0x1, 0x7}, {0x7d5, 0x2, 0x4, 0x800, 0x1}, {0x1, 0x5, 0x6, 0x2, 0x8, 0xc}, {0x2, 0x1, 0x3, 0xc, 0x1, 0x2c3}, {0x1000, 0x3, 0xbc, 0x8001, 0xfa, 0x8}, {0x2, 0x3, 0x9, 0x50e, 0x55ac, 0xa5e2}, {0x0, 0x196680, 0xffffff91, 0x103, 0x3, 0x7}, {0x4, 0x4, 0x2, 0x1, 0x0, 0xe}, {0xfffffff5, 0x8, 0x7023, 0x8, 0x5, 0x851}, {0x3, 0x78, 0x7, 0xa, 0x5dec4cac, 0x6}, {0x4, 0x9, 0x3a, 0x2, 0x8, 0x602}, {0x4, 0x7fffffff, 0x8, 0x8, 0x8, 0xff}, {0x7, 0xfffffff1, 0x2f2c, 0x400, 0x6, 0x6}, {0x10001, 0x81, 0x40, 0x2, 0x89, 0x2}, {0x2, 0x8550, 0x4c, 0x3, 0xfffffffa, 0x736d}, {0x7f, 0x199, 0x5, 0x9, 0x7, 0x2}, {0x7, 0x1, 0x8, 0x7, 0x2, 0x7}, {0x9, 0x3f1, 0x4, 0x5, 0x5, 0x8}, {0x100, 0x3ff, 0x0, 0x7f53, 0x7, 0x1}, {0x3ff, 0xc, 0x6, 0x1, 0x4, 0x4}, {0x9, 0x381, 0xfff, 0x5d7c, 0x0, 0x8001}, {0x8, 0x0, 0x7, 0xfffffffb, 0x3ee, 0x4}, {0xbfffffe, 0x6, 0x101, 0x5, 0x400, 0x8000400}, {0x7fff, 0xb3, 0x2, 0x10000, 0x6, 0x14}, {0x0, 0x1, 0x4c90, 0x4, 0x2000007f, 0x8}, {0x5, 0x25b, 0x0, 0x3, 0x2, 0x2}, {0x29dbdf0, 0xd, 0xfffffffd, 0x7, 0x6, 0x3}, {0x7, 0x1, 0xa, 0x8, 0x5, 0x5}, {0x473, 0x8, 0x2, 0x400, 0x4000000, 0x69b3d6e6}, {0x1, 0xb7bb, 0x22800002, 0x3, 0x10, 0x5}, {0x7f, 0x7, 0x6, 0xffffffff, 0x3, 0x8}, {0xfffffff3, 0x5, 0xa, 0x40, 0x863, 0x2}, {0xb, 0x9, 0xc, 0x3c1, 0x6e, 0x4ce}, {0x6, 0xd, 0x6, 0xfb0000, 0x1, 0x7}, {0xe0, 0x100, 0x1, 0xb, 0x8, 0x7}, {0xfff, 0x21, 0x0, 0x38, 0x0, 0x9}, {0x82, 0x10, 0x401, 0x0, 0x4, 0xef}, {0x7, 0x2, 0x200, 0x8, 0x9, 0x2}, {0x9, 0x5, 0xa33f, 0x101, 0x2, 0x10001}, {0x1, 0x4, 0x800004, 0x10001, 0x2, 0xce}, {0x4, 0x8, 0x8, 0x3, 0xf, 0x9}, {0x8000006, 0x5, 0x8, 0xffffffff, 0x405b9, 0x6}, {0x9, 0x0, 0x9, 0x2, 0x20009}, {0x0, 0x2, 0xb, 0x7fffffff, 0xfc0, 0x7f1b4893}, {0x4, 0xd, 0x3, 0x4, 0x7, 0x7}, {0x4, 0x1ed, 0xe, 0x3, 0x3dcb, 0x9}, {0x200, 0x0, 0xe8, 0x1, 0x800000d4, 0x1}, {0xc651, 0x5f83, 0x2, 0x1, 0xd, 0x8}, {0xfff, 0x5, 0x1, 0x0, 0x49, 0x5}, {0x5, 0x3, 0x7, 0x97fd, 0xef, 0x202}, {0x2, 0xa, 0x1000, 0xfffffffe, 0x6, 0xe0}, {0x800, 0x4c, 0x7, 0x0, 0xfffffff7, 0x9}, {0x6, 0xffff, 0xffff8001, 0xa, 0xae36, 0x36b6800}, {0xcfb7, 0x0, 0x101, 0x2, 0x1, 0xae82}, {0x6, 0x800, 0xec3d, 0xffffffff, 0xea5, 0x3}, {0x9, 0x5, 0x2, 0x0, 0x0, 0x4000dc}, {0x6, 0x6, 0x0, 0x1e9, 0x6, 0x1}, {0x3, 0x7, 0x7, 0x3, 0x400, 0x81}, {0x970, 0x100, 0xb2eb, 0x2, 0x3, 0x9}, {0x3, 0x6, 0x8, 0x7, 0xd, 0x474c}, {0xf, 0x101, 0x9a, 0x1000, 0x2, 0xfffffffc}, {0x3, 0x98e, 0x1a5e666b, 0x10, 0x7, 0x9}, {0xfffffffb, 0x3, 0x3, 0x2ee8000, 0x8}, {0x3, 0x2, 0x2, 0x3, 0x3, 0x2}, {0x7, 0x4, 0x1, 0x7, 0x101, 0xef}, {0x70a0, 0x9, 0x425b597f, 0x1, 0x2, 0x7}, {0x6, 0xc000000, 0x402, 0x4, 0x8, 0x7}, {0x3, 0x6, 0x7, 0xfffffff9, 0x0, 0xffffffff}, {0x7, 0x9, 0x8, 0x0, 0x9, 0xd6}, {0x24, 0x10001, 0x6, 0x1, 0x39d6}, {0x401, 0x7d8, 0x9, 0x8000, 0xffff, 0x7}, {0x6, 0x92e4, 0x130, 0x0, 0x4, 0x9}, {0x0, 0x7fff, 0x7, 0x8001, 0x8, 0x5}, {0x7e, 0x800, 0xfffffff9, 0xa, 0x4b64, 0x80000001}, {0x2ad78a25, 0x202, 0x6, 0x6, 0x4, 0x8}, {0x2, 0x9, 0x0, 0x8a7, 0x129, 0xc}, {0x6, 0x2, 0x8, 0x3, 0xe01, 0xfffffff9}, {0x4a3, 0x0, 0x3, 0x514c, 0xf8a, 0x19}], [{0x1}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x1}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x3}, {}, {0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x1}, {0x3}, {0x2, 0x1}, {0x5}, {0x3}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x1, 0x1}, {}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {0x2}, {0x5}, {0x9, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x2}, {0x1}, {0x2, 0x1}, {0x6, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x2, 0x1}, {0x2}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x3}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x4, 0x1}, {0x2}, {0x3, 0x1}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x4}, {0x6, 0x1}, {0x5, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x4}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb4}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f0000000300)='GPL\x00', 0x4, 0x1002, &(0x7f00000014c0)=""/4098, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) 3.362174861s ago: executing program 5 (id=994): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r0) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, 0x0, 0x0) 3.333633322s ago: executing program 5 (id=995): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000500)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0xf241f1a146326c4, 0x2, 0x0) ptrace$ARCH_SHSTK_LOCK(0x1e, r0, 0x0, 0x5003) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0x177}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x7, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffff7}, 0x75) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0x1b) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) 3.207438141s ago: executing program 1 (id=997): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_config_ext={0x100000001, 0xdd5}, 0x0, 0x0, 0x10000, 0x2, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000000)={[{@max_batch_time={'max_batch_time', 0x3d, 0x101}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000140)={'pim6reg1\x00', {0x2, 0x4e24, @multicast1}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x4040, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) r3 = msgget$private(0x0, 0x790) msgsnd(r3, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0) msgsnd(r3, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x401, 0x0) msgctl$IPC_SET(r3, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401}) sendfile(r2, r1, 0x0, 0x7ffff000) 3.195628102s ago: executing program 4 (id=999): r0 = socket$rxrpc(0x21, 0x2, 0xa) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x8) socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') munmap(&(0x7f0000123000/0x4000)=nil, 0x4000) preadv(r1, &(0x7f0000000340)=[{&(0x7f0000003200)=""/4096, 0x1000}], 0x1, 0x2c2, 0xca) pselect6(0x40, &(0x7f0000000180)={0x0, 0x0, 0x12, 0x2, 0x6, 0x9, 0x40, 0x8000}, 0x0, &(0x7f0000000240)={0x1f, 0x112, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000004}, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000200), 0x4) pipe2$9p(&(0x7f0000000100), 0x4000) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TCSETSF(r3, 0x5433, 0x0) sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848160000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x80054) 2.812426768s ago: executing program 0 (id=1001): recvmsg(0xffffffffffffffff, 0x0, 0x1f00) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x10, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000000e000000bf09000000000000550901000074f6967d00000000000000180100002020709000000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000b40)=ANY=[@ANYRES32=r2, @ANYRES32], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, 0x0, 0x0}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 1.777609498s ago: executing program 1 (id=1003): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200c093, 0x2, @perf_bp={0x0, 0x8}, 0x24, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000000206efffffffffffffff0000070000000c000780080012400000ffff0500010006000000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x20004000) unshare(0x6a040000) socket$inet6(0xa, 0x2, 0x0) alarm(0x5) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000006800e977ffffffe5000000000a0000000000000004000400"], 0x1c}}, 0x0) unshare(0x48060080) r2 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r2, 0x84, 0x82, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 1.625011549s ago: executing program 0 (id=1005): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffffd, @empty, 0x4}], 0x1c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000140)={r2, 0x3}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000100)={r2, 0x3}, &(0x7f00000001c0)=0x8) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) r4 = socket(0x1e, 0x4, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000040)=""/102400, 0x19000, 0x10000002fc) connect$tipc(r4, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendfile(r4, r3, 0x0, 0x8010002b) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000100bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000592000009500000000000000a3028cb5af6c8f5d76781dcb7729f01726a067818b990b13bfddb7e78270010720596bb3b4d821d976f5843061cc2e3afbae82d7932d192321fa3b3042f100"/187], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x94) 1.547062615s ago: executing program 5 (id=1006): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r0) socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, 0x0, 0x0) 1.532776655s ago: executing program 5 (id=1007): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000180)='./file0\x00', r2, &(0x7f0000000100)='./file0/../file0\x00', 0x122) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000cc0)=ANY=[], 0x8, 0x2ef, &(0x7f00000007c0)="$eJzs3M9P02AYwPFnPxjbCIyD0WhieKMXvTQwPSuLgcS4RILM+CMxKdDpsrqRdcHMGMGTV+Mf4YFw5Eai/ANcvOnFizcuJh7kYKxZ1zIYHcjYGML3k5A+9H2f7n3bQp63oWw8ePc8n7W0rF6WYFRJQERkU2RQguIJuNugE0dku0W52vfzy8V7Dx/dSaXTY5NKjaemriWVUgNDH1+8irndVntlffDJxo/k9/Wz6+c3/kw9y1kqZ6lCsax0NV38VtanTUPN5qy8ptSEaeiWoXIFyyjV2ou19qxZnJurKL0w2x+fKxmWpfRCReWNiioXVblUUaGneq6gNE1T/XHBfjJLk5N6qsXkmTYPBh1SKqX0kIjEdrVklroyIAAA0FWN9X9QVDvr/+VLa+W++ysDbv2/GvGr/69/rR1rR/0fFRHf+t/7fN/6Xz9Y/b+7IjpdDlX/43gYiuzaFaiH1cZSSo+7P7+ON4+Xh52A+h8AAAAAAAAAAAAAAAAAAAAAgP/Bpm0nbNtOeFvvq1dEoiLife+TGhKRm10YMtroENcfJ0D9xb3wgIj5dj4zn6lt3Q5rImKKIcOSkN/O/eCqxt6bR6pqUD6ZC27+wnwm5LSkspJz8kck0SON+bY9fjs9NqJqdub3SHx7flIScsY/P+mbH5Erl7fla5KQzzNSFFNmnXHU81+PKHXrbrohP+b0AwAAAADgJNDUFt/1u6Y1a6/lb62vG58PhOrr62Hf9XlYLoS7O3cAAAAAAE4Lq/Iyr5umUdojiMn+fVoPwh06sjfDf83y/pahczPVzWiz8XgfvqMp6u5s+2kJHOC0NAmC0krWUHU26rCz8B4bNesjE6Mdu4J7B+fef/jVvgPeWInuM9PWg1DzGyAgsthzZL+AAAAAAByZevXv7Rnt7oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADiFjuK/o3V7jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBx8TcAAP//S2YCSA==") syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000280), 0xff, 0x25e, &(0x7f0000000e80)="$eJzs3U1IHGcYB/BnZndr1aXY9lIo/YBSSiuIvRV6sZcWhCJSSqEtWErppUULVulNe8olh+QYkuApFwm5xeQYvEguCYGcTOLBXAKJ5BDJIQnZsDsr+JVo3HUnZH4/WOfDd97nHWb+74g4GEBh9UXEUESUIqI/IioRkWxu8HH26WtuznUvjUXUaj/cTxrtsu3MxnG9ETEbEV9FxGKaxF/liOmFX1YfLn/32dGpyqdnFn7u7uhJNq2trny/fnrkyPnhL6evXr87ksRQVLecV/slu+wrJxHvHEaxV0RSznsE7Mfof+du1HP/bkR80sh/JdLILt6xyTcWK/HFqecde/zetfc7OVag/Wq1Sv0ZOFsDCieNiGok6UBEZOtpOjCQ/Qx/s9ST/j0x+W//nxNT43/kPVMB7VKNWPn2YteF3m35v1PK8g+8prJfSq38ODp/q76yXsp7QEBHfJAt6s///t9mPg/5h8KRfygu+Yfikn8oLvmH4pJ/KC75h4J42vxjv0275B+KS/6huA6c/xNPDm9QQEdszj8AUCy1rgO9Ndzel5CBXOQ9/wAAAAAAAAAAAAAAAAAAADvNdS+NbXza02N5zxaXT0asfZM13Vm/1Ph/xBFvNr72PEi29Jjsq8KL/fpRix206GzOb1+/dTvf+lc+zLf+zHjE7P8RMVgu77z/kub9d3Bv7/H9yu8tFnhJybbtr3/qbP3tHs/nW394OeJSff4Z3G3+SeO9xnL3+adav34t1v/nUYsdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0DHPAgAA///B2nXP") mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x4d) rename(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='io.stat\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) 1.488750768s ago: executing program 4 (id=1009): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x10000, 0x7, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) socket$inet6(0xa, 0x80002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x40d80, 0x0) r3 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf4039, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x6}, 0x100224, 0x1, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001380)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x50) 1.365461766s ago: executing program 3 (id=1011): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r0) r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_freezer_state(r1, &(0x7f00000000c0)='FROZEN\x00', 0x7) sendfile(r1, r1, 0x0, 0x8000002) 1.285742792s ago: executing program 4 (id=1012): bpf$ENABLE_STATS(0x20, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x4, 0x400, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc097, 0x2, @perf_config_ext={0x288}, 0xa216, 0x6, 0x11000, 0x4, 0x9484, 0x2001, 0x400, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x3) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) ioctl$FIONCLEX(r0, 0x5450) r1 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x2c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7, 0x2) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x26) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000000)={'\x00', 0x100, 0xe, 0x8001, 0x5, 0x10}) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) 1.283261792s ago: executing program 3 (id=1022): r0 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe) ioctl$XFS_IOC_OPEN_BY_HANDLE(r0, 0xc038586b, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x2080, &(0x7f0000000140)={@align=0x5, {0x1, 0x4, 0x4, 0x6}}, 0x8000, 0x0, 0x0}) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000080)={0x2c, @rand_addr=0x64010100, 0x4e22, 0x2, 'rr\x00', 0x10, 0xe1, 0x56}, 0x2c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = timerfd_create(0x9, 0x800) timerfd_gettime(r3, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x6, 0x0) r4 = openat$cgroup_freezer_state(r1, &(0x7f0000000300), 0x2, 0x0) sendfile(r4, r4, 0x0, 0x8000002) 1.254565124s ago: executing program 0 (id=1013): socket$inet6(0xa, 0x80002, 0x0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, @perf_config_ext={0x8, 0x7}, 0x0, 0x0, 0x0, 0x7, 0x8, 0x420005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) close(0xffffffffffffffff) socket(0x28, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000fc0)) close(0x3) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000440)=@gcm_256={{0x303}, "1d105d6dc35a1420", "352bfc0f38345beb42af86e952fefafa00f68b4e4047aaa9e100", '\x00', '\x00\x00\x00@\x00'}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0xb4, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0x400000f, 0x4, 0x0, 0x7fffffff}, 0x0, 0x0) shutdown(r0, 0x1) 607.559118ms ago: executing program 5 (id=1014): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_config_ext={0x100000001, 0xdd5}, 0x0, 0x0, 0x10000, 0x2, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000000)={[{@max_batch_time={'max_batch_time', 0x3d, 0x101}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000140)={'pim6reg1\x00', {0x2, 0x4e24, @multicast1}}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x4040, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) r3 = msgget$private(0x0, 0x790) msgsnd(r3, &(0x7f0000000d00)=ANY=[@ANYRES8], 0x401, 0x0) msgsnd(r3, &(0x7f0000000040)=ANY=[@ANYRESDEC], 0x401, 0x0) msgctl$IPC_SET(r3, 0x1, &(0x7f0000001000)={{0x0, 0x0, 0x0, 0x0, 0xee01, 0x52, 0x7}, 0x0, 0x0, 0xc7af, 0x4, 0x7fff, 0x7fffffff, 0x5, 0x180, 0x8, 0x401}) sendfile(r2, r1, 0x0, 0x7ffff000) 607.291388ms ago: executing program 3 (id=1015): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540), 0x0, 0x0, 0x0, 0x900}}], 0x1, 0x0) syz_open_dev$loop(&(0x7f0000000240), 0x2, 0x40000) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) open(0x0, 0x22700, 0x84) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6a0ac4ff000000027110b7000000000095001b0000"], &(0x7f0000000480)='GPL\x00'}, 0x94) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"}) syz_open_pts(r2, 0x141601) write(r1, &(0x7f0000000540)="10d48760b1dfb2c7da60dba488376bf9e2efeecec81038fd232abbc0d5b73e41dca95dc968a3afdbc1e12e4581a1405533f4f2dbfab979b8e4d27544a85a840c58fd3a6d017f4b39028a60ea34c54592ec954366d513b54a4ede4710571654b1806981ea8590f5fe4fcde8cdc3310dfa374233134ab7", 0xffffffffffffff3d) r3 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0xfffffffc, 0x40000, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x31}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48890}, 0x0) 595.061169ms ago: executing program 1 (id=1025): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffffd, @empty, 0x4}], 0x1c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000140)={r2, 0x3}, 0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000100)={r2, 0x3}, &(0x7f00000001c0)=0x8) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') pread64(r4, &(0x7f0000000040)=""/102400, 0x19000, 0x10000002fc) connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10) sendfile(0xffffffffffffffff, r3, 0x0, 0x8010002b) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000100bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000592000009500000000000000a3028cb5af6c8f5d76781dcb7729f01726a067818b990b13bfddb7e78270010720596bb3b4d821d976f5843061cc2e3afbae82d7932d192321fa3b3042f100"/187], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x94) 588.76542ms ago: executing program 4 (id=1016): recvmsg(0xffffffffffffffff, 0x0, 0x1f00) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x10, 0x17, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000000e000000bf09000000000000550901000074f6967d00000000000000180100002020709000000000002020207baaf8ff00000000bda100000000000027010000f8ffffffb702000008000000b7030000000000002500000006000000be91000000000000b502ecffffff00008500000005000000b70000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000b40)=ANY=[@ANYRES32=r2, @ANYRES32], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, 0x0, 0x0}, 0x20) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 492.837906ms ago: executing program 3 (id=1017): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x33fe0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1d, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40000100) r2 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x104101, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff) socket$kcm(0x10, 0x2, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0xfeff, &(0x7f0000000180)=[{&(0x7f0000000b40)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003402e60000000000000b94dcf5c0461c1d67f6f94007134cf6ee08021a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4803f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044084) 309.438288ms ago: executing program 1 (id=1018): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x9, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x2, 0x1}, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) socket$inet_udp(0x2, 0x2, 0x0) pipe2$9p(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(0x3) openat$cgroup_procs(r4, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) 254.183003ms ago: executing program 3 (id=1019): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./bus\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x376, &(0x7f0000000280)="$eJzs3c9rK1UUwPGTNEmTPF4nC1EUpBffRjdDG12LQd4DIeCj70V8TxCm7URDxqTMhGpEbLtyK+5dCS5KdxZcFLT/QDfudCOCu24EF3ahjsyvZJJM0hhTo+33AyU3994zc+/MLZxJmMz5m5++16w7et3oSDqvJCUiciFSkrREUuFr2i/nJG5fXrj16/fPPnhUywcV6l7l4YtlpdTK6jfvf1QIu50sy1np7fNfyj+fPXn29PmfD99tOKrhqFa7owy12f6xY2xaptpuOE1dqfuWaTimarQc0w7avwq3Y7V3drrKaG3fLu7YpuMoo9VVTbOrOm3VsbvKeMdotJSu6+p2USbJTmy9KWqHGxtGZcbgrTkPBlfEtl1jSUQKIy21w4UMCAAALNRw/p/2UvpZ8v/HslKt3t1QXud+/n/03Gnn1hvHK2H+f5JLyv9f+iHY1kD+711O9PP/dnB9UL88//9cpsr/A6MZ0c0yc/5fuoLBYDaruZGq1MA7264YxfD/13fw1tGaXyD/BwAAAAAAAAAAAAAAAAAAAADg/+DCdTXXdbXoNfrr30IQvse1lB9z/pe9Nu/su5z/6+zBo8eS92/c886x9clubbcWvIYdTkXEEvMPN+WthRhvbUR3HilPSb619sL4vd3akt9SqUvDi5d10aQkMhjvuvdeq95dV4EwvnebUjEeXxZNnojHf+2vTi++PBgf7j8nz9+JxeuiyXdb0hZLtv3I/v4/Xlfq1derQ/EFv5+I/PSvnxQAAAAAAOZMVz2J1++6Pq49+JWRSt3/mMiUNdHk9+Tr+7XE6/OM9kxm0bMHAAAAAOBmcLofNg1Jm7ZfsKykQkEGa6Jv/RM7e4VC8naSC5mBmqyIJHbODdVkJ215KTbDKYdh5CR4gslUnScUvoiO6t+Jig6pN/BeU/6y4zyxEM3fr0llZp2OZaX2xV8A+/GmtEwRnhke/KpXoRI73xm7nYNwIr2a6GOj3JjjLPeHa5bDiORdZEdq3NRsC+Cpz7787Z+un37h5eNwBXxweecDy3T3xk1wUiGfeFh4PA4AAABwDfWT/qjmlXhz/EEi8Yfl8M09AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzNJcfKvMLrjauadFzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP4r/goAAP//Di7sEA==") sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, 0x0, 0x4000) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x800000, 0x3fff8001}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x5, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000440)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000000180), 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000007}, 0x44040) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x5000000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0) write$selinux_load(r2, &(0x7f0000000000)=ANY=[], 0xfd44) r4 = socket(0x2, 0x80805, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e22, 0x200003, 'lblc\x00', 0x1, 0x9, 0x1006a}, 0x2c) 253.587782ms ago: executing program 0 (id=1020): r0 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe) ioctl$XFS_IOC_OPEN_BY_HANDLE(r0, 0xc038586b, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x2080, &(0x7f0000000140)={@align=0x5, {0x1, 0x4, 0x4, 0x6}}, 0x8000, 0x0, 0x0}) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000080)={0x2c, @rand_addr=0x64010100, 0x4e22, 0x2, 'rr\x00', 0x10, 0xe1, 0x56}, 0x2c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = timerfd_create(0x9, 0x800) timerfd_gettime(r3, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x6, 0x0) r4 = openat$cgroup_freezer_state(r1, &(0x7f0000000300), 0x2, 0x0) write$cgroup_freezer_state(r4, &(0x7f00000000c0)='FROZEN\x00', 0x7) 218.935965ms ago: executing program 1 (id=1021): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r4) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=@newtfilter={0x88, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x8, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0x10200, 0x3, 0x6, 0x7}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x8080) r8 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000140)=@xdp={0x2c, 0x8, r7, 0x3c}, 0x80, &(0x7f0000000280)=[{&(0x7f00000002c0)="d4", 0x1}], 0x1}, 0x4011) 166.203848ms ago: executing program 0 (id=1023): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x800) r3 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r2) r4 = socket(0x1e, 0x4, 0x0) sendmmsg$unix(r4, 0x0, 0x0, 0x0) r5 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) close(r5) 118.885441ms ago: executing program 3 (id=1024): syz_mount_image$ext4(&(0x7f0000000d80)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x21881e, &(0x7f00000000c0)={[{@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@stripe={'stripe', 0x3d, 0x6}}]}, 0x1, 0x50f, &(0x7f0000000dc0)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0hQWt1km8bVT1AOUCQqgSokeQtiHxRlHsOIqd0oQ9pGeuSFTiBEf+AG5IPSFx5ILgxqUckPgRgRokDoNmPMk6WbuJNokdxZ+PNJr35s36+32bnffWL4lfACPrdkTsR8RERLwbEbP59UJ+xFudI73vk4NHK4cHj1YKkSTv/LOQtafXouvPpG7lr1mOiO9/O+JHhSfjtnb3Npbr9dp2Xp9vN7bmW7t799Yby2u1tdpmtbq0uLTwxv3Xq5fW15caE3npix//Yf9rP0nTmsmvdPfjMnW6XjqOkxqPiO9eRbAhGMv7MzHsRHgqxYh4PiJezp7/2RjLvpoAwE2WJLORzHbXAYCbrpitgRWKlXwtYCaKxUqls4b3QkwX681W++7D5s7mametbC5KxYfr9dpCvlY4F6VCWl/Myo/r1VP1+xHxXET8bHIqq1dWmvXVYf7HBwBG2K1T8/9/JjvzPwBww5WHnQAAMHDmfwAYPeZ/ABg95n8AGD2d+X9q2GkAAAPk/T8AjB7zPwCMlO+9/XZ6JIf551+vvre7s9F8795qrbVRaeysVFaa21uVtWZzLfvMnsZZr1dvNrcWX4ud9+e+vtVqz7d29x40mjub7QfZ53o/qJWyu/YH0DMAoJ/nXvroz4V0Rn5zKjuiay+H0lAzA65acdgJAEMzNuwEgKGx2xeMrgu8x7c8ADdEjy16j/3+W0lS7vULQkmSJFebFnCF7nzO+j+Mqq71fz8FDCPG+j+MLuv/MLqSpHDePf/jvDcCANebNX6gz/f/n8/Pv86/OfDD1dN3fHiVWQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD1drT/byXfC3wmisVKJeKZiJiLUuHher22EBHPRsSfJkuTaX1xyDkDABdV/Fsh3//rzuyrMyeaXrx1XJyIiB//4p2fv7/cbm//MWKi8K/Jo+vtD/Pr1cFnDwCc7Wiezs5db+Q/OXi0cnQMMp+/fzMiyp34hwcTcXgcfzzGs3M5ShEx/e9CXu8odK1dXMT+BxHx2V79L8RMtgbS2fn0dPw09jMDjV88Eb+YtXXO6d/FZy4hFxg1H6Xjz1u9nr9i3M7OvZ//cjZCXVw+/qUvtXKYjYGP4x+Nf2N9xr/b543x2u++0ylNPdn2QcTnxyOOYh92jT9H8Qt94r96+sX6DIh/+cKLL/fLLfllxJ3oHb871ny7sTXf2t27t95YXqut1Tar1aXFpYU37r9enc/WqOf7zwb/ePPus/3a0v5P94lfPqP/X+4b8aRf/e/dH3zpU+J/9ZVe8YvxwqfET+fEr5wz/vL0b8r92tL4q336f9bX/+4543/8170ntg0HAIantbu3sVyv17b7Fn47ffY9CgoDKaT/ZK9BGj0L3xhUrIno3fTTVzrP9KmmJHmqWCfHicfvHC9j1Q24Do4f+oj477CTAQAAAAAAAAAAAAAAehrEbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcXP8PAAD//9140jY=") r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000580)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x57, 0x7fc00100}]}) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000740)={0x0}) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r4, 0xc0182101, &(0x7f00000000c0)={r5}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000080)={r6, 0x3, r3, 0x5}) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x1c) 0s ago: executing program 1 (id=1026): r0 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe) ioctl$XFS_IOC_OPEN_BY_HANDLE(r0, 0xc038586b, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x2080, &(0x7f0000000140)={@align=0x5, {0x1, 0x4, 0x4, 0x6}}, 0x8000, 0x0, 0x0}) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000080)={0x2c, @rand_addr=0x64010100, 0x4e22, 0x2, 'rr\x00', 0x10, 0xe1, 0x56}, 0x2c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = timerfd_create(0x9, 0x800) timerfd_gettime(r3, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x6, 0x0) r4 = openat$cgroup_freezer_state(r1, &(0x7f0000000300), 0x2, 0x0) sendfile(r4, r4, 0x0, 0x8000002) kernel console output (not intermixed with test programs): dy. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 55.824768][ T4533] team0: Mode changed to "loadbalance" [ 55.883601][ T4547] veth0_to_bridge: Caught tx_queue_len zero misconfig [ 55.981303][ T4550] netlink: 'syz.3.255': attribute type 21 has an invalid length. [ 55.990336][ T4550] netlink: 128 bytes leftover after parsing attributes in process `syz.3.255'. [ 56.003619][ T4550] netlink: 'syz.3.255': attribute type 4 has an invalid length. [ 56.033491][ T4550] netlink: 'syz.3.255': attribute type 3 has an invalid length. [ 56.045678][ T4550] netlink: 3 bytes leftover after parsing attributes in process `syz.3.255'. [ 56.378614][ T4560] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.386551][ T4560] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.442029][ T4560] bridge0: entered allmulticast mode [ 56.484265][ T4567] batadv_slave_0: Caught tx_queue_len zero misconfig [ 56.507977][ T4570] netlink: 'syz.3.260': attribute type 1 has an invalid length. [ 56.528971][ T4570] 8021q: adding VLAN 0 to HW filter on device bond1 [ 56.542082][ T4570] vlan2: entered promiscuous mode [ 56.549837][ T4570] bond1: entered promiscuous mode [ 56.555176][ T4570] vlan2: entered allmulticast mode [ 56.561719][ T4570] bond1: entered allmulticast mode [ 56.574727][ T4570] bond1: (slave bridge1): making interface the new active one [ 56.582379][ T4570] bridge1: entered promiscuous mode [ 56.587955][ T4570] bridge1: entered allmulticast mode [ 56.594601][ T4570] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 56.657581][ T4575] syzkaller0: entered promiscuous mode [ 56.663260][ T4575] syzkaller0: entered allmulticast mode [ 57.560074][ T4602] __nla_validate_parse: 1 callbacks suppressed [ 57.560127][ T4602] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.270'. [ 57.577389][ T4602] netlink: zone id is out of range [ 57.582611][ T4602] netlink: zone id is out of range [ 57.596501][ T4602] netlink: set zone limit has 8 unknown bytes [ 57.725178][ T4599] veth3: entered allmulticast mode [ 58.007658][ T4599] bond1: (slave veth3): Enslaving as an active interface with an up link [ 58.043977][ T4604] bond1 (unregistering): (slave veth3): Releasing backup interface [ 58.088133][ T4604] bond1 (unregistering): Released all slaves [ 58.771808][ T28] kauditd_printk_skb: 10 callbacks suppressed [ 58.771823][ T28] audit: type=1400 audit(1775753432.864:508): avc: denied { create } for pid=4605 comm="syz.1.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 58.846239][ T28] audit: type=1400 audit(1775753432.864:509): avc: denied { write } for pid=4605 comm="syz.1.273" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 59.098516][ T28] audit: type=1400 audit(1775753433.194:510): avc: denied { name_bind } for pid=4628 comm="syz.0.278" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 59.122402][ T4633] netlink: 'syz.1.280': attribute type 1 has an invalid length. [ 59.136577][ T4633] bond2: entered promiscuous mode [ 59.141802][ T4633] bond2: entered allmulticast mode [ 59.147320][ T4633] 8021q: adding VLAN 0 to HW filter on device bond2 [ 59.157588][ T4633] netlink: 4 bytes leftover after parsing attributes in process `syz.1.280'. [ 59.194435][ T4633] bond2 (unregistering): Released all slaves [ 59.350887][ T28] audit: type=1400 audit(1775753433.444:511): avc: denied { read } for pid=4649 comm="syz.1.284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 59.862225][ T4656] netlink: 'syz.3.286': attribute type 1 has an invalid length. [ 59.870213][ T28] audit: type=1400 audit(1775753433.964:512): avc: denied { write } for pid=4653 comm="syz.4.285" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.873688][ T4654] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 59.873688][ T4654] program syz.4.285 not setting count and/or reply_len properly [ 59.903164][ T28] audit: type=1400 audit(1775753433.964:513): avc: denied { open } for pid=4653 comm="syz.4.285" path="/dev/sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.914634][ T4656] 8021q: adding VLAN 0 to HW filter on device bond2 [ 59.974206][ T4656] ipvlan2: entered allmulticast mode [ 59.979711][ T4656] bond2: entered allmulticast mode [ 59.992820][ T4656] bond2: (slave bridge2): making interface the new active one [ 60.000498][ T4656] bridge2: entered allmulticast mode [ 60.006749][ T4656] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 60.066419][ T28] audit: type=1400 audit(1775753434.164:514): avc: denied { nlmsg_write } for pid=4659 comm="syz.4.287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 60.121097][ T28] audit: type=1400 audit(1775753434.164:515): avc: denied { audit_write } for pid=4659 comm="syz.4.287" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 60.142346][ T28] audit: type=1107 audit(1775753434.164:516): pid=4659 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 60.163902][ T28] audit: type=1400 audit(1775753434.184:517): avc: denied { firmware_load } for pid=4659 comm="syz.4.287" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 61.695284][ T4746] 8021q: adding VLAN 0 to HW filter on device bond1 [ 61.742350][ T4746] bond1: (slave ip6gretap1): making interface the new active one [ 61.770363][ T4746] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 62.999288][ T4784] netlink: 8 bytes leftover after parsing attributes in process `syz.5.317'. [ 63.699909][ T4807] l2tp_ppp: sess 2/0: no socket in recv [ 63.887837][ T4814] netlink: 108 bytes leftover after parsing attributes in process `syz.3.325'. [ 64.566548][ T4829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.329'. [ 64.608896][ T4829] macvlan2: entered promiscuous mode [ 64.618782][ T4829] bond0: entered promiscuous mode [ 64.660738][ T4829] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 64.727563][ T4835] netlink: 24 bytes leftover after parsing attributes in process `syz.4.333'. [ 64.757172][ T4835] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4835 comm=syz.4.333 [ 64.984989][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 64.985004][ T28] audit: type=1400 audit(1775753439.084:527): avc: denied { create } for pid=4843 comm="syz.4.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 65.547923][ T4862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.344'. [ 65.706448][ T4862] veth0_macvtap: left promiscuous mode [ 66.598924][ T4868] netlink: 24 bytes leftover after parsing attributes in process `syz.5.346'. [ 67.422426][ T4868] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4868 comm=syz.5.346 [ 67.860487][ T28] audit: type=1326 audit(1775753441.954:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 67.949867][ T28] audit: type=1326 audit(1775753441.954:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 68.011556][ T28] audit: type=1326 audit(1775753441.954:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 68.034896][ T4882] tipc: Enabled bearer , priority 0 [ 68.035833][ T4883] audit: audit_backlog=65 > audit_backlog_limit=64 [ 68.041705][ T28] audit: type=1326 audit(1775753441.954:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 68.071580][ T28] audit: type=1326 audit(1775753441.954:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 68.095179][ T4883] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 68.102935][ T4883] audit: backlog limit exceeded [ 68.108604][ T4886] syzkaller0: entered promiscuous mode [ 68.123382][ T28] audit: type=1326 audit(1775753441.954:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4874 comm="syz.0.349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 68.133594][ T4886] syzkaller0: entered allmulticast mode [ 68.288601][ T4882] tipc: Resetting bearer [ 68.304995][ T4881] tipc: Resetting bearer [ 68.335409][ T4881] tipc: Disabling bearer [ 68.344316][ T4891] loop5: detected capacity change from 0 to 512 [ 68.365881][ T4891] vfat: Unknown parameter '' [ 68.452927][ T4903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.358'. [ 68.653879][ T4911] netlink: 24 bytes leftover after parsing attributes in process `syz.3.361'. [ 68.741675][ T4911] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4911 comm=syz.3.361 [ 69.814361][ T4930] syzkaller0: entered promiscuous mode [ 69.823438][ T4930] syzkaller0: entered allmulticast mode [ 69.953203][ T4933] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.368'. [ 69.983553][ T4933] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 70.032183][ T4936] syzkaller0: entered promiscuous mode [ 70.056834][ T4936] 0: reclassify loop, rule prio 0, protocol 800 [ 71.077361][ T28] kauditd_printk_skb: 90 callbacks suppressed [ 71.077376][ T28] audit: type=1400 audit(1775761637.168:624): avc: denied { create } for pid=4968 comm="syz.5.375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 71.133503][ T4971] netlink: 24 bytes leftover after parsing attributes in process `syz.0.374'. [ 71.190727][ T4971] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=4971 comm=syz.0.374 [ 71.285498][ T4979] lo: Caught tx_queue_len zero misconfig [ 71.300131][ T4979] sch_tbf: burst 19872 is lower than device lo mtu (32783) ! [ 71.391339][ T4980] sch_tbf: burst 6281 is lower than device lo mtu (32783) ! [ 71.399548][ T4977] loop5: detected capacity change from 0 to 1024 [ 71.434858][ T4977] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 71.731820][ T28] audit: type=1400 audit(1775761637.818:625): avc: denied { setopt } for pid=4986 comm="syz.3.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 71.781753][ T28] audit: type=1400 audit(1775761637.838:626): avc: denied { listen } for pid=4986 comm="syz.3.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 71.824781][ T3705] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.837874][ T28] audit: type=1400 audit(1775761637.848:627): avc: denied { accept } for pid=4986 comm="syz.3.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 72.405574][ T5003] loop4: detected capacity change from 0 to 512 [ 72.517681][ T5003] EXT4-fs warning (device loop4): ext4_enable_quotas:7261: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 72.534926][ T5003] EXT4-fs (loop4): mount failed [ 74.022861][ T5018] netlink: 4 bytes leftover after parsing attributes in process `syz.4.386'. [ 74.099026][ T5018] veth0_macvtap: left promiscuous mode [ 74.212668][ T5026] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_vlan, syncid = 2, id = 0 [ 74.286171][ T5030] netlink: 24 bytes leftover after parsing attributes in process `syz.1.390'. [ 74.308150][ T28] audit: type=1400 audit(1775761640.388:628): avc: denied { setopt } for pid=5027 comm="syz.4.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 74.366016][ T5030] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5030 comm=syz.1.390 [ 74.654742][ T28] audit: type=1400 audit(1775761640.738:629): avc: denied { write } for pid=5024 comm="syz.5.388" path="socket:[10072]" dev="sockfs" ino=10072 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 76.323378][ T28] audit: type=1400 audit(1775761642.408:630): avc: denied { read } for pid=5056 comm="syz.4.400" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 76.338762][ T5059] netlink: 28 bytes leftover after parsing attributes in process `syz.0.401'. [ 76.609973][ T5063] loop5: detected capacity change from 0 to 512 [ 76.661987][ T5063] EXT4-fs warning (device loop5): ext4_enable_quotas:7261: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 76.664184][ T5063] EXT4-fs (loop5): mount failed [ 76.890809][ T5072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.402'. [ 77.034932][ T5070] loop4: detected capacity change from 0 to 8192 [ 77.056889][ T5070] bio_check_eod: 27 callbacks suppressed [ 77.056903][ T5070] syz.4.403: attempt to access beyond end of device [ 77.056903][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.056924][ T5070] buffer_io_error: 57 callbacks suppressed [ 77.056933][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057148][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057148][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057195][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057224][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057224][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057319][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057370][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057370][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057487][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057536][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057536][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057577][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057601][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057601][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057620][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057734][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057734][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057753][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057800][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057800][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057834][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.057964][ T5070] syz.4.403: attempt to access beyond end of device [ 77.057964][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.057983][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.058013][ T5070] syz.4.403: attempt to access beyond end of device [ 77.058013][ T5070] loop4: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 77.058076][ T5070] Buffer I/O error on dev loop4, logical block 57847, async page read [ 77.154118][ T5078] netlink: 'syz.0.412': attribute type 13 has an invalid length. [ 77.810450][ T5078] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 77.882244][ T5091] netlink: 24 bytes leftover after parsing attributes in process `syz.3.405'. [ 77.933377][ T5091] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5091 comm=syz.3.405 [ 77.951500][ T5093] netlink: 'syz.4.416': attribute type 1 has an invalid length. [ 77.967610][ T5093] bond2: entered promiscuous mode [ 77.973603][ T5093] 8021q: adding VLAN 0 to HW filter on device bond2 [ 78.036761][ T5093] vlan3: entered allmulticast mode [ 78.036782][ T5093] bond2: entered allmulticast mode [ 78.075705][ T5093] bond2: (slave bridge1): making interface the new active one [ 78.075791][ T5093] bridge1: entered promiscuous mode [ 78.075917][ T5093] bridge1: entered allmulticast mode [ 78.081001][ T5093] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 79.278707][ T5118] xt_CT: You must specify a L4 protocol and not use inversions on it [ 81.094705][ T5165] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.154630][ T5166] netlink: 108 bytes leftover after parsing attributes in process `syz.5.424'. [ 81.249903][ T5165] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.320813][ T5165] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.407766][ T5165] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.563431][ T3975] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.578257][ T3975] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.606884][ T3975] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.657197][ T3975] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.183439][ T5197] xt_hashlimit: size too large, truncated to 1048576 [ 82.957690][ T5209] syzkaller0: entered promiscuous mode [ 82.957749][ T5209] syzkaller0: entered allmulticast mode [ 83.505967][ T5231] loop1: detected capacity change from 0 to 1024 [ 83.544407][ T5231] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 83.577572][ T5231] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 83.600392][ T5231] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 83.611131][ T5231] EXT4-fs error (device loop1): ext4_get_journal_inode:5888: inode #5: comm syz.1.449: unexpected bad inode w/o EXT4_IGET_BAD [ 83.624560][ T5231] loop1: lost file I/O error report for ino 5 type 5 pos 0x0 len 0x0 error -117 [ 83.625433][ T5231] EXT4-fs (loop1): no journal found [ 83.634586][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 83.634608][ C1] EXT4-fs (loop1): initial error at time 1775761649: ext4_get_journal_inode:5888: inode 5 [ 83.634650][ C1] EXT4-fs (loop1): last error at time 1775761649: ext4_get_journal_inode:5888: inode 5 [ 83.673753][ T5231] EXT4-fs (loop1): can't get journal size [ 83.680616][ T5231] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 83.710433][ T5237] tunl0: Caught tx_queue_len zero misconfig [ 83.823760][ T28] audit: type=1400 audit(1775761649.918:631): avc: denied { bind } for pid=5230 comm="syz.1.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 83.862435][ T28] audit: type=1400 audit(1775761649.918:632): avc: denied { listen } for pid=5230 comm="syz.1.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 83.882700][ T28] audit: type=1400 audit(1775761649.918:633): avc: denied { accept } for pid=5230 comm="syz.1.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 84.097639][ T5245] loop5: detected capacity change from 0 to 128 [ 84.588618][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.630802][ T5257] netlink: 'syz.1.447': attribute type 13 has an invalid length. [ 84.886575][ T5259] netlink: 84 bytes leftover after parsing attributes in process `syz.1.447'. [ 85.637463][ T5285] netlink: 'syz.1.456': attribute type 13 has an invalid length. [ 85.677580][ T5285] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 85.778639][ T5289] loop4: detected capacity change from 0 to 512 [ 85.808452][ T5293] syz.3.459 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 85.879549][ T5289] ------------[ cut here ]------------ [ 85.888818][ T5289] EA inode 11 i_nlink=0 [ 85.888990][ T5289] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#0: syz.4.457/5289 [ 85.904930][ T5289] Modules linked in: [ 85.909200][ T5289] CPU: 0 UID: 0 PID: 5289 Comm: syz.4.457 Tainted: G W syzkaller #0 PREEMPT(full) [ 85.920860][ T5289] Tainted: [W]=WARN [ 85.925207][ T5289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 85.936120][ T5289] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350 [ 85.943593][ T5289] Code: 54 33 99 ff 4c 8d 2d 9d a5 5d 05 49 8d 7e 40 e8 94 cc b5 ff 49 8b 6e 40 4c 89 e7 e8 c8 c7 b5 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 1f e8 dd 03 66 66 66 66 66 66 2e [ 85.964230][ T5289] RSP: 0018:ffffc9000174f5a8 EFLAGS: 00010246 [ 85.971251][ T5289] RAX: ffff8881019e3d08 RBX: ffff8881004b01a8 RCX: ffffffff81c02778 [ 85.979453][ T5289] RDX: 0000000000000000 RSI: 000000000000000b RDI: ffffffff871dcd00 [ 85.987750][ T5289] RBP: 000000000000000b R08: 00018881004b015b R09: 0000000000000000 [ 85.989618][ T5290] loop1: detected capacity change from 0 to 512 [ 85.996161][ T5289] R10: ffffc9000174f4d8 R11: 0001c9000174f4d8 R12: ffff8881004b0158 [ 86.011040][ T5289] R13: ffffffff871dcd00 R14: ffff8881004b0110 R15: 0000000000000001 [ 86.019473][ T5289] FS: 00007fd6be0876c0(0000) GS:ffff8882ae8d7000(0000) knlGS:0000000000000000 [ 86.029158][ T5289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.034947][ T5293] CPU: 1 UID: 0 PID: 5293 Comm: syz.3.459 Tainted: G W syzkaller #0 PREEMPT(full) [ 86.034978][ T5293] Tainted: [W]=WARN [ 86.034985][ T5293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 86.034997][ T5293] Call Trace: [ 86.035072][ T5293] [ 86.035079][ T5293] __dump_stack+0x1d/0x30 [ 86.035139][ T5293] dump_stack_lvl+0x95/0xd0 [ 86.035165][ T5293] dump_stack+0x15/0x1b [ 86.035185][ T5293] dump_header+0x80/0x240 [ 86.035328][ T5293] oom_kill_process+0x295/0x350 [ 86.035403][ T5293] out_of_memory+0x97d/0xb80 [ 86.035425][ T5293] try_charge_memcg+0x62e/0xa10 [ 86.035462][ T5293] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 86.035521][ T5293] __swap_cache_prepare_and_add+0x67/0x460 [ 86.035550][ T5293] ? alloc_pages_mpol+0x217/0x260 [ 86.035593][ T5293] swap_cache_alloc_folio+0xa2/0x120 [ 86.035620][ T5293] swap_cluster_readahead+0x26e/0x3d0 [ 86.035651][ T5293] swapin_readahead+0xde/0x840 [ 86.035723][ T5293] ? _raw_spin_unlock+0x9/0x30 [ 86.035749][ T5293] ? swap_put_entries_cluster+0x385/0x3a0 [ 86.035781][ T5293] ? swap_put_entries_cluster+0x161/0x3a0 [ 86.035919][ T5293] ? __rcu_read_unlock+0x4e/0x70 [ 86.035941][ T5293] ? swap_cache_get_folio+0x26f/0x280 [ 86.036038][ T5293] do_swap_page+0x2fe/0x21e0 [ 86.036064][ T5293] ? css_rstat_updated+0xbb/0x280 [ 86.036123][ T5293] ? __rcu_read_lock+0x36/0x50 [ 86.036140][ T5293] ? pte_offset_map_rw_nolock+0x19e/0x200 [ 86.036167][ T5293] handle_mm_fault+0xb46/0x3020 [ 86.036199][ T5293] ? vma_start_read+0x1c7/0x2c0 [ 86.036265][ T5293] do_user_addr_fault+0x62f/0x1050 [ 86.036339][ T5293] ? fpregs_assert_state_consistent+0xb3/0xe0 [ 86.036364][ T5293] ? arch_exit_to_user_mode_prepare+0x26/0x80 [ 86.036422][ T5293] ? trace_page_fault_user+0x1f/0xe0 [ 86.036450][ T5293] exc_page_fault+0x62/0xa0 [ 86.036470][ T5293] asm_exc_page_fault+0x26/0x30 [ 86.036490][ T5293] RIP: 0033:0x7f342b73d020 [ 86.036643][ T5293] Code: 6f 46 50 0f 29 44 24 50 f3 0f 6f 46 60 0f 29 44 24 60 f3 0f 6f 46 70 0f 29 44 24 70 e9 5d ff ff ff e8 04 1d 04 00 0f 1f 40 00 <8b> 07 f6 07 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 [ 86.036658][ T5293] RSP: 002b:00007ffc94956028 EFLAGS: 00010246 [ 86.036675][ T5293] RAX: 0000000000000000 RBX: 00005555743e1500 RCX: 0000000000000000 [ 86.036688][ T5293] RDX: 0000000000000000 RSI: 00000000000000e6 RDI: 00005555743e1808 [ 86.036700][ T5293] RBP: 00007f342b9f7da0 R08: 00007ffc94956080 R09: 0000000000000000 [ 86.036714][ T5293] R10: 0000000000000000 R11: 00005555743e1808 R12: 000000000001506f [ 86.036727][ T5293] R13: 00007f342b9f609c R14: 0000000000014da9 R15: 00007ffc949561b0 [ 86.036814][ T5293] [ 86.066701][ T5293] memory: usage 231924kB, limit 307200kB, failcnt 363 [ 86.066718][ T5293] memory+swap: usage 232632kB, limit 9007199254740988kB, failcnt 0 [ 86.066731][ T5293] kmem: usage 231160kB, limit 9007199254740988kB, failcnt 0 [ 86.066744][ T5293] Memory cgroup stats for /syz3: [ 86.067051][ T5293] cache 524288 [ 86.067060][ T5293] rss 16384 [ 86.067093][ T5293] shmem 0 [ 86.067100][ T5293] mapped_file 65536 [ 86.067108][ T5293] dirty 0 [ 86.067139][ T5293] writeback 0 [ 86.067146][ T5293] workingset_refault_anon 1579 [ 86.067154][ T5293] workingset_refault_file 257 [ 86.067162][ T5293] swap 724992 [ 86.067169][ T5293] swapcached 8323072 [ 86.067176][ T5293] pgpgin 58080 [ 86.067241][ T5293] pgpgout 57946 [ 86.067249][ T5293] pgfault 71898 [ 86.067256][ T5293] pgmajfault 37 [ 86.067263][ T5293] inactive_anon 4096 [ 86.067270][ T5293] active_anon 20480 [ 86.067278][ T5293] inactive_file 0 [ 86.067319][ T5293] active_file 446464 [ 86.067327][ T5293] unevictable 0 [ 86.067334][ T5293] hierarchical_memory_limit 314572800 [ 86.067342][ T5293] hierarchical_memsw_limit 9223372036854771712 [ 86.067351][ T5293] total_cache 524288 [ 86.067359][ T5293] total_rss 16384 [ 86.067366][ T5293] total_shmem 0 [ 86.067372][ T5293] total_mapped_file 65536 [ 86.067380][ T5293] total_dirty 0 [ 86.067387][ T5293] total_writeback 0 [ 86.067394][ T5293] total_workingset_refault_anon 1579 [ 86.067436][ T5293] total_workingset_refault_file 257 [ 86.067444][ T5293] total_swap 724992 [ 86.067452][ T5293] total_swapcached 8323072 [ 86.067460][ T5293] total_pgpgin 58080 [ 86.067467][ T5293] total_pgpgout 57946 [ 86.067553][ T5293] total_pgfault 71898 [ 86.067561][ T5293] total_pgmajfault 37 [ 86.067568][ T5293] total_inactive_anon 4096 [ 86.067575][ T5293] total_active_anon 20480 [ 86.067588][ T5293] total_inactive_file 0 [ 86.067596][ T5293] total_active_file 446464 [ 86.067603][ T5293] total_unevictable 0 [ 86.067612][ T5293] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.459,pid=5293,uid=0 [ 86.067715][ T5293] Memory cgroup out of memory: Killed process 5293 (syz.3.459) total-vm:96212kB, anon-rss:1236kB, file-rss:22084kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:0 [ 86.270370][ T28] audit: type=1400 audit(1775761652.358:634): avc: denied { unmount } for pid=3705 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 86.279210][ T5289] CR2: 0000000000000000 CR3: 00000001021ce000 CR4: 00000000003506f0 [ 86.475909][ T5290] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.476921][ T5289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 86.598340][ T5289] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 86.607590][ T5289] Call Trace: [ 86.611090][ T5289] [ 86.614271][ T5289] ext4_xattr_set_entry+0x77c/0x1010 [ 86.619979][ T5289] ext4_xattr_ibody_set+0x184/0x3c0 [ 86.625540][ T5289] ext4_expand_extra_isize_ea+0xd7b/0x11a0 [ 86.631749][ T5289] __ext4_expand_extra_isize+0x246/0x280 [ 86.639240][ T5289] __ext4_mark_inode_dirty+0x29b/0x400 [ 86.645180][ T5289] ext4_evict_inode+0x865/0xe40 [ 86.650400][ T5289] ? __pfx_ext4_evict_inode+0x10/0x10 [ 86.656080][ T5289] evict+0x2af/0x510 [ 86.660269][ T5289] ? __pfx_ext4_drop_inode+0x10/0x10 [ 86.666020][ T5289] ? iput+0x1ea/0x580 [ 86.670211][ T5289] iput+0x41a/0x580 [ 86.674323][ T5289] ext4_process_orphan+0x1a9/0x1c0 [ 86.679960][ T5289] ext4_orphan_cleanup+0x6a8/0xa00 [ 86.685706][ T5289] ext4_fill_super+0x3414/0x37c0 [ 86.691549][ T5289] ? sb_set_blocksize+0x85/0x170 [ 86.697549][ T5289] ? set_blocksize+0x14c/0x270 [ 86.703040][ T5289] ? setup_bdev_super+0x30e/0x370 [ 86.708510][ T5289] ? __pfx_ext4_fill_super+0x10/0x10 [ 86.720779][ T5289] get_tree_bdev_flags+0x291/0x300 [ 86.726443][ T5289] ? __pfx_ext4_fill_super+0x10/0x10 [ 86.732509][ T5289] get_tree_bdev+0x1f/0x30 [ 86.737363][ T5289] ext4_get_tree+0x1c/0x30 [ 86.742360][ T5289] vfs_get_tree+0x57/0x1d0 [ 86.747270][ T5289] do_new_mount+0x288/0x8d0 [ 86.752351][ T5289] path_mount+0x4d0/0xbc0 [ 86.757328][ T5289] __se_sys_mount+0x28c/0x2e0 [ 86.762310][ T5289] ? perf_pending_task+0x1df/0x210 [ 86.767860][ T5289] __x64_sys_mount+0x67/0x80 [ 86.772790][ T5289] x64_sys_call+0x2d61/0x3020 [ 86.778110][ T5289] do_syscall_64+0x12c/0x370 [ 86.783190][ T5289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.789570][ T5289] RIP: 0033:0x7fd6bf62da8a [ 86.794290][ T5289] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 86.814768][ T5289] RSP: 002b:00007fd6be086e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 86.823840][ T5289] RAX: ffffffffffffffda RBX: 00007fd6be086ee0 RCX: 00007fd6bf62da8a [ 86.832179][ T5289] RDX: 0000200000000180 RSI: 0000200000000000 RDI: 00007fd6be086ea0 [ 86.840940][ T5289] RBP: 0000200000000180 R08: 00007fd6be086ee0 R09: 0000000000000000 [ 86.849540][ T5289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 [ 86.857970][ T5289] R13: 00007fd6be086ea0 R14: 000000000000047a R15: 0000200000000080 [ 86.866990][ T5289] [ 86.870210][ T5289] ---[ end trace 0000000000000000 ]--- [ 86.877221][ T5289] EXT4-fs error (device loop4): ext4_free_inode:354: comm syz.4.457: bit already cleared for inode 11 [ 86.888467][ T5289] loop4: lost filesystem error report for type 5 error -117 [ 86.903356][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 86.917401][ C0] EXT4-fs (loop4): initial error at time 1775761652: ext4_free_inode:354 [ 86.925867][ C0] EXT4-fs (loop4): last error at time 1775761652: ext4_free_inode:354 [ 86.938479][ T5289] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 86.948392][ T5289] loop4: lost filesystem error report for type 5 error -117 [ 86.953168][ T5289] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 86.969946][ T5289] loop4: lost filesystem error report for type 5 error -117 [ 86.973724][ T5289] EXT4-fs (loop4): 1 orphan inode deleted [ 86.993769][ T5289] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.042758][ T5308] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.063891][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.114639][ T5314] xt_hashlimit: size too large, truncated to 1048576 [ 87.124287][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.135723][ T5308] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.187697][ T5308] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.257296][ T5308] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.284501][ T28] audit: type=1400 audit(1775761653.378:635): avc: denied { listen } for pid=5320 comm="syz.4.464" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 87.351366][ T4016] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.360190][ T4016] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.368957][ T4016] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.383467][ T4016] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.569168][ T5338] bridge0: entered promiscuous mode [ 89.443122][ T5361] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 89.473635][ T5361] syzkaller0: entered promiscuous mode [ 89.488106][ T5361] syzkaller0: entered allmulticast mode [ 89.636112][ T5364] tipc: Enabling of bearer rejected, failed to enable media [ 89.673432][ T5359] netlink: 'syz.3.474': attribute type 13 has an invalid length. [ 89.725255][ T5359] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 90.506864][ T5380] loop1: detected capacity change from 0 to 128 [ 90.872236][ T28] audit: type=1326 audit(1775761656.958:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5400 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 90.872295][ T28] audit: type=1326 audit(1775761656.958:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5400 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 90.872318][ T28] audit: type=1326 audit(1775761656.958:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5400 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 90.953774][ T28] audit: type=1326 audit(1775761657.048:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5400 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 90.953802][ T28] audit: type=1326 audit(1775761657.048:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5400 comm="syz.1.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 91.763850][ T5424] loop5: detected capacity change from 0 to 8192 [ 91.803656][ T3304] loop5: p1 < > p2 p4 < p5 > [ 91.808512][ T3304] loop5: partition table partially beyond EOD, truncated [ 91.815860][ T3304] loop5: p1 start 134217728 is beyond EOD, truncated [ 91.823183][ T3304] loop5: p2 size 591360 extends beyond EOD, truncated [ 91.831764][ T3304] loop5: p5 size 591360 extends beyond EOD, truncated [ 91.841829][ T5424] loop5: p1 < > p2 p4 < p5 > [ 91.846775][ T5424] loop5: partition table partially beyond EOD, truncated [ 91.855074][ T5424] loop5: p1 start 134217728 is beyond EOD, truncated [ 91.861917][ T5424] loop5: p2 size 591360 extends beyond EOD, truncated [ 91.870416][ T5424] loop5: p5 size 591360 extends beyond EOD, truncated [ 91.895405][ T5424] xt_hashlimit: size too large, truncated to 1048576 [ 92.069050][ T5429] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.081472][ T28] audit: type=1326 audit(1775761658.178:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 92.156066][ T28] audit: type=1326 audit(1775761658.178:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 92.179651][ T28] audit: type=1326 audit(1775761658.178:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 92.203561][ T28] audit: type=1326 audit(1775761658.178:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 92.227263][ T28] audit: type=1326 audit(1775761658.178:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5432 comm="syz.0.508" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 92.319945][ T5439] netlink: 12 bytes leftover after parsing attributes in process `syz.1.500'. [ 92.356822][ T5439] veth5: entered allmulticast mode [ 92.364243][ T5439] bond2: (slave veth5): Enslaving as an active interface with an up link [ 92.381034][ T5439] bond2 (unregistering): (slave veth5): Releasing backup interface [ 92.392136][ T5439] bond2 (unregistering): Released all slaves [ 94.351839][ T5475] loop4: detected capacity change from 0 to 8192 [ 94.451581][ T5475] loop4: p1 < > p2 p4 < p5 > [ 94.456534][ T5475] loop4: partition table partially beyond EOD, truncated [ 94.464092][ T5475] loop4: p1 start 134217728 is beyond EOD, truncated [ 94.470899][ T5475] loop4: p2 size 591360 extends beyond EOD, truncated [ 94.480069][ T5475] loop4: p5 size 591360 extends beyond EOD, truncated [ 94.494889][ T5475] xt_hashlimit: size too large, truncated to 1048576 [ 95.144293][ T5487] loop5: detected capacity change from 0 to 512 [ 95.164278][ T5487] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 95.211400][ T5487] EXT4-fs (loop5): 1 truncate cleaned up [ 95.253450][ T5487] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.651060][ T5500] syzkaller0: entered promiscuous mode [ 95.673375][ T5500] syzkaller0: entered allmulticast mode [ 96.832404][ T5515] tipc: Enabled bearer , priority 0 [ 96.894042][ T5515] syzkaller0: entered promiscuous mode [ 96.905638][ T5515] syzkaller0: entered allmulticast mode [ 96.980663][ T5515] tipc: Resetting bearer [ 97.003668][ T5513] tipc: Resetting bearer [ 97.025819][ T5513] tipc: Disabling bearer [ 97.607176][ T5527] loop1: detected capacity change from 0 to 1024 [ 97.772374][ T5527] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 97.933987][ T3705] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.249187][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.003778][ T28] kauditd_printk_skb: 25 callbacks suppressed [ 99.003791][ T28] audit: type=1326 audit(1775761665.088:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 99.063940][ T28] audit: type=1326 audit(1775761665.098:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 99.094410][ T28] audit: type=1326 audit(1775761665.188:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 99.118114][ T28] audit: type=1326 audit(1775761665.188:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 99.152071][ T28] audit: type=1326 audit(1775761665.238:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 100.052244][ T28] audit: type=1326 audit(1775761665.238:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 100.136778][ T28] audit: type=1326 audit(1775761665.238:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 100.261075][ T5550] IPVS: Unknown mcast interface: veth1_vlan [ 100.275510][ T28] audit: type=1326 audit(1775761665.238:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 100.300271][ T28] audit: type=1326 audit(1775761665.238:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 100.333093][ T28] audit: type=1326 audit(1775761665.238:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5532 comm="syz.1.536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 101.658785][ T5575] loop5: detected capacity change from 0 to 128 [ 101.964203][ T5583] tipc: Started in network mode [ 101.969355][ T5583] tipc: Node identity aaaaaaaaaa38, cluster identity 4711 [ 101.976615][ T5583] tipc: Enabled bearer , priority 0 [ 102.285800][ T5574] bio_check_eod: 3284 callbacks suppressed [ 102.285819][ T5574] syz.5.548: attempt to access beyond end of device [ 102.285819][ T5574] loop5: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 102.308637][ T5574] syz.5.548: attempt to access beyond end of device [ 102.308637][ T5574] loop5: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 102.322117][ T5574] syz.5.548: attempt to access beyond end of device [ 102.322117][ T5574] loop5: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 102.335622][ T5574] syz.5.548: attempt to access beyond end of device [ 102.335622][ T5574] loop5: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 102.349106][ T5574] syz.5.548: attempt to access beyond end of device [ 102.349106][ T5574] loop5: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 102.382845][ T5574] syz.5.548: attempt to access beyond end of device [ 102.382845][ T5574] loop5: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 102.403432][ T5574] syz.5.548: attempt to access beyond end of device [ 102.403432][ T5574] loop5: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 102.417153][ T5574] syz.5.548: attempt to access beyond end of device [ 102.417153][ T5574] loop5: rw=2049, sector=265, nr_sectors = 16 limit=128 [ 102.431008][ T5574] syz.5.548: attempt to access beyond end of device [ 102.431008][ T5574] loop5: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 102.444727][ T5574] syz.5.548: attempt to access beyond end of device [ 102.444727][ T5574] loop5: rw=2049, sector=305, nr_sectors = 8 limit=128 [ 103.272312][ T10] tipc: Node number set to 9611946 [ 104.442720][ T5627] loop1: detected capacity change from 0 to 8192 [ 105.465734][ T5642] xt_hashlimit: size too large, truncated to 1048576 [ 105.654272][ T3304] loop1: p1 < > p2 p4 < p5 > [ 105.658988][ T3304] loop1: partition table partially beyond EOD, truncated [ 105.673502][ T3304] loop1: p1 start 134217728 is beyond EOD, truncated [ 105.680603][ T3304] loop1: p2 size 591360 extends beyond EOD, truncated [ 105.732985][ T3304] loop1: p5 size 591360 extends beyond EOD, truncated [ 105.794831][ T5627] loop1: p1 < > p2 p4 < p5 > [ 105.888410][ T5627] loop1: partition table partially beyond EOD, truncated [ 105.993514][ T5627] loop1: p1 start 134217728 is beyond EOD, truncated [ 106.030689][ T5627] loop1: p2 size 591360 extends beyond EOD, truncated [ 106.088260][ T5627] loop1: p5 size 591360 extends beyond EOD, truncated [ 106.138124][ T2999] loop1: p1 < > p2 p4 < p5 > [ 106.158116][ T2999] loop1: partition table partially beyond EOD, truncated [ 106.158251][ T2999] loop1: p1 start 134217728 is beyond EOD, truncated [ 106.158266][ T2999] loop1: p2 size 591360 extends beyond EOD, truncated [ 106.161490][ T2999] loop1: p5 size 591360 extends beyond EOD, truncated [ 106.759254][ T5674] loop4: detected capacity change from 0 to 1024 [ 106.785502][ T5674] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 106.951642][ T5679] hub 9-0:1.0: USB hub found [ 106.956358][ T5679] hub 9-0:1.0: 8 ports detected [ 107.732271][ T5685] loop1: detected capacity change from 0 to 512 [ 107.760424][ T5685] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 107.799426][ T5685] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 107.808081][ T5685] infiniband syz!: RDMA CMA: cma_listen_on_dev, error -98 [ 107.843969][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.891420][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.573396][ T3372] IPVS: starting estimator thread 0... [ 109.685483][ T5715] IPVS: using max 2400 ests per chain, 120000 per kthread [ 110.735774][ T5740] bridge_slave_0: left allmulticast mode [ 110.743693][ T5740] bridge_slave_0: left promiscuous mode [ 110.749400][ T5740] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.759443][ T5740] bridge_slave_1: left allmulticast mode [ 110.771817][ T5740] bridge_slave_1: left promiscuous mode [ 110.800067][ T5740] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.826900][ T5740] bond0: (slave bond_slave_0): Releasing backup interface [ 110.848789][ T5740] bond0: (slave bond_slave_1): Releasing backup interface [ 110.849667][ T5742] netlink: 4 bytes leftover after parsing attributes in process `syz.3.586'. [ 110.887148][ T5740] team0: Port device team_slave_0 removed [ 110.912886][ T5740] team0: Port device team_slave_1 removed [ 110.934648][ T5740] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.957981][ T5740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 110.976679][ T5740] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 111.006393][ T5741] team0: Mode changed to "loadbalance" [ 111.094274][ T28] kauditd_printk_skb: 67 callbacks suppressed [ 111.094289][ T28] audit: type=1400 audit(1775769869.181:748): avc: denied { write } for pid=5743 comm="syz.4.587" name="ipv6_route" dev="proc" ino=4026532909 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 111.356417][ T28] audit: type=1400 audit(1775769869.451:749): avc: denied { mounton } for pid=5749 comm="syz.5.588" path="/90/file0" dev="tmpfs" ino=485 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 112.038420][ T5765] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_vlan, syncid = 2, id = 0 [ 112.152464][ T5757] loop1: detected capacity change from 0 to 2048 [ 112.216017][ T3304] Alternate GPT is invalid, using primary GPT. [ 112.222811][ T3304] loop1: p2 p3 p7 [ 112.273777][ T28] audit: type=1400 audit(1775769870.361:750): avc: denied { create } for pid=5768 comm="syz.0.595" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 112.293833][ T5757] Alternate GPT is invalid, using primary GPT. [ 112.317271][ T5757] loop1: p2 p3 p7 [ 112.421285][ T28] audit: type=1400 audit(1775769870.511:751): avc: denied { allowed } for pid=5773 comm="syz.0.597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 113.227005][ T28] audit: type=1400 audit(1775769871.321:752): avc: denied { write } for pid=5798 comm="syz.5.605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 114.455613][ T28] audit: type=1400 audit(1775769872.531:753): avc: denied { create } for pid=5819 comm="syz.3.611" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 115.074471][ T28] audit: type=1400 audit(1775769873.171:754): avc: denied { mount } for pid=5849 comm="syz.4.622" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 115.254553][ T5850] loop4: detected capacity change from 0 to 1024 [ 115.271014][ T5838] loop5: detected capacity change from 0 to 2048 [ 115.280927][ T5850] EXT4-fs: Ignoring removed orlov option [ 115.337875][ T5838] Alternate GPT is invalid, using primary GPT. [ 115.345367][ T5850] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.379171][ T28] audit: type=1400 audit(1775769873.461:755): avc: denied { add_name } for pid=5849 comm="syz.4.622" name="cgroup.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 115.407699][ T5838] loop5: p2 p3 p7 [ 115.546731][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.575601][ T2999] Alternate GPT is invalid, using primary GPT. [ 115.582013][ T2999] loop5: p2 p3 p7 [ 115.602240][ T5865] netlink: 'syz.4.628': attribute type 1 has an invalid length. [ 115.658523][ T5865] bond3: entered promiscuous mode [ 115.663927][ T5865] bond3: entered allmulticast mode [ 115.667751][ T5869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.628'. [ 115.669860][ T5865] 8021q: adding VLAN 0 to HW filter on device bond3 [ 115.700727][ T5869] bond3 (unregistering): Released all slaves [ 115.705879][ T5871] loop1: detected capacity change from 0 to 512 [ 115.736062][ T5871] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.749954][ T5871] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 116.019567][ T5871] EXT4-fs (loop1): shut down requested (0) [ 116.320011][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.375175][ T5886] lo: Caught tx_queue_len zero misconfig [ 116.488526][ T5890] loop5: detected capacity change from 0 to 8192 [ 116.501123][ T5890] bio_check_eod: 100 callbacks suppressed [ 116.501138][ T5890] syz.5.634: attempt to access beyond end of device [ 116.501138][ T5890] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.523402][ T5890] buffer_io_error: 3284 callbacks suppressed [ 116.523416][ T5890] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.538267][ T5890] syz.5.634: attempt to access beyond end of device [ 116.538267][ T5890] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.552582][ T5890] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.561128][ T5890] syz.5.634: attempt to access beyond end of device [ 116.561128][ T5890] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.575579][ T5890] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.585307][ T5891] syz.5.634: attempt to access beyond end of device [ 116.585307][ T5891] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.602566][ T5891] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.611166][ T5890] syz.5.634: attempt to access beyond end of device [ 116.611166][ T5890] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.625792][ T5890] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.645058][ T5891] syz.5.634: attempt to access beyond end of device [ 116.645058][ T5891] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.661610][ T5891] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.669973][ T5891] syz.5.634: attempt to access beyond end of device [ 116.669973][ T5891] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.684449][ T5891] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.692720][ T5890] syz.5.634: attempt to access beyond end of device [ 116.692720][ T5890] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.706848][ T5890] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.715173][ T5892] syz.5.634: attempt to access beyond end of device [ 116.715173][ T5892] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.780938][ T5892] Buffer I/O error on dev loop5, logical block 57847, async page read [ 116.794063][ T5905] syz.5.634: attempt to access beyond end of device [ 116.794063][ T5905] loop5: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 116.808242][ T5905] Buffer I/O error on dev loop5, logical block 57847, async page read [ 117.453174][ T5916] netlink: 24 bytes leftover after parsing attributes in process `syz.4.642'. [ 117.507697][ T28] audit: type=1400 audit(1775769875.601:756): avc: denied { connect } for pid=5910 comm="syz.0.641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 117.552331][ T5916] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=5916 comm=syz.4.642 [ 117.569845][ T28] audit: type=1400 audit(1775769875.661:757): avc: denied { ioctl } for pid=5910 comm="syz.0.641" path="socket:[13644]" dev="sockfs" ino=13644 ioctlcmd=0x8906 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 118.270468][ T5919] loop4: detected capacity change from 0 to 2048 [ 118.461740][ T5919] Alternate GPT is invalid, using primary GPT. [ 118.486429][ T5919] loop4: p2 p3 p7 [ 119.033003][ T28] audit: type=1400 audit(1775769877.081:758): avc: denied { read } for pid=5941 comm="syz.3.650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 119.171496][ T3303] udevd[3303]: inotify_add_watch(7, /dev/loop4p7, 10) failed: No such file or directory [ 119.182922][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 119.194059][ T3304] udevd[3304]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory [ 119.481954][ T5961] SELinux: policydb magic number 0x38539469 does not match expected magic number 0xf97cff8c [ 119.492234][ T28] audit: type=1400 audit(1775769877.571:759): avc: denied { load_policy } for pid=5957 comm="syz.4.656" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 119.555409][ T5961] SELinux: failed to load policy [ 119.616474][ T5963] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 119.616701][ T3372] IPVS: starting estimator thread 0... [ 119.724642][ T5965] IPVS: using max 2400 ests per chain, 120000 per kthread [ 119.861272][ T28] audit: type=1400 audit(1775769877.951:760): avc: denied { recv } for pid=3705 comm="syz-executor" saddr=10.128.0.163 src=30036 daddr=10.128.0.54 dest=60896 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 121.963036][ T28] audit: type=1400 audit(1775769880.051:761): avc: denied { shutdown } for pid=5996 comm="syz.0.667" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 122.203850][ T5999] syzkaller0: entered promiscuous mode [ 122.233467][ T5999] syzkaller0: entered allmulticast mode [ 123.216066][ T6009] netlink: 24 bytes leftover after parsing attributes in process `syz.0.670'. [ 123.421166][ T6012] netlink: 'syz.5.671': attribute type 1 has an invalid length. [ 124.116569][ T6019] netlink: 4 bytes leftover after parsing attributes in process `syz.5.671'. [ 124.494532][ T6019] bond1 (unregistering): Released all slaves [ 125.151136][ T6027] syzkaller0: entered promiscuous mode [ 125.193062][ T6027] 0: reclassify loop, rule prio 0, protocol 800 [ 125.347486][ T6036] loop1: detected capacity change from 0 to 512 [ 125.396888][ T6036] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.677: bg 0: block 248: padding at end of block bitmap is not set [ 125.462386][ T6036] loop1: lost filesystem error report for type 5 error -117 [ 125.462759][ T6036] Quota error (device loop1): write_blk: dquota write failed [ 125.470188][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 125.470203][ C1] EXT4-fs (loop1): last error at time 1775769883: ext4_validate_block_bitmap:441 [ 125.530415][ T6047] netlink: 'syz.0.679': attribute type 4 has an invalid length. [ 125.577595][ T6036] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 125.603300][ T6036] EXT4-fs error (device loop1): ext4_acquire_dquot:7026: comm syz.1.677: Failed to acquire dquot type 1 [ 125.646370][ T6036] loop1: lost filesystem error report for type 5 error -28 [ 125.647291][ T6036] EXT4-fs (loop1): 1 truncate cleaned up [ 125.705739][ T6036] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.748316][ T6036] ext4 filesystem being mounted at /134/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.893454][ T28] audit: type=1400 audit(1775769883.891:762): avc: denied { shutdown } for pid=6035 comm="syz.1.677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 126.030026][ T28] audit: type=1400 audit(1775769884.121:763): avc: denied { remove_name } for pid=6035 comm="syz.1.677" name="file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 126.052916][ T6036] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 126.064201][ T6036] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 126.075105][ T6036] EXT4-fs error (device loop1): ext4_acquire_dquot:7026: comm syz.1.677: Failed to acquire dquot type 1 [ 126.583160][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.623729][ T324] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 126.637614][ T324] EXT4-fs error (device loop1): ext4_release_dquot:7062: comm kworker/u8:6: Failed to release dquot type 1 [ 126.650439][ T324] loop1: lost filesystem error report for type 5 error -117 [ 126.780738][ T6122] loop1: detected capacity change from 0 to 256 [ 126.829390][ T6122] FAT-fs (loop1): Directory bread(block 64) failed [ 126.836281][ T6122] FAT-fs (loop1): Directory bread(block 65) failed [ 126.842852][ T6122] FAT-fs (loop1): Directory bread(block 66) failed [ 126.849616][ T6122] FAT-fs (loop1): Directory bread(block 67) failed [ 126.856382][ T6122] FAT-fs (loop1): Directory bread(block 68) failed [ 126.894270][ T6122] FAT-fs (loop1): Directory bread(block 69) failed [ 126.900914][ T6122] FAT-fs (loop1): Directory bread(block 70) failed [ 126.918688][ T6124] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 126.923093][ T6122] FAT-fs (loop1): Directory bread(block 71) failed [ 126.936586][ T6122] FAT-fs (loop1): Directory bread(block 72) failed [ 126.943180][ T6122] FAT-fs (loop1): Directory bread(block 73) failed [ 126.961076][ T28] audit: type=1400 audit(1775769885.051:764): avc: denied { ioctl } for pid=6119 comm="syz.0.684" path="socket:[14369]" dev="sockfs" ino=14369 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 126.990893][ T6124] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 127.007378][ T28] audit: type=1400 audit(1775769885.061:765): avc: denied { write } for pid=6119 comm="syz.0.684" path="socket:[14352]" dev="sockfs" ino=14352 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 127.051536][ T28] audit: type=1400 audit(1775769885.081:766): avc: denied { setopt } for pid=6123 comm="syz.4.686" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 127.224538][ T6133] veth1_to_bond: entered allmulticast mode [ 127.417019][ T6132] veth1_to_bond: left allmulticast mode [ 127.623346][ T6158] syzkaller0: entered promiscuous mode [ 127.660367][ T6158] syzkaller0: entered allmulticast mode [ 127.821478][ T6163] netlink: 16 bytes leftover after parsing attributes in process `syz.0.699'. [ 128.269974][ T6174] loop4: detected capacity change from 0 to 1024 [ 128.293804][ T6174] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 128.302798][ T6174] System zones: 0-1, 3-36 [ 128.312366][ T6174] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.704: bad orphan inode 134217728 [ 128.324105][ T6174] loop4: lost filesystem error report for type 5 error -117 [ 128.327106][ T6174] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.512155][ T6194] loop1: detected capacity change from 0 to 4096 [ 128.520276][ T6194] EXT4-fs: Ignoring removed bh option [ 128.537821][ T6194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.557575][ T6194] tipc: Enabled bearer , priority 0 [ 128.606511][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.984994][ T6204] capability: warning: `syz.3.709' uses deprecated v2 capabilities in a way that may be insecure [ 129.986125][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.000272][ T6215] loop1: detected capacity change from 0 to 512 [ 130.042247][ T6215] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.060481][ T6215] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.244111][ T6229] loop4: detected capacity change from 0 to 512 [ 130.275671][ T6229] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #12: comm syz.4.715: missing EA_INODE flag [ 130.287351][ T6229] loop4: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117 [ 130.287638][ T6229] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.715: error while reading EA inode 12 err=-117 [ 130.296827][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 130.296854][ C0] EXT4-fs (loop4): initial error at time 1775769888: ext4_xattr_inode_iget:441: inode 12 [ 130.296879][ C0] EXT4-fs (loop4): last error at time 1775769888: ext4_xattr_inode_iget:441: inode 12 [ 130.335166][ T6229] loop4: lost filesystem error report for type 5 error -117 [ 130.336750][ T6229] EXT4-fs (loop4): 1 orphan inode deleted [ 130.350489][ T6229] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.684878][ T6215] netlink: 4 bytes leftover after parsing attributes in process `syz.1.714'. [ 130.791495][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.907028][ T6258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.723'. [ 131.929886][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.997539][ T6267] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.004706][ T6267] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.069090][ T6267] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 132.079565][ T6267] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.099354][ T6267] tipc: Resetting bearer [ 132.182970][ T6258] bond2: option lacp_active: invalid value (5) [ 132.205516][ T6258] bond2 (unregistering): Released all slaves [ 132.243573][ T4001] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.282692][ T4001] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.295063][ T4001] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.303939][ T6282] syzkaller0: entered promiscuous mode [ 132.309542][ T6282] syzkaller0: entered allmulticast mode [ 132.327741][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.730'. [ 132.338334][ T4001] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.348604][ T6293] syzkaller0: entered promiscuous mode [ 132.354327][ T6293] syzkaller0: entered allmulticast mode [ 132.391076][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.730'. [ 132.413654][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 132.413666][ T28] audit: type=1400 audit(1775769890.501:773): avc: denied { read } for pid=6298 comm="syz.5.733" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 132.452651][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.731'. [ 132.666415][ T28] audit: type=1400 audit(1775769890.761:774): avc: denied { ioctl } for pid=6306 comm="syz.3.735" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=14301 ioctlcmd=0x5868 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 132.712755][ T6309] netlink: 'syz.4.736': attribute type 1 has an invalid length. [ 132.753521][ T28] audit: type=1400 audit(1775769890.841:775): avc: denied { remount } for pid=6310 comm="syz.0.737" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 132.789486][ T6309] bond3: entered promiscuous mode [ 132.794830][ T6315] netlink: 28 bytes leftover after parsing attributes in process `syz.4.736'. [ 132.826332][ T6309] 8021q: adding VLAN 0 to HW filter on device bond3 [ 133.004958][ T6315] bond3: entered allmulticast mode [ 133.019069][ T6309] bond3: (slave bridge2): making interface the new active one [ 133.027557][ T6309] bridge2: entered promiscuous mode [ 133.051284][ T6309] bridge2: entered allmulticast mode [ 133.077847][ T6309] bond3: (slave bridge2): Enslaving as an active interface with an up link [ 133.094753][ T6331] loop1: detected capacity change from 0 to 256 [ 133.161800][ T6331] FAT-fs (loop1): Directory bread(block 64) failed [ 133.168613][ T6331] FAT-fs (loop1): Directory bread(block 65) failed [ 133.175218][ T6331] FAT-fs (loop1): Directory bread(block 66) failed [ 133.181877][ T6331] FAT-fs (loop1): Directory bread(block 67) failed [ 133.188466][ T6331] FAT-fs (loop1): Directory bread(block 68) failed [ 133.195093][ T6331] FAT-fs (loop1): Directory bread(block 69) failed [ 133.201879][ T6331] FAT-fs (loop1): Directory bread(block 70) failed [ 133.208525][ T6331] FAT-fs (loop1): Directory bread(block 71) failed [ 133.215098][ T6331] FAT-fs (loop1): Directory bread(block 72) failed [ 133.221629][ T6331] FAT-fs (loop1): Directory bread(block 73) failed [ 133.278727][ T6331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'. [ 133.287848][ T6331] netlink: 2 bytes leftover after parsing attributes in process `syz.1.740'. [ 133.296969][ T6331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'. [ 133.306294][ T6331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.740'. [ 134.075539][ T6338] tipc: Enabling of bearer rejected, failed to enable media [ 134.327950][ T28] audit: type=1400 audit(1775769892.411:776): avc: denied { setopt } for pid=6346 comm="syz.4.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 134.963222][ T6364] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6364 comm=syz.1.749 [ 134.979324][ T6359] netlink: 'syz.4.748': attribute type 4 has an invalid length. [ 135.062105][ T6359] .`: renamed from bond0 (while UP) [ 135.166243][ T28] audit: type=1400 audit(1775769893.261:777): avc: denied { bind } for pid=6367 comm="syz.4.752" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 135.187241][ T6368] loop4: detected capacity change from 0 to 2048 [ 135.194200][ T6368] EXT4-fs: Ignoring removed i_version option [ 135.232368][ T6368] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.244684][ T6368] ext4 filesystem being mounted at /151/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.270198][ T6368] netlink: zone id is out of range [ 135.275947][ T6368] netlink: zone id is out of range [ 135.281574][ T6368] netlink: zone id is out of range [ 135.287674][ T6368] netlink: zone id is out of range [ 135.293120][ T6368] netlink: zone id is out of range [ 135.300061][ T6368] netlink: zone id is out of range [ 135.305745][ T6368] netlink: zone id is out of range [ 135.311279][ T6368] netlink: zone id is out of range [ 135.316919][ T6368] netlink: zone id is out of range [ 135.322636][ T6368] netlink: zone id is out of range [ 135.369115][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.436513][ T28] audit: type=1400 audit(1775769893.531:778): avc: denied { read write } for pid=6376 comm="syz.4.755" name="rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 135.463163][ T28] audit: type=1400 audit(1775769893.531:779): avc: denied { open } for pid=6376 comm="syz.4.755" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=251 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 135.647608][ T28] audit: type=1400 audit(1775769893.741:780): avc: denied { mount } for pid=6389 comm="syz.3.760" name="/" dev="configfs" ino=41 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 135.703989][ T6393] syzkaller0: entered promiscuous mode [ 135.710049][ T6393] syzkaller0: entered allmulticast mode [ 135.818606][ T6406] loop5: detected capacity change from 0 to 512 [ 135.837173][ T6406] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.961012][ T6406] ext4 filesystem being mounted at /121/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 136.994113][ T3705] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.041242][ T6433] syzkaller0: entered promiscuous mode [ 137.046841][ T28] audit: type=1400 audit(1775769895.131:781): avc: denied { ioctl } for pid=6432 comm="syz.4.774" path="socket:[15593]" dev="sockfs" ino=15593 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 137.062239][ T6433] syzkaller0: entered allmulticast mode [ 137.109109][ T6431] syzkaller0: entered promiscuous mode [ 137.114818][ T6431] syzkaller0: entered allmulticast mode [ 137.166162][ T6442] loop1: detected capacity change from 0 to 128 [ 137.196508][ T28] audit: type=1326 audit(1775769895.291:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6441 comm="syz.1.777" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f925967c819 code=0x7ffc0000 [ 137.241649][ T6445] netlink: 'syz.4.778': attribute type 39 has an invalid length. [ 137.283203][ T6447] loop5: detected capacity change from 0 to 128 [ 137.782896][ T3988] bio_check_eod: 7894 callbacks suppressed [ 137.782911][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.782911][ T3988] loop5: rw=1, sector=153, nr_sectors = 8 limit=128 [ 137.802774][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.802774][ T3988] loop5: rw=1, sector=169, nr_sectors = 8 limit=128 [ 137.817680][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.817680][ T3988] loop5: rw=1, sector=185, nr_sectors = 8 limit=128 [ 137.831564][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.831564][ T3988] loop5: rw=1, sector=201, nr_sectors = 8 limit=128 [ 137.845389][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.845389][ T3988] loop5: rw=1, sector=217, nr_sectors = 8 limit=128 [ 137.859011][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.859011][ T3988] loop5: rw=1, sector=233, nr_sectors = 8 limit=128 [ 137.872750][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.872750][ T3988] loop5: rw=1, sector=249, nr_sectors = 8 limit=128 [ 137.886493][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.886493][ T3988] loop5: rw=1, sector=265, nr_sectors = 8 limit=128 [ 137.900291][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.900291][ T3988] loop5: rw=1, sector=281, nr_sectors = 8 limit=128 [ 137.914221][ T3988] kworker/u8:13: attempt to access beyond end of device [ 137.914221][ T3988] loop5: rw=1, sector=297, nr_sectors = 8 limit=128 [ 138.307348][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 138.307362][ T28] audit: type=1400 audit(1775769896.381:796): avc: denied { read write } for pid=6455 comm="syz.5.782" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 138.359805][ T6464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.391570][ T6464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.574194][ T28] audit: type=1400 audit(1775769896.391:797): avc: denied { open } for pid=6455 comm="syz.5.782" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 139.666205][ T28] audit: type=1400 audit(1775769896.391:798): avc: denied { ioctl } for pid=6455 comm="syz.5.782" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 139.835427][ T6481] loop4: detected capacity change from 0 to 128 [ 139.973347][ T28] audit: type=1326 audit(1775769898.011:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 140.079115][ T28] audit: type=1326 audit(1775769898.021:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 140.180604][ T28] audit: type=1326 audit(1775769898.031:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 140.217009][ T6482] loop1: detected capacity change from 0 to 512 [ 140.254615][ T28] audit: type=1326 audit(1775769898.031:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 140.293929][ T6482] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 140.318730][ T28] audit: type=1326 audit(1775769898.031:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 140.342001][ T28] audit: type=1326 audit(1775769898.041:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd6bf5ed04e code=0x7ffc0000 [ 140.365705][ T28] audit: type=1326 audit(1775769898.051:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6480 comm="syz.4.791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd6bf5ed04e code=0x7ffc0000 [ 140.376927][ T6482] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.790: bg 0: block 288: padding at end of block bitmap is not set [ 140.405999][ T6482] loop1: lost filesystem error report for type 5 error -117 [ 140.413330][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 140.427106][ C1] EXT4-fs (loop1): initial error at time 1775769898: ext4_validate_block_bitmap:441 [ 140.436512][ C1] EXT4-fs (loop1): last error at time 1775769898: ext4_validate_block_bitmap:441 [ 140.447001][ T6482] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 140.456844][ T6482] loop1: lost filesystem error report for type 5 error -117 [ 140.460178][ T6482] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.790: attempt to clear invalid blocks 1024 len 1 [ 140.501745][ T6482] loop1: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 140.506289][ T6482] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.790: invalid indirect mapped block 1819239214 (level 0) [ 140.540226][ T6482] loop1: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 140.542781][ T6482] EXT4-fs (loop1): 1 truncate cleaned up [ 140.567021][ T6482] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.898743][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.769467][ T6519] tipc: Enabled bearer , priority 0 [ 141.782807][ T6519] syzkaller0: entered promiscuous mode [ 141.788527][ T6519] syzkaller0: entered allmulticast mode [ 141.828556][ T6519] tipc: Resetting bearer [ 141.924332][ T6518] tipc: Resetting bearer [ 141.931825][ T6518] tipc: Disabling bearer [ 142.996194][ T6556] __nla_validate_parse: 32 callbacks suppressed [ 142.996244][ T6556] netlink: 20 bytes leftover after parsing attributes in process `syz.0.810'. [ 143.341050][ T28] kauditd_printk_skb: 62 callbacks suppressed [ 143.341062][ T28] audit: type=1326 audit(1775769901.431:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6539 comm="syz.4.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 143.432354][ T28] audit: type=1326 audit(1775769901.471:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6539 comm="syz.4.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 143.445611][ T6559] netlink: 'syz.1.812': attribute type 4 has an invalid length. [ 143.543655][ T6559] netlink: 152 bytes leftover after parsing attributes in process `syz.1.812'. [ 143.572837][ T28] audit: type=1326 audit(1775769901.661:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6539 comm="syz.4.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 143.787610][ T28] audit: type=1326 audit(1775769901.691:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6539 comm="syz.4.809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fd6bf62c819 code=0x7ffc0000 [ 143.844469][ T6559] .`: renamed from bond0 (while UP) [ 143.908486][ T6564] netlink: 24 bytes leftover after parsing attributes in process `syz.4.813'. [ 144.112288][ T6572] netlink: 'syz.4.816': attribute type 1 has an invalid length. [ 144.130641][ T6572] netlink: 'syz.4.816': attribute type 2 has an invalid length. [ 144.142619][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.816'. [ 144.239427][ T6580] syzkaller0: entered promiscuous mode [ 144.264945][ T6580] net_ratelimit: 120 callbacks suppressed [ 144.265034][ T6580] 0: reclassify loop, rule prio 0, protocol 800 [ 144.375928][ T28] audit: type=1400 audit(1775769902.471:872): avc: denied { write } for pid=6587 comm="syz.4.831" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 144.449406][ T28] audit: type=1400 audit(1775769902.471:873): avc: denied { open } for pid=6587 comm="syz.4.831" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 144.505225][ T28] audit: type=1400 audit(1775769902.501:874): avc: denied { ioctl } for pid=6587 comm="syz.4.831" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 144.968236][ T28] audit: type=1326 audit(1775769903.061:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6593 comm="syz.0.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 145.031494][ T28] audit: type=1326 audit(1775769903.061:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6593 comm="syz.0.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 145.109218][ T28] audit: type=1326 audit(1775769903.061:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6593 comm="syz.0.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 145.263939][ T6602] syzkaller0: entered promiscuous mode [ 145.273509][ T6602] syzkaller0: entered allmulticast mode [ 145.486322][ T6604] loop4: detected capacity change from 0 to 1024 [ 145.511191][ T6604] EXT4-fs: Ignoring removed mblk_io_submit option [ 145.529732][ T6604] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 145.558355][ T6604] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.255121][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.413973][ T6627] netlink: zone id is out of range [ 146.419285][ T6627] netlink: zone id is out of range [ 146.426466][ T6627] netlink: zone id is out of range [ 146.431765][ T6627] netlink: zone id is out of range [ 146.443537][ T6627] netlink: zone id is out of range [ 146.449138][ T6627] netlink: zone id is out of range [ 146.454846][ T6627] netlink: zone id is out of range [ 146.477778][ T6627] netlink: zone id is out of range [ 146.503133][ T6627] netlink: zone id is out of range [ 146.930417][ T6618] syz.4.833 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 146.944631][ T6618] CPU: 0 UID: 0 PID: 6618 Comm: syz.4.833 Tainted: G W syzkaller #0 PREEMPT(full) [ 146.944662][ T6618] Tainted: [W]=WARN [ 146.944669][ T6618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 146.944680][ T6618] Call Trace: [ 146.944686][ T6618] [ 146.944695][ T6618] __dump_stack+0x1d/0x30 [ 146.944756][ T6618] dump_stack_lvl+0x95/0xd0 [ 146.944783][ T6618] dump_stack+0x15/0x1b [ 146.944855][ T6618] dump_header+0x80/0x240 [ 146.944883][ T6618] oom_kill_process+0x295/0x350 [ 146.944905][ T6618] out_of_memory+0x97d/0xb80 [ 146.944998][ T6618] try_charge_memcg+0x62e/0xa10 [ 146.945099][ T6618] obj_cgroup_charge_pages+0x23/0xc0 [ 146.945130][ T6618] __memcg_kmem_charge_page+0x9e/0x170 [ 146.945165][ T6618] __alloc_frozen_pages_noprof+0x18a/0x360 [ 146.945202][ T6618] alloc_pages_mpol+0xb3/0x260 [ 146.945233][ T6618] alloc_pages_noprof+0x8f/0x140 [ 146.945396][ T6618] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 146.945434][ T6618] __kvmalloc_node_noprof+0x3d4/0x650 [ 146.945512][ T6618] ? futex_hash_allocate+0x190/0x9d0 [ 146.945613][ T6618] ? futex_hash_allocate+0x190/0x9d0 [ 146.945645][ T6618] futex_hash_allocate+0x190/0x9d0 [ 146.945679][ T6618] ? cap_task_prctl+0x13f/0x6e0 [ 146.945787][ T6618] futex_hash_prctl+0xd8/0xf0 [ 146.945813][ T6618] __se_sys_prctl+0xa3d/0x13f0 [ 146.945841][ T6618] __x64_sys_prctl+0x67/0x80 [ 146.945869][ T6618] x64_sys_call+0x2533/0x3020 [ 146.946034][ T6618] do_syscall_64+0x12c/0x370 [ 146.946062][ T6618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.946087][ T6618] RIP: 0033:0x7fd6bf62c819 [ 146.946111][ T6618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 146.946131][ T6618] RSP: 002b:00007fd6be087028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 146.946188][ T6618] RAX: ffffffffffffffda RBX: 00007fd6bf8a5fa0 RCX: 00007fd6bf62c819 [ 146.946201][ T6618] RDX: 0000000001000000 RSI: 0000000000000001 RDI: 000000000000004e [ 146.946216][ T6618] RBP: 00007fd6bf6c2c91 R08: 0000000000000000 R09: 0000000000000000 [ 146.946231][ T6618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 146.946245][ T6618] R13: 00007fd6bf8a6038 R14: 00007fd6bf8a5fa0 R15: 00007ffda9b77d68 [ 146.946267][ T6618] [ 146.946274][ T6618] memory: usage 307196kB, limit 307200kB, failcnt 1776 [ 147.188802][ T6618] memory+swap: usage 84344kB, limit 9007199254740988kB, failcnt 0 [ 147.196667][ T6618] kmem: usage 79316kB, limit 9007199254740988kB, failcnt 0 [ 147.203980][ T6618] Memory cgroup stats for /syz4: [ 147.204259][ T6618] cache 155648 [ 147.212611][ T6618] rss 114688 [ 147.215886][ T6618] shmem 0 [ 147.218907][ T6618] mapped_file 65536 [ 147.222698][ T6618] dirty 0 [ 147.225650][ T6618] writeback 0 [ 147.228932][ T6618] workingset_refault_anon 1835 [ 147.258585][ T6636] syzkaller0: entered promiscuous mode [ 147.293452][ T6636] syzkaller0: entered allmulticast mode [ 147.310348][ T6618] workingset_refault_file 2523 [ 147.339219][ T6618] swap 4870144 [ 147.342839][ T6618] swapcached 28082176 [ 147.355337][ T6618] pgpgin 160265 [ 147.358933][ T6618] pgpgout 160197 [ 147.369568][ T6618] pgfault 157640 [ 147.381550][ T6618] pgmajfault 337 [ 147.514072][ T6618] inactive_anon 12288 [ 147.524678][ T6618] active_anon 102400 [ 147.592609][ T6618] inactive_file 98304 [ 147.653070][ T6618] active_file 65536 [ 147.682374][ T6618] unevictable 0 [ 147.703686][ T6618] hierarchical_memory_limit 314572800 [ 147.745686][ T6618] hierarchical_memsw_limit 9223372036854771712 [ 147.773597][ T6618] total_cache 155648 [ 147.777582][ T6618] total_rss 114688 [ 147.781435][ T6618] total_shmem 0 [ 147.785017][ T6618] total_mapped_file 65536 [ 147.789427][ T6618] total_dirty 0 [ 147.792935][ T6618] total_writeback 0 [ 147.796827][ T6618] total_workingset_refault_anon 1835 [ 147.802277][ T6618] total_workingset_refault_file 2523 [ 147.807648][ T6618] total_swap 4870144 [ 147.811621][ T6618] total_swapcached 28082176 [ 147.816185][ T6618] total_pgpgin 160265 [ 147.820255][ T6618] total_pgpgout 160197 [ 147.824569][ T6618] total_pgfault 157640 [ 147.828718][ T6618] total_pgmajfault 337 [ 147.833030][ T6618] total_inactive_anon 12288 [ 147.837595][ T6618] total_active_anon 102400 [ 147.842044][ T6618] total_inactive_file 98304 [ 147.846634][ T6618] total_active_file 65536 [ 147.851033][ T6618] total_unevictable 0 [ 147.856449][ T6618] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.833,pid=6617,uid=0 [ 147.871570][ T6618] Memory cgroup out of memory: Killed process 6618 (syz.4.833) total-vm:96080kB, anon-rss:1336kB, file-rss:22364kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 148.010753][ T6646] loop1: detected capacity change from 0 to 1024 [ 148.031167][ T6646] EXT4-fs: Ignoring removed mblk_io_submit option [ 148.070950][ T6647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.841'. [ 148.085358][ T6646] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 148.097673][ T6646] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 148.206538][ T6646] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.843: bg 0: block 112: padding at end of block bitmap is not set [ 148.342673][ T6667] netlink: 'syz.0.848': attribute type 4 has an invalid length. [ 148.350918][ T6667] netlink: 'syz.0.848': attribute type 4 has an invalid length. [ 148.361977][ T6667] netlink: 'syz.0.848': attribute type 4 has an invalid length. [ 148.546103][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 148.625797][ T6677] loop5: detected capacity change from 0 to 256 [ 149.986061][ T6687] syz.5.853 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 150.000188][ T6687] CPU: 0 UID: 0 PID: 6687 Comm: syz.5.853 Tainted: G W syzkaller #0 PREEMPT(full) [ 150.000209][ T6687] Tainted: [W]=WARN [ 150.000212][ T6687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 150.000220][ T6687] Call Trace: [ 150.000225][ T6687] [ 150.000230][ T6687] __dump_stack+0x1d/0x30 [ 150.000250][ T6687] dump_stack_lvl+0x95/0xd0 [ 150.000264][ T6687] dump_stack+0x15/0x1b [ 150.000276][ T6687] dump_header+0x80/0x240 [ 150.000347][ T6687] oom_kill_process+0x295/0x350 [ 150.000361][ T6687] out_of_memory+0x97d/0xb80 [ 150.000421][ T6687] try_charge_memcg+0x62e/0xa10 [ 150.000481][ T6687] obj_cgroup_charge_pages+0x23/0xc0 [ 150.000498][ T6687] __memcg_kmem_charge_page+0x9e/0x170 [ 150.000514][ T6687] __alloc_frozen_pages_noprof+0x18a/0x360 [ 150.000532][ T6687] alloc_pages_mpol+0xb3/0x260 [ 150.000577][ T6687] alloc_pages_noprof+0x8f/0x140 [ 150.000594][ T6687] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 150.000614][ T6687] __kvmalloc_node_noprof+0x3d4/0x650 [ 150.000678][ T6687] ? futex_hash_allocate+0x190/0x9d0 [ 150.000695][ T6687] ? futex_hash_allocate+0x190/0x9d0 [ 150.000735][ T6687] futex_hash_allocate+0x190/0x9d0 [ 150.000751][ T6687] ? cap_task_prctl+0x13f/0x6e0 [ 150.000775][ T6687] futex_hash_prctl+0xd8/0xf0 [ 150.000820][ T6687] __se_sys_prctl+0xa3d/0x13f0 [ 150.000837][ T6687] __x64_sys_prctl+0x67/0x80 [ 150.000852][ T6687] x64_sys_call+0x2533/0x3020 [ 150.001008][ T6687] do_syscall_64+0x12c/0x370 [ 150.001024][ T6687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.001038][ T6687] RIP: 0033:0x7f2d6479c819 [ 150.001048][ T6687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 150.001058][ T6687] RSP: 002b:00007f2d631f7028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 150.001118][ T6687] RAX: ffffffffffffffda RBX: 00007f2d64a15fa0 RCX: 00007f2d6479c819 [ 150.001126][ T6687] RDX: 0000000001000000 RSI: 0000000000000001 RDI: 000000000000004e [ 150.001134][ T6687] RBP: 00007f2d64832c91 R08: 0000000000000000 R09: 0000000000000000 [ 150.001141][ T6687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.001149][ T6687] R13: 00007f2d64a16038 R14: 00007f2d64a15fa0 R15: 00007ffd683c92c8 [ 150.001165][ T6687] [ 150.001169][ T6687] memory: usage 307200kB, limit 307200kB, failcnt 173 [ 150.241132][ T6687] memory+swap: usage 311696kB, limit 9007199254740988kB, failcnt 0 [ 150.250592][ T6687] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0 [ 150.273547][ T6687] Memory cgroup stats for /syz5: [ 150.273810][ T6687] cache 0 [ 150.291981][ T6687] rss 4096 [ 150.295503][ T6687] shmem 0 [ 150.298432][ T6687] mapped_file 0 [ 150.301873][ T6687] dirty 0 [ 150.319373][ T6687] writeback 0 [ 150.322735][ T6687] workingset_refault_anon 1550 [ 150.333367][ T6687] workingset_refault_file 0 [ 150.348197][ T6687] swap 4603904 [ 150.351584][ T6687] swapcached 15568896 [ 150.383212][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 150.383226][ T28] audit: type=1326 audit(1775769908.471:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 150.422971][ T6687] pgpgin 146494 [ 150.426711][ T6687] pgpgout 146492 [ 150.430271][ T6687] pgfault 150650 [ 150.437449][ T6687] pgmajfault 211 [ 150.441019][ T6687] inactive_anon 4096 [ 150.453418][ T28] audit: type=1326 audit(1775769908.511:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 150.477580][ T6687] active_anon 4096 [ 150.481491][ T6687] inactive_file 0 [ 150.534015][ T6687] active_file 0 [ 150.550995][ T6687] unevictable 0 [ 150.557892][ T28] audit: type=1326 audit(1775769908.511:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 150.588790][ T6703] loop4: detected capacity change from 0 to 256 [ 150.691846][ T6687] hierarchical_memory_limit 314572800 [ 150.709607][ T6703] FAT-fs (loop4): Directory bread(block 64) failed [ 150.716304][ T6703] FAT-fs (loop4): Directory bread(block 65) failed [ 150.722891][ T6703] FAT-fs (loop4): Directory bread(block 66) failed [ 150.729531][ T6703] FAT-fs (loop4): Directory bread(block 67) failed [ 150.736331][ T6703] FAT-fs (loop4): Directory bread(block 68) failed [ 150.742848][ T6703] FAT-fs (loop4): Directory bread(block 69) failed [ 150.749409][ T6703] FAT-fs (loop4): Directory bread(block 70) failed [ 150.755990][ T6703] FAT-fs (loop4): Directory bread(block 71) failed [ 150.762571][ T6703] FAT-fs (loop4): Directory bread(block 72) failed [ 150.769130][ T6703] FAT-fs (loop4): Directory bread(block 73) failed [ 150.807269][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.816252][ T6702] netlink: 2 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.825801][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.834824][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.843816][ T6702] netlink: 2 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.852822][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.861752][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.870775][ T6702] netlink: 2 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.879888][ T6702] netlink: 28 bytes leftover after parsing attributes in process `syz.4.855'. [ 150.946973][ T6687] hierarchical_memsw_limit 9223372036854771712 [ 150.999250][ T6687] total_cache 0 [ 151.023715][ T6687] total_rss 4096 [ 151.043602][ T6687] total_shmem 0 [ 151.066828][ T28] audit: type=1326 audit(1775769908.511:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 151.257263][ T6687] total_mapped_file 0 [ 151.279353][ T6687] total_dirty 0 [ 151.282847][ T6687] total_writeback 0 [ 151.323030][ T6687] total_workingset_refault_anon 1550 [ 151.332185][ T6705] syzkaller0: entered promiscuous mode [ 151.341762][ T6687] total_workingset_refault_file 0 [ 151.353438][ T28] audit: type=1326 audit(1775769908.511:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 151.376869][ T6705] syzkaller0: entered allmulticast mode [ 151.391933][ T6687] total_swap 4603904 [ 151.396150][ T6687] total_swapcached 15568896 [ 151.400655][ T6687] total_pgpgin 146494 [ 151.429104][ T6687] total_pgpgout 146492 [ 151.451423][ T6687] total_pgfault 150650 [ 151.463547][ T28] audit: type=1326 audit(1775769908.511:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f342b73d04e code=0x7ffc0000 [ 151.486964][ T6687] total_pgmajfault 211 [ 151.491019][ T6687] total_inactive_anon 4096 [ 151.503543][ T6687] total_active_anon 4096 [ 151.510399][ T6687] total_inactive_file 0 [ 151.542982][ T6687] total_active_file 0 [ 151.573585][ T6687] total_unevictable 0 [ 151.583026][ T28] audit: type=1326 audit(1775769908.511:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f342b73d04e code=0x7ffc0000 [ 151.608392][ T6687] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.853,pid=6686,uid=0 [ 151.662772][ T6687] Memory cgroup out of memory: Killed process 6686 (syz.5.853) total-vm:96080kB, anon-rss:1228kB, file-rss:22340kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 151.701458][ T28] audit: type=1326 audit(1775769908.511:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f342b73d04e code=0x7ffc0000 [ 151.733557][ T6715] bond1: entered promiscuous mode [ 151.750573][ T6715] bond1: entered allmulticast mode [ 151.825435][ T28] audit: type=1326 audit(1775769908.511:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 151.886549][ T6721] pimreg: entered allmulticast mode [ 151.963766][ T28] audit: type=1326 audit(1775769908.511:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6694 comm="syz.3.854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f342b77c819 code=0x7ffc0000 [ 152.408284][ T6727] loop4: detected capacity change from 0 to 512 [ 152.433195][ T6727] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.869: invalid indirect mapped block 4294967295 (level 1) [ 152.457436][ T6727] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 152.457637][ T6727] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.869: invalid indirect mapped block 4294967295 (level 1) [ 152.466796][ C0] EXT4-fs (loop4): error count since last fsck: 1 [ 152.466816][ C0] EXT4-fs (loop4): initial error at time 1775769910: ext4_free_branches:1023: inode 11 [ 152.466851][ C0] EXT4-fs (loop4): last error at time 1775769910: ext4_free_branches:1023: inode 11 [ 152.506247][ T6727] loop4: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 152.507250][ T6727] EXT4-fs (loop4): 2 truncates cleaned up [ 152.523241][ T6727] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.173443][ T6744] __nla_validate_parse: 22 callbacks suppressed [ 154.173461][ T6744] netlink: 20 bytes leftover after parsing attributes in process `syz.1.880'. [ 154.386231][ T6729] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 154.496039][ T6744] tipc: Resetting bearer [ 154.517232][ T6744] .`: left promiscuous mode [ 154.522698][ T3978] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.557983][ T3978] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.585753][ T3978] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.615024][ T3978] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.639944][ T6727] pim6reg: entered allmulticast mode [ 154.651294][ T6727] pim6reg: left allmulticast mode [ 154.742739][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.847653][ T6748] netlink: 3036 bytes leftover after parsing attributes in process `syz.0.884'. [ 155.582247][ T6767] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 155.594713][ T28] kauditd_printk_skb: 155 callbacks suppressed [ 155.594787][ T28] audit: type=1400 audit(1775769913.691:1055): avc: denied { read } for pid=6765 comm="syz.1.876" dev="sockfs" ino=16120 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 155.604300][ T6764] loop5: detected capacity change from 0 to 128 [ 155.642002][ T28] audit: type=1400 audit(1775769913.721:1056): avc: denied { create } for pid=6766 comm="syz.0.888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 155.691381][ T28] audit: type=1400 audit(1775769913.731:1057): avc: denied { sys_admin } for pid=6766 comm="syz.0.888" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 155.800423][ T28] audit: type=1326 audit(1775769913.871:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 156.179888][ T6780] netlink: 52 bytes leftover after parsing attributes in process `syz.4.878'. [ 156.224113][ T6780] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.231228][ T6780] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.238578][ T6780] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.245620][ T6780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.419602][ T6782] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6782 comm=syz.4.878 [ 156.567756][ T6782] netlink: 52 bytes leftover after parsing attributes in process `syz.4.878'. [ 156.782526][ T28] audit: type=1326 audit(1775769913.881:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 156.805985][ T28] audit: type=1326 audit(1775769914.101:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 156.829270][ T28] audit: type=1326 audit(1775769914.101:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 156.921935][ T6784] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6784 comm=syz.0.894 [ 158.840075][ T6804] loop5: detected capacity change from 0 to 256 [ 158.864560][ T28] audit: type=1326 audit(1775769914.101:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 158.901056][ T6804] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 159.041711][ T28] audit: type=1326 audit(1775769914.101:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f2d6475d04e code=0x7ffc0000 [ 159.066870][ T6811] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008) [ 159.115595][ T6811] FAT-fs (loop5): Filesystem has been set read-only [ 159.141348][ T28] audit: type=1326 audit(1775769914.101:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6763 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f2d6475d04e code=0x7ffc0000 [ 159.186815][ T6811] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008) [ 159.428909][ T6817] loop1: detected capacity change from 0 to 512 [ 159.504894][ T6818] syzkaller0: entered promiscuous mode [ 159.515218][ T6817] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 159.558585][ T6818] syzkaller0: entered allmulticast mode [ 159.571695][ T6817] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 159.593645][ T6817] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 159.672201][ T6817] System zones: 0-2, 18-18, 34-35 [ 159.765982][ T6817] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.979794][ T6817] netlink: 'syz.1.901': attribute type 12 has an invalid length. [ 160.369212][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.520109][ T6838] IPVS: set_ctl: invalid protocol: 44 100.1.1.0:20002 [ 160.679192][ T6841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.898'. [ 160.703850][ T6838] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 161.239251][ T6852] loop5: detected capacity change from 0 to 512 [ 161.302346][ T6852] EXT4-fs: test_dummy_encryption option not supported [ 161.364603][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 161.364617][ T28] audit: type=1400 audit(1775769919.461:1088): avc: denied { create } for pid=6860 comm="syz.0.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 161.392090][ T6861] netlink: 'syz.0.905': attribute type 17 has an invalid length. [ 161.400006][ T6861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'. [ 161.416565][ T6861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.505789][ T6869] loop5: detected capacity change from 0 to 128 [ 161.572851][ T28] audit: type=1326 audit(1775769919.621:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 161.631693][ T28] audit: type=1326 audit(1775769919.621:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 161.632422][ T6867] loop1: detected capacity change from 0 to 128 [ 161.677628][ T28] audit: type=1326 audit(1775769919.641:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 161.704446][ T28] audit: type=1326 audit(1775769919.641:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 161.727922][ T28] audit: type=1326 audit(1775769919.641:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 161.751405][ T28] audit: type=1326 audit(1775769919.641:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f2d6475d04e code=0x7ffc0000 [ 162.082712][ T28] audit: type=1326 audit(1775769919.651:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f2d6475d04e code=0x7ffc0000 [ 162.131076][ T28] audit: type=1326 audit(1775769919.651:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f2d6475d04e code=0x7ffc0000 [ 162.169113][ T28] audit: type=1326 audit(1775769919.651:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6868 comm="syz.5.908" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6479c819 code=0x7ffc0000 [ 162.503539][ T62] bio_check_eod: 102 callbacks suppressed [ 162.503554][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.503554][ T62] loop1: rw=1, sector=153, nr_sectors = 8 limit=128 [ 162.553288][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.553288][ T62] loop1: rw=1, sector=169, nr_sectors = 8 limit=128 [ 162.557445][ T6884] netlink: 'syz.0.912': attribute type 4 has an invalid length. [ 162.567301][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.567301][ T62] loop1: rw=1, sector=185, nr_sectors = 8 limit=128 [ 162.567335][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.567335][ T62] loop1: rw=1, sector=201, nr_sectors = 8 limit=128 [ 162.567420][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.567420][ T62] loop1: rw=1, sector=217, nr_sectors = 8 limit=128 [ 162.593944][ T6884] netlink: 152 bytes leftover after parsing attributes in process `syz.0.912'. [ 162.616576][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.616576][ T62] loop1: rw=1, sector=233, nr_sectors = 8 limit=128 [ 162.616614][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.616614][ T62] loop1: rw=1, sector=249, nr_sectors = 8 limit=128 [ 162.652667][ T62] kworker/u8:5: attempt to access beyond end of device [ 162.652667][ T62] loop1: rw=1, sector=265, nr_sectors = 8 limit=128 [ 162.835843][ T6894] netlink: 4 bytes leftover after parsing attributes in process `syz.4.913'. [ 162.862134][ T6884] .`: renamed from bond0 (while UP) [ 163.947005][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.016033][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.927140][ T6917] syzkaller0: entered promiscuous mode [ 165.084217][ T6920] syzkaller0: entered promiscuous mode [ 165.089750][ T6920] syzkaller0: entered allmulticast mode [ 166.256694][ T6961] netlink: 20 bytes leftover after parsing attributes in process `syz.4.935'. [ 166.386110][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 166.386126][ T28] audit: type=1400 audit(1775769924.461:1115): avc: denied { mount } for pid=6959 comm="syz.4.935" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 166.422805][ T28] audit: type=1400 audit(1775769924.461:1116): avc: denied { remount } for pid=6959 comm="syz.4.935" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 166.423509][ T6960] netlink: 12 bytes leftover after parsing attributes in process `syz.3.934'. [ 166.443160][ T28] audit: type=1400 audit(1775769924.461:1117): avc: denied { unmount } for pid=6959 comm="syz.4.935" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 167.594625][ T6979] loop1: detected capacity change from 0 to 128 [ 167.609593][ T6979] FAT-fs (loop1): Directory bread(block 524322) failed [ 167.623180][ T6979] FAT-fs (loop1): Directory bread(block 524323) failed [ 167.643387][ T6979] FAT-fs (loop1): Directory bread(block 524324) failed [ 167.652726][ T28] audit: type=1400 audit(1775769925.741:1118): avc: denied { mount } for pid=6980 comm="syz.3.942" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 167.665203][ T6979] FAT-fs (loop1): Directory bread(block 524325) failed [ 167.747637][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.756612][ T6986] netlink: 2 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.766515][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.775513][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.784533][ T6986] netlink: 2 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.794046][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.802995][ T6986] netlink: 28 bytes leftover after parsing attributes in process `syz.0.939'. [ 167.811900][ T6986] netlink: 2 bytes leftover after parsing attributes in process `syz.0.939'. [ 168.600938][ T6979] FAT-fs (loop1): Directory bread(block 524326) failed [ 168.608160][ T6979] FAT-fs (loop1): Directory bread(block 524327) failed [ 168.615054][ T6979] FAT-fs (loop1): Directory bread(block 524328) failed [ 168.621909][ T6979] FAT-fs (loop1): Directory bread(block 524329) failed [ 168.668051][ T6979] FAT-fs (loop1): Directory bread(block 524322) failed [ 168.743409][ T6979] FAT-fs (loop1): Directory bread(block 524323) failed [ 169.305621][ T6993] loop4: detected capacity change from 0 to 512 [ 169.721194][ T6993] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.756163][ T28] audit: type=1400 audit(1775769927.831:1119): avc: denied { write } for pid=6983 comm="syz.4.943" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 170.338463][ T28] audit: type=1400 audit(1775769927.831:1120): avc: denied { open } for pid=6983 comm="syz.4.943" path="/192/file0/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 170.721046][ T28] audit: type=1400 audit(1775769927.881:1121): avc: denied { ioctl } for pid=6983 comm="syz.4.943" path="/192/file0/file1" dev="loop4" ino=15 ioctlcmd=0x662a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 171.189851][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.281329][ T7025] loop1: detected capacity change from 0 to 512 [ 171.292763][ T7017] loop5: detected capacity change from 0 to 512 [ 171.323865][ T7025] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.350691][ T7017] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 171.778016][ T7017] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.957: bg 0: block 288: padding at end of block bitmap is not set [ 171.813468][ T7017] loop5: lost filesystem error report for type 5 error -117 [ 171.814878][ T7017] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6685: Corrupt filesystem [ 171.833899][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 171.833965][ C0] EXT4-fs (loop5): initial error at time 1775769929: ext4_validate_block_bitmap:441 [ 171.834114][ C0] EXT4-fs (loop5): last error at time 1775769929: ext4_validate_block_bitmap:441 [ 171.862235][ T7017] loop5: lost filesystem error report for type 5 error -117 [ 171.866334][ T7017] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #13: comm syz.5.957: attempt to clear invalid blocks 1024 len 1 [ 171.887989][ T7017] loop5: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 171.890582][ T7017] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.957: invalid indirect mapped block 1819239214 (level 0) [ 171.915731][ T7017] loop5: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 171.918547][ T7017] EXT4-fs (loop5): 1 truncate cleaned up [ 171.943006][ T7017] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.056284][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.269449][ T28] audit: type=1326 audit(1775769930.361:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 172.426856][ T28] audit: type=1326 audit(1775769930.361:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 172.699751][ T28] audit: type=1326 audit(1775769930.361:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 172.896258][ T28] audit: type=1326 audit(1775769930.361:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 173.159377][ T28] audit: type=1326 audit(1775769930.361:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 173.211860][ T7050] netlink: 'syz.0.959': attribute type 12 has an invalid length. [ 173.249461][ T3705] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.262877][ T28] audit: type=1326 audit(1775769930.361:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f971990d04e code=0x7ffc0000 [ 173.296580][ T7056] loop1: detected capacity change from 0 to 256 [ 173.318785][ T7056] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 173.364997][ T28] audit: type=1326 audit(1775769930.361:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f971990d04e code=0x7ffc0000 [ 173.388948][ T28] audit: type=1326 audit(1775769930.361:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f971990d04e code=0x7ffc0000 [ 173.469341][ T7056] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 173.507708][ T7056] FAT-fs (loop1): Filesystem has been set read-only [ 173.538152][ T28] audit: type=1326 audit(1775769930.361:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 173.623390][ T7056] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 173.657254][ T28] audit: type=1326 audit(1775769930.361:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7039 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f971994c819 code=0x7ffc0000 [ 173.894521][ T7070] netlink: 'syz.3.964': attribute type 1 has an invalid length. [ 173.922540][ T7070] 8021q: adding VLAN 0 to HW filter on device bond3 [ 173.963078][ T7075] loop4: detected capacity change from 0 to 512 [ 174.000715][ T7070] bond3: (slave ip6gretap1): making interface the new active one [ 174.010234][ T7070] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link [ 174.025170][ T7075] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 174.033417][ T7075] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2 [ 174.066483][ T7070] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7070 comm=syz.3.964 [ 174.083880][ T7075] EXT4-fs (loop4): 1 truncate cleaned up [ 174.096606][ T7075] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.209952][ T7089] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 174.236086][ T7082] syzkaller0: entered promiscuous mode [ 174.239132][ T7093] loop1: detected capacity change from 0 to 512 [ 174.241653][ T7082] syzkaller0: entered allmulticast mode [ 174.260087][ T7089] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=46724 sclass=netlink_xfrm_socket pid=7089 comm=syz.4.966 [ 174.320991][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.324526][ T7093] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.973: invalid indirect mapped block 4294967295 (level 1) [ 174.353454][ T7093] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 174.360350][ T7093] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.973: invalid indirect mapped block 4294967295 (level 1) [ 174.369596][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 174.369617][ C1] EXT4-fs (loop1): initial error at time 1775769932: ext4_free_branches:1023: inode 11 [ 174.369661][ C1] EXT4-fs (loop1): last error at time 1775769932: ext4_free_branches:1023: inode 11 [ 174.459435][ T7093] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 174.466448][ T7093] EXT4-fs (loop1): 2 truncates cleaned up [ 174.494316][ T7093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.766288][ T7109] tipc: Enabling of bearer rejected, failed to enable media [ 174.776776][ T7110] loop5: detected capacity change from 0 to 256 [ 174.910042][ T7110] loop5: detected capacity change from 0 to 764 [ 174.996424][ T7110] iso9660: Unknown parameter 'ÿ0xffffffffffffffff' [ 175.422436][ T7093] pim6reg: entered allmulticast mode [ 175.429810][ T7093] pim6reg: left allmulticast mode [ 175.518222][ T7127] blktrace: Concurrent blktraces are not allowed on loop10 [ 175.565334][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.940532][ T7141] loop1: detected capacity change from 0 to 1024 [ 175.964023][ T7141] EXT4-fs: Ignoring removed mblk_io_submit option [ 175.995002][ T7141] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 176.020378][ T7141] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.088852][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.293154][ T7158] lo: Caught tx_queue_len zero misconfig [ 177.834627][ T7179] __nla_validate_parse: 22 callbacks suppressed [ 177.834644][ T7179] netlink: 104 bytes leftover after parsing attributes in process `syz.3.998'. [ 178.150626][ T7178] loop1: detected capacity change from 0 to 1024 [ 178.327780][ T7178] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 178.415727][ T7178] System zones: 0-1, 3-36 [ 178.453721][ T7178] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz.1.997: bad orphan inode 134217728 [ 178.494229][ T7178] loop1: lost filesystem error report for type 5 error -117 [ 178.517530][ T7178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.881256][ T7180] netlink: 'syz.4.999': attribute type 10 has an invalid length. [ 179.098971][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.135660][ T7180] team0: Device vxcan1 is of different type [ 179.363621][ T7214] IPVS: set_ctl: invalid protocol: 44 100.1.1.0:20002 [ 179.468320][ T7215] loop5: detected capacity change from 0 to 128 [ 179.636537][ T7225] IPVS: set_ctl: invalid protocol: 44 100.1.1.0:20002 [ 180.268107][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.268107][ T3978] loop5: rw=1, sector=153, nr_sectors = 8 limit=128 [ 180.297249][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.297249][ T3978] loop5: rw=1, sector=169, nr_sectors = 8 limit=128 [ 180.311505][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.311505][ T3978] loop5: rw=1, sector=185, nr_sectors = 8 limit=128 [ 180.325166][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.325166][ T3978] loop5: rw=1, sector=201, nr_sectors = 8 limit=128 [ 180.383932][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.383932][ T3978] loop5: rw=1, sector=217, nr_sectors = 8 limit=128 [ 180.415727][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.415727][ T3978] loop5: rw=1, sector=233, nr_sectors = 8 limit=128 [ 180.429873][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.429873][ T3978] loop5: rw=1, sector=249, nr_sectors = 8 limit=128 [ 180.445375][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.445375][ T3978] loop5: rw=1, sector=265, nr_sectors = 8 limit=128 [ 180.459751][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.459751][ T3978] loop5: rw=1, sector=281, nr_sectors = 8 limit=128 [ 180.473660][ T3978] kworker/u8:9: attempt to access beyond end of device [ 180.473660][ T3978] loop5: rw=1, sector=297, nr_sectors = 8 limit=128 [ 180.489531][ T7241] netlink: 'syz.3.1017': attribute type 4 has an invalid length. [ 180.497781][ T7241] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1017'. [ 180.507590][ T7241] .`: renamed from bond0 [ 180.640699][ T7248] IPVS: set_ctl: invalid protocol: 44 100.1.1.0:20002 [ 180.674689][ T7252] syzkaller0: entered promiscuous mode [ 180.680317][ T7252] syzkaller0: entered allmulticast mode [ 180.733246][ T7243] loop5: detected capacity change from 0 to 1024 [ 180.771055][ T7243] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 180.789566][ T7243] System zones: 0-1, 3-36 [ 180.806572][ T7243] EXT4-fs error (device loop5): ext4_orphan_get:1423: comm syz.5.1014: bad orphan inode 134217728 [ 180.821291][ T7243] loop5: lost filesystem error report for type 5 error -117 [ 180.829637][ T7243] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.881265][ T7262] IPVS: set_ctl: invalid protocol: 44 100.1.1.0:20002 [ 181.214888][ T7243] ================================================================== [ 181.223000][ T7243] BUG: KCSAN: data-race in filemap_read / filemap_read [ 181.229865][ T7243] [ 181.232181][ T7243] write to 0xffff88811bf4fd68 of 8 bytes by task 7264 on cpu 1: [ 181.239818][ T7243] filemap_read+0x98d/0xa10 [ 181.244333][ T7243] generic_file_read_iter+0x79/0x330 [ 181.249622][ T7243] ext4_file_read_iter+0x1cc/0x290 [ 181.254747][ T7243] copy_splice_read+0x471/0x6c0 [ 181.259602][ T7243] splice_direct_to_actor+0x28f/0x670 [ 181.264977][ T7243] do_splice_direct+0x119/0x1a0 [ 181.269927][ T7243] do_sendfile+0x382/0x650 [ 181.274349][ T7243] __x64_sys_sendfile64+0x105/0x150 [ 181.279565][ T7243] x64_sys_call+0x2dc4/0x3020 [ 181.284259][ T7243] do_syscall_64+0x12c/0x370 [ 181.288870][ T7243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.294780][ T7243] [ 181.297115][ T7243] read to 0xffff88811bf4fd68 of 8 bytes by task 7243 on cpu 0: [ 181.304707][ T7243] filemap_read+0x6f/0xa10 [ 181.309149][ T7243] generic_file_read_iter+0x79/0x330 [ 181.314468][ T7243] ext4_file_read_iter+0x1cc/0x290 [ 181.319592][ T7243] copy_splice_read+0x471/0x6c0 [ 181.324455][ T7243] splice_direct_to_actor+0x28f/0x670 [ 181.329857][ T7243] do_splice_direct+0x119/0x1a0 [ 181.334719][ T7243] do_sendfile+0x382/0x650 [ 181.339154][ T7243] __x64_sys_sendfile64+0x105/0x150 [ 181.344374][ T7243] x64_sys_call+0x2dc4/0x3020 [ 181.349074][ T7243] do_syscall_64+0x12c/0x370 [ 181.353674][ T7243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.359582][ T7243] [ 181.361906][ T7243] value changed: 0x00000000000001bb -> 0x00000000000001bc [ 181.369095][ T7243] [ 181.371464][ T7243] Reported by Kernel Concurrency Sanitizer on: [ 181.377623][ T7243] CPU: 0 UID: 0 PID: 7243 Comm: syz.5.1014 Tainted: G W syzkaller #0 PREEMPT(full) [ 181.388498][ T7243] Tainted: [W]=WARN [ 181.392295][ T7243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 181.402354][ T7243] ================================================================== [ 181.454505][ T3705] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.