last executing test programs: 2.40664443s ago: executing program 3 (id=1153): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000180), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", ' \x00'}, 0x28) sendto$inet6(r1, &(0x7f0000000400)="830b77a3e02d11cf560d377488c7dd5093cf12fd24998a40", 0x18, 0x4000, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) recvfrom$inet6(r1, &(0x7f0000000300)=""/19, 0x13, 0x40000041, 0x0, 0x0) 2.39588516s ago: executing program 3 (id=1155): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = accept$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev}, 0x0) ioctl$sock_SIOCADDRT(r4, 0x890b, &(0x7f0000000140)={0x0, @ax25={0x3, @bcast, 0x3}, @tipc=@name={0x1e, 0x2, 0x3, {{0x40, 0x4}}}, @ethernet={0x1, @multicast}, 0x4, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000100)='sit0\x00', 0x0, 0x7, 0xba3}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r2, 0xc0709411, &(0x7f0000000600)={{0x0, 0xfffffffffffeffff, 0x8c, 0xa, 0xce, 0x1, 0xf5, 0x2, 0x2, 0x10000, 0x2, 0x1, 0x416451d2, 0x9, 0xe4}}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000000f80)={{r5, 0x0, 0x1, 0x152, 0x5, 0x7, 0x6, 0xffffff01, 0x1, 0x8, 0xe, 0x100000000, 0x4, 0xff8000000, 0x5}}) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000080)={r1, 0x13}, 0x8) 1.81883198s ago: executing program 1 (id=1177): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) connect$unix(r3, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x900, 0x0, 0x0) 1.81835512s ago: executing program 1 (id=1178): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r3, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r5, {0x7, 0xfff2}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 1.704213591s ago: executing program 1 (id=1182): creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3, 0x0, 0x485f}, 0x18) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@version_u}]}}) 1.594830953s ago: executing program 1 (id=1188): ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(0xffffffffffffffff, 0x40bc5311, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10) r2 = syz_io_uring_setup(0x254c, &(0x7f0000000000)={0x0, 0x7c87, 0x800, 0x0, 0x39}, &(0x7f0000000080), &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000900)={&(0x7f0000003000)={[{0x0, 0x0, 0x1}]}, 0x1, 0x3}, 0x1) io_uring_register$IORING_UNREGISTER_PBUF_RING(r2, 0x17, &(0x7f0000000f40)={0x0, 0x0, 0x3}, 0x1) 1.594489393s ago: executing program 1 (id=1189): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) 1.511357465s ago: executing program 3 (id=1191): perf_event_open(0x0, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000900)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="05"], 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) sendmsg$inet(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4040086) 1.459714396s ago: executing program 3 (id=1194): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) r2 = fsopen(&(0x7f0000000000)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) fchdir(r3) r4 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) ftruncate(r4, 0x2007ffb) sendfile(r4, r4, 0x0, 0x1000000201005) 1.020383443s ago: executing program 4 (id=1201): creat(&(0x7f0000000080)='./file0\x00', 0x248) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000ffff000000007200ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r3}, 0x10) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 974.841404ms ago: executing program 0 (id=1203): mkdir(&(0x7f0000000540)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffb, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = dup(r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) 969.180494ms ago: executing program 4 (id=1204): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket(0x11, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="02011400012918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}, {&(0x7f00000002c0)=ANY=[@ANYBLOB="f00000003900000427bd7000fcdbdf25b6758a293fd77079e5515337840ec80b4eaf8b"], 0xf0}], 0x2}, 0x0) 900.158185ms ago: executing program 4 (id=1205): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet_sctp(0x2, 0x5, 0x84) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f0000000240)=0x8) sendmsg$inet_sctp(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000640)="be", 0x1}], 0x1, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0x6, 0x4, 0x28, 0x200000b, r4}}], 0x20, 0x6044}, 0x6) 899.620145ms ago: executing program 2 (id=1206): bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x4, 0x4, 0x6, 0x0, 0x1, 0x40, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50) openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknod$loop(0x0, 0x600a, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c2c2b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 889.463175ms ago: executing program 0 (id=1207): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x2, {0x0, 0x0, 0x0, r2, {0xd, 0x6}, {}, {0x9, 0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x11}]}}]}, 0x3c}}, 0x0) 814.741747ms ago: executing program 2 (id=1208): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008800000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb, 0x6}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x655c, 0x2, 0x1ffffffe, 0x9, 0x800}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) 814.333027ms ago: executing program 4 (id=1209): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r5}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvfrom(r2, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0) 803.706277ms ago: executing program 0 (id=1210): socket$rds(0x15, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1d64, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2000000011000100000000000300000008000300", @ANYRES32=r2], 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x40) 779.309067ms ago: executing program 4 (id=1211): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000640)="980bcfe393059bae3f648ed47a483be27024e4dd506130bdfbcd2df1d38ec7fa1c341ccb083d3ff79d5bc4d28e2a61cc95e5c91b2b508136985bd117c1dff44ccbd4ab6f", 0x44}], 0x1) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) recvmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x4c2103a0) 718.619748ms ago: executing program 0 (id=1212): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x0, @local, @local, 0x7, 0x7, 0x202, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000600)={'syztnl1\x00', 0x0}) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000140)='&)\x00', 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r1, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x7fffffff, 0x73e7, 0x8}, 0x10) ioperm(0xad, 0x8, 0xfffffffffffff1bc) 718.275578ms ago: executing program 4 (id=1213): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) 717.984848ms ago: executing program 2 (id=1214): pipe2$9p(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) connect$pppl2tp(r2, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00', 0x200000}}}, 0x32) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x34000}], 0x1) 712.744078ms ago: executing program 3 (id=1215): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x8e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="630000004ec6"}) 707.815668ms ago: executing program 2 (id=1216): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={r0}) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r2, 0x0, 0x9}, 0x18) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8) close(r4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000640)="0a001c008e9381064e81f7a2db44b9b545c7910006007c09", 0x18}], 0x1}, 0x40008c4) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e3, &(0x7f0000000180)={r0, r5}) 642.757319ms ago: executing program 0 (id=1217): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x14120, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_config_ext={0xffffffffffffff80, 0x1}, 0x0, 0x0, 0xfffffffd, 0x3, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r0 = creat(&(0x7f0000000200)='./file1\x00', 0x12e) close(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x200000, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 642.396339ms ago: executing program 1 (id=1218): bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440), 0x10) listen(r1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) writev(r2, &(0x7f00000014c0)=[{&(0x7f0000000640)="98", 0x1}], 0x1) r3 = accept4$unix(r1, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x4c2103a0) 642.173559ms ago: executing program 2 (id=1219): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r4 = open(&(0x7f0000000200)='.\x00', 0x8000, 0x9722314c2dfe968) fcntl$notify(r4, 0x402, 0x8000003d) close_range(r3, r4, 0x0) 584.42817ms ago: executing program 2 (id=1220): r0 = creat(&(0x7f0000000080)='./file0\x00', 0xc7) close(r0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x8, r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 538.337641ms ago: executing program 3 (id=1221): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000006, 0x40032, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=1222): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r2 = accept(r0, 0x0, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000300)=0x20000000) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r3, &(0x7f0000000080), &(0x7f00000002c0)=@tcp=r2}, 0x20) recvmsg$can_bcm(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.073910][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.081958][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.114499][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.151997][ T3314] team0: Port device team_slave_0 added [ 36.174892][ T3309] team0: Port device team_slave_0 added [ 36.186519][ T3314] team0: Port device team_slave_1 added [ 36.198319][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.206011][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.232955][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.251034][ T3309] team0: Port device team_slave_1 added [ 36.260043][ T3308] hsr_slave_0: entered promiscuous mode [ 36.266776][ T3308] hsr_slave_1: entered promiscuous mode [ 36.278625][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.285899][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.312763][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.332210][ T3312] hsr_slave_0: entered promiscuous mode [ 36.338790][ T3312] hsr_slave_1: entered promiscuous mode [ 36.344949][ T3312] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 36.352807][ T3312] Cannot create hsr debugfs directory [ 36.364467][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.371631][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.398720][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.425427][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.432699][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.459902][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.477550][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.484995][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.511480][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.523107][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.530105][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 36.556425][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.593532][ T3319] hsr_slave_0: entered promiscuous mode [ 36.599829][ T3319] hsr_slave_1: entered promiscuous mode [ 36.605818][ T3319] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 36.613547][ T3319] Cannot create hsr debugfs directory [ 36.670395][ T3314] hsr_slave_0: entered promiscuous mode [ 36.677116][ T3314] hsr_slave_1: entered promiscuous mode [ 36.683223][ T3314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 36.690928][ T3314] Cannot create hsr debugfs directory [ 36.707180][ T3309] hsr_slave_0: entered promiscuous mode [ 36.713443][ T3309] hsr_slave_1: entered promiscuous mode [ 36.719380][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 36.727164][ T3309] Cannot create hsr debugfs directory [ 36.894086][ T3308] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 36.904868][ T3308] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 36.915666][ T3308] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 36.924642][ T3308] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 36.944396][ T3312] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 36.957993][ T3312] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 36.969171][ T3312] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 36.982831][ T3312] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 37.008773][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.018231][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.040368][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.052903][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.082854][ T3314] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.093564][ T3314] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.102493][ T3314] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.115630][ T3314] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.146270][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.155772][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.165431][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.174433][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.184609][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 37.222634][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.240871][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.248090][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.262932][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.283725][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.290843][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.328497][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.350638][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.357934][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.373177][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.388836][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.396124][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.410461][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.430313][ T3319] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.439446][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.448281][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.467141][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.474304][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.484543][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.492588][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.501690][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.509659][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.524551][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.534304][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.541449][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.579766][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.597586][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.604833][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.636370][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.643646][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.708609][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.742794][ T3308] veth0_vlan: entered promiscuous mode [ 37.750799][ T3308] veth1_vlan: entered promiscuous mode [ 37.794773][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.809018][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.824012][ T3308] veth0_macvtap: entered promiscuous mode [ 37.847149][ T3308] veth1_macvtap: entered promiscuous mode [ 37.871049][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.906611][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 37.936996][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 37.970305][ T3308] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.979364][ T3308] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.988202][ T3308] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 37.997378][ T3308] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.073700][ T3312] veth0_vlan: entered promiscuous mode [ 38.080299][ T3314] veth0_vlan: entered promiscuous mode [ 38.095617][ T3319] veth0_vlan: entered promiscuous mode [ 38.104489][ T3312] veth1_vlan: entered promiscuous mode [ 38.117371][ T3309] veth0_vlan: entered promiscuous mode [ 38.123853][ T3308] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.126821][ T3309] veth1_vlan: entered promiscuous mode [ 38.151951][ T3314] veth1_vlan: entered promiscuous mode [ 38.163911][ T3319] veth1_vlan: entered promiscuous mode [ 38.186639][ T3312] veth0_macvtap: entered promiscuous mode [ 38.210920][ T3309] veth0_macvtap: entered promiscuous mode [ 38.220432][ T3319] veth0_macvtap: entered promiscuous mode [ 38.228192][ T3312] veth1_macvtap: entered promiscuous mode [ 38.235773][ T3314] veth0_macvtap: entered promiscuous mode [ 38.248216][ T3309] veth1_macvtap: entered promiscuous mode [ 38.256641][ T3314] veth1_macvtap: entered promiscuous mode [ 38.264381][ T3319] veth1_macvtap: entered promiscuous mode [ 38.278060][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.292193][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.300418][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.310190][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.328793][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.337541][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.348101][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.365361][ T3314] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.374277][ T3314] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.383370][ T3314] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.392163][ T3314] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.404976][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.415751][ T3319] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.424690][ T3319] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.433554][ T3319] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.442454][ T3319] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.458969][ T3309] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.467884][ T3309] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.476704][ T3309] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.485476][ T3309] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.497797][ T3312] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.506700][ T3312] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.515513][ T3312] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.524400][ T3312] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.599548][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 38.599567][ T29] audit: type=1400 audit(1750083945.514:100): avc: denied { create } for pid=3484 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 38.627812][ T29] audit: type=1400 audit(1750083945.524:101): avc: denied { setopt } for pid=3484 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 38.782815][ T3485] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 38.805497][ T29] audit: type=1400 audit(1750083945.704:102): avc: denied { create } for pid=3484 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 38.897635][ T29] audit: type=1400 audit(1750083945.754:103): avc: denied { ioctl } for pid=3484 comm="syz.0.1" path="socket:[3753]" dev="sockfs" ino=3753 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 38.922398][ T29] audit: type=1400 audit(1750083945.754:104): avc: denied { bind } for pid=3484 comm="syz.0.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 38.958913][ T3491] capability: warning: `syz.1.2' uses deprecated v2 capabilities in a way that may be insecure [ 39.108765][ T29] audit: type=1400 audit(1750083946.014:105): avc: denied { create } for pid=3497 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 39.114958][ T3499] syzkaller1: entered promiscuous mode [ 39.135003][ T3499] syzkaller1: entered allmulticast mode [ 39.157226][ T3503] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.170407][ T29] audit: type=1400 audit(1750083946.064:106): avc: denied { bind } for pid=3502 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 39.190780][ T29] audit: type=1400 audit(1750083946.064:107): avc: denied { setopt } for pid=3502 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 39.211122][ T29] audit: type=1400 audit(1750083946.084:108): avc: denied { write } for pid=3497 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 39.303958][ T29] audit: type=1400 audit(1750083946.224:109): avc: denied { create } for pid=3509 comm="syz.4.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 39.304060][ T3510] IPv4: Oversized IP packet from 127.202.26.0 [ 39.364944][ T3512] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 39.386877][ T3512] Zero length message leads to an empty skb [ 39.491958][ T3515] syz.4.14 (3515) used greatest stack depth: 10720 bytes left [ 39.689784][ T3538] syz.3.26 (3538) used greatest stack depth: 10672 bytes left [ 39.851723][ T3564] ref_ctr increment failed for inode: 0x3a offset: 0x9 ref_ctr_offset: 0x82 of mm: 0xffff8881040d3f40 [ 39.863951][ T3567] Illegal XDP return value 1187892926 on prog (id 33) dev syz_tun, expect packet loss! [ 39.874828][ T3562] uprobe: syz.3.34:3562 failed to unregister, leaking uprobe [ 39.893956][ T3570] netlink: 96 bytes leftover after parsing attributes in process `syz.1.36'. [ 40.042878][ C1] hrtimer: interrupt took 58146 ns [ 40.212720][ T3589] loop4: detected capacity change from 0 to 1024 [ 40.224871][ T3589] ======================================================= [ 40.224871][ T3589] WARNING: The mand mount option has been deprecated and [ 40.224871][ T3589] and is ignored by this kernel. Remove the mand [ 40.224871][ T3589] option from the mount to silence this warning. [ 40.224871][ T3589] ======================================================= [ 40.277297][ T3589] EXT4-fs: inline encryption not supported [ 40.283746][ T3589] EXT4-fs: Ignoring removed bh option [ 40.310236][ T3589] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.354297][ T3589] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.45: Allocating blocks 497-513 which overlap fs metadata [ 40.369400][ T3589] EXT4-fs (loop4): Remounting filesystem read-only [ 40.379711][ T3589] syz.4.45 (3589) used greatest stack depth: 10376 bytes left [ 40.414918][ T3503] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.474042][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.545125][ T3613] loop1: detected capacity change from 0 to 256 [ 40.557273][ T3614] wg2: entered promiscuous mode [ 40.562372][ T3614] wg2: entered allmulticast mode [ 40.736206][ T3627] netlink: 4 bytes leftover after parsing attributes in process `syz.1.58'. [ 40.754052][ T3627] netlink: 4 bytes leftover after parsing attributes in process `syz.1.58'. [ 40.929684][ T3639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.64'. [ 40.944839][ T3641] netlink: '+}[@': attribute type 5 has an invalid length. [ 40.952244][ T3641] netlink: 152 bytes leftover after parsing attributes in process `+}[@'. [ 40.963842][ T3641] : renamed from bond0 (while UP) [ 41.042856][ T3639] syz.1.64 (3639) used greatest stack depth: 10192 bytes left [ 41.186077][ T3652] mmap: syz.1.69 (3652) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 41.320616][ T3656] loop3: detected capacity change from 0 to 2048 [ 41.346628][ T3656] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.401014][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.439907][ T3673] pim6reg1: entered promiscuous mode [ 41.445381][ T3673] pim6reg1: entered allmulticast mode [ 41.565175][ T3503] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.578889][ T3682] bond_slave_1: mtu less than device minimum [ 41.631180][ T3503] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.715500][ T3503] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.750394][ T3503] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.779612][ T3503] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.807062][ T3503] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.828194][ T3704] loop3: detected capacity change from 0 to 1024 [ 41.844972][ T3704] EXT4-fs: Ignoring removed orlov option [ 41.874782][ T3704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.955052][ T3704] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 41.995842][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.087704][ T3722] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3722 comm=syz.4.98 [ 42.100227][ T3722] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3722 comm=syz.4.98 [ 42.177580][ T3733] netlink: 96 bytes leftover after parsing attributes in process `syz.0.103'. [ 42.192736][ T3728] loop1: detected capacity change from 0 to 1024 [ 42.203494][ T3728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.333711][ T3741] loop0: detected capacity change from 0 to 1024 [ 42.343015][ T3741] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 42.354926][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.369449][ T3741] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 42.403080][ T3741] EXT4-fs error (device loop0): ext4_get_journal_inode:5796: inode #32: comm syz.0.106: iget: special inode unallocated [ 42.435444][ T3748] sg_write: data in/out 476/14 bytes for SCSI command 0x4-- guessing data in; [ 42.435444][ T3748] program syz.1.108 not setting count and/or reply_len properly [ 42.452755][ T3741] EXT4-fs (loop0): Remounting filesystem read-only [ 42.459452][ T3741] EXT4-fs (loop0): no journal found [ 42.464743][ T3741] EXT4-fs (loop0): can't get journal size [ 42.494850][ T3741] EXT4-fs (loop0): filesystem is read-only [ 42.501427][ T3741] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 42.518840][ T3754] capability: warning: `syz.3.112' uses 32-bit capabilities (legacy support in use) [ 42.606127][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.679974][ T3762] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.765354][ T3762] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.857378][ T3762] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 42.925633][ T3762] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.001010][ T3762] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.015218][ T3762] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.026549][ T3784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.123'. [ 43.030846][ T3762] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.054483][ T3762] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.063852][ T3784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.123'. [ 43.157811][ T3791] tipc: Started in network mode [ 43.163702][ T3791] tipc: Node identity 4, cluster identity 4711 [ 43.170831][ T3791] tipc: Node number set to 4 [ 43.302789][ T3800] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.346614][ T3800] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.396377][ T3800] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.456611][ T3800] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.505726][ T3820] pimreg: entered allmulticast mode [ 43.551286][ T3800] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.565573][ T3820] pimreg: left allmulticast mode [ 43.585871][ T3800] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.606430][ T3800] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.632545][ T29] kauditd_printk_skb: 461 callbacks suppressed [ 43.632564][ T29] audit: type=1400 audit(1750083950.554:571): avc: denied { create } for pid=3826 comm="syz.0.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 43.639685][ T3800] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.667723][ T3825] IPv6: Can't replace route, no match found [ 43.674993][ T29] audit: type=1400 audit(1750083950.594:572): avc: denied { connect } for pid=3826 comm="syz.0.135" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 43.718483][ T29] audit: type=1400 audit(1750083950.624:573): avc: denied { ioctl } for pid=3826 comm="syz.0.135" path="socket:[5115]" dev="sockfs" ino=5115 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 43.743564][ T29] audit: type=1400 audit(1750083950.624:574): avc: denied { write } for pid=3826 comm="syz.0.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 43.763179][ T29] audit: type=1400 audit(1750083950.624:575): avc: denied { write } for pid=3826 comm="syz.0.135" laddr=::1 lport=6 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 43.928244][ T3839] netlink: 180 bytes leftover after parsing attributes in process `syz.4.140'. [ 44.069955][ T3845] netlink: 8 bytes leftover after parsing attributes in process `syz.3.143'. [ 44.091327][ T29] audit: type=1400 audit(1750083951.004:576): avc: denied { create } for pid=3846 comm="syz.4.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.161864][ T29] audit: type=1400 audit(1750083951.024:577): avc: denied { bind } for pid=3846 comm="syz.4.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.181235][ T29] audit: type=1400 audit(1750083951.024:578): avc: denied { listen } for pid=3846 comm="syz.4.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.200829][ T29] audit: type=1400 audit(1750083951.024:579): avc: denied { connect } for pid=3846 comm="syz.4.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.222407][ T29] audit: type=1400 audit(1750083951.024:580): avc: denied { accept } for pid=3846 comm="syz.4.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 44.878479][ T3900] syz.0.168 uses obsolete (PF_INET,SOCK_PACKET) [ 44.973246][ T3905] 9pnet: p9_errstr2errno: server reported unknown error [ 45.081531][ T3916] loop0: detected capacity change from 0 to 736 [ 45.088310][ T3916] iso9660: Unknown parameter '§ÐQþ{Uº²a×ÓNÉDÙÂ?»sæM00000000000000000000' [ 45.239719][ T3922] SELinux: failed to load policy [ 45.475515][ T3945] loop1: detected capacity change from 0 to 128 [ 45.499028][ T3945] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 45.522268][ T3947] loop0: detected capacity change from 0 to 2048 [ 45.532765][ T3945] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 45.553076][ T3947] loop0: p1 < > p3 [ 45.557880][ T3947] loop0: p3 size 134217728 extends beyond EOD, truncated [ 45.580076][ T3945] Invalid ELF header magic: != ELF [ 45.630401][ T173] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 46.117314][ T3961] loop0: detected capacity change from 0 to 2048 [ 46.152904][ T3961] EXT4-fs: Ignoring removed nobh option [ 46.237974][ T3962] sch_fq: defrate 2048 ignored. [ 46.260967][ T3961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.392068][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.476564][ T3978] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.553070][ T3978] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.594597][ T3985] netlink: 48 bytes leftover after parsing attributes in process `syz.1.204'. [ 46.606110][ T3978] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.648658][ T3992] ip6gre1: entered allmulticast mode [ 46.663487][ T3978] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.743780][ T3978] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.760940][ T3997] netlink: 32 bytes leftover after parsing attributes in process `syz.1.209'. [ 46.776453][ T3978] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.787130][ T3396] IPVS: starting estimator thread 0... [ 46.797256][ T3978] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.816392][ T3978] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.891594][ T3999] IPVS: using max 2304 ests per chain, 115200 per kthread [ 47.019049][ T4014] loop4: detected capacity change from 0 to 1024 [ 47.052849][ T4014] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.109161][ T4014] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.216: Allocating blocks 385-513 which overlap fs metadata [ 47.117028][ T4027] loop1: detected capacity change from 0 to 128 [ 47.141123][ T4014] EXT4-fs (loop4): pa ffff888107518070: logic 16, phys. 129, len 24 [ 47.149546][ T4014] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 47.149826][ T4027] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 47.174284][ T4027] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.196458][ T4030] loop0: detected capacity change from 0 to 1024 [ 47.213939][ T4014] syz.4.216 (4014) used greatest stack depth: 9576 bytes left [ 47.215553][ T4030] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.237697][ T3309] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 47.249565][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.260443][ T4030] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.303653][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.364160][ T4048] netlink: 'syz.1.229': attribute type 10 has an invalid length. [ 47.375407][ T4044] loop3: detected capacity change from 0 to 2048 [ 47.391301][ T4048] team0: Port device dummy0 added [ 47.404748][ T4044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.417127][ T4057] usb usb8: usbfs: process 4057 (syz.4.225) did not claim interface 0 before use [ 47.442854][ T4048] netlink: 'syz.1.229': attribute type 10 has an invalid length. [ 47.469925][ T4048] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 47.483938][ T4044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.228'. [ 47.493314][ T4048] team0: Failed to send options change via netlink (err -105) [ 47.501022][ T4048] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 47.511669][ T4048] team0: Port device dummy0 removed [ 47.520687][ T4048] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 47.608858][ T4074] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.686889][ T4074] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.735874][ T4074] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.805405][ T4074] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.998730][ T4074] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.021269][ T4074] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.035230][ T4074] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.053192][ T4074] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.196517][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.233362][ T4102] loop0: detected capacity change from 0 to 8192 [ 48.272070][ T4110] tipc: Started in network mode [ 48.277064][ T4110] tipc: Node identity ac14140f, cluster identity 4711 [ 48.310536][ T4110] tipc: New replicast peer: 0.0.255.255 [ 48.316380][ T4110] tipc: Enabled bearer , priority 10 [ 48.335160][ T4112] netlink: 12 bytes leftover after parsing attributes in process `syz.2.248'. [ 48.382093][ T4117] loop3: detected capacity change from 0 to 256 [ 48.433803][ T4119] loop0: detected capacity change from 0 to 1024 [ 48.482318][ T4119] EXT4-fs: Ignoring removed nobh option [ 48.487995][ T4119] EXT4-fs: Ignoring removed bh option [ 48.504521][ T4119] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.643496][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.675276][ T4125] loop1: detected capacity change from 0 to 128 [ 48.722263][ T4125] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 48.732887][ T4125] FAT-fs (loop1): Filesystem has been set read-only [ 48.740926][ T4125] syz.1.255: attempt to access beyond end of device [ 48.740926][ T4125] loop1: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 48.756176][ T4125] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 48.764380][ T4125] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 48.790165][ T4125] syz.1.255: attempt to access beyond end of device [ 48.790165][ T4125] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.804318][ T4136] netlink: 12 bytes leftover after parsing attributes in process `syz.0.257'. [ 48.810759][ T4125] syz.1.255: attempt to access beyond end of device [ 48.810759][ T4125] loop1: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 48.814485][ T29] kauditd_printk_skb: 318 callbacks suppressed [ 48.814504][ T29] audit: type=1400 audit(1750083955.734:899): avc: denied { create } for pid=4132 comm="syz.3.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 48.868587][ T29] audit: type=1400 audit(1750083955.774:900): avc: denied { write } for pid=4132 comm="syz.3.258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 48.916151][ T4144] loop0: detected capacity change from 0 to 512 [ 48.931740][ T4144] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.972454][ T4144] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.012363][ T4151] netlink: 16 bytes leftover after parsing attributes in process `syz.2.263'. [ 49.015750][ T4144] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.038535][ T29] audit: type=1400 audit(1750083955.954:901): avc: denied { create } for pid=4143 comm="syz.0.262" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 49.062454][ T29] audit: type=1400 audit(1750083955.984:902): avc: denied { setattr } for pid=4143 comm="syz.0.262" path="/41/file0/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 49.139571][ T29] audit: type=1400 audit(1750083956.054:903): avc: denied { ioctl } for pid=4143 comm="syz.0.262" path="/41/file0/file1" dev="loop0" ino=15 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 49.186428][ T4158] loop4: detected capacity change from 0 to 256 [ 49.216234][ T4160] program syz.2.267 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 49.245185][ T4163] netlink: 'syz.4.269': attribute type 1 has an invalid length. [ 49.253228][ T4163] netlink: 224 bytes leftover after parsing attributes in process `syz.4.269'. [ 49.310908][ T29] audit: type=1400 audit(1750083956.224:904): avc: denied { create } for pid=4167 comm="syz.2.271" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 49.332307][ T23] tipc: Node number set to 2886997007 [ 49.345096][ T29] audit: type=1400 audit(1750083956.264:905): avc: denied { mounton } for pid=4167 comm="syz.2.271" path="/41/file0" dev="tmpfs" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 49.368257][ T29] audit: type=1400 audit(1750083956.274:906): avc: denied { compute_member } for pid=4169 comm="syz.4.272" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 49.388951][ T29] audit: type=1400 audit(1750083956.274:907): avc: denied { create } for pid=4169 comm="syz.4.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 49.435326][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.452732][ T29] audit: type=1400 audit(1750083956.374:908): avc: denied { unlink } for pid=3314 comm="syz-executor" name="file0" dev="tmpfs" ino=231 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 49.682371][ T4189] loop0: detected capacity change from 0 to 1024 [ 49.692842][ T4189] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.703472][ T4189] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 49.713913][ T4189] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 49.726749][ T4192] netlink: 96 bytes leftover after parsing attributes in process `syz.2.283'. [ 49.727087][ T4189] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 49.745033][ T4189] EXT4-fs (loop0): orphan cleanup on readonly fs [ 49.753343][ T4189] EXT4-fs error (device loop0): ext4_read_inode_bitmap:167: comm syz.0.281: Inode bitmap for bg 0 marked uninitialized [ 49.766414][ T4189] EXT4-fs (loop0): Remounting filesystem read-only [ 49.773802][ T4189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 49.806392][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.882151][ T4206] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 49.934773][ T4213] loop1: detected capacity change from 0 to 512 [ 49.942801][ T4213] EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities [ 51.240485][ T4259] loop1: detected capacity change from 0 to 512 [ 51.255236][ T4259] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 51.723860][ T4277] netlink: 'syz.2.319': attribute type 10 has an invalid length. [ 51.747850][ T4277] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.764412][ T4277] bridge_slave_1: left allmulticast mode [ 51.770161][ T4277] bridge_slave_1: left promiscuous mode [ 51.776513][ T4277] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.808991][ T4277] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 51.862299][ T4285] netlink: 'syz.4.323': attribute type 27 has an invalid length. [ 51.907188][ T4285] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.915313][ T4285] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.993221][ T4285] wg2: left promiscuous mode [ 51.998045][ T4285] wg2: left allmulticast mode [ 52.024244][ T4291] loop1: detected capacity change from 0 to 2048 [ 52.031069][ T4291] EXT4-fs: Ignoring removed nobh option [ 52.043379][ T4291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.072406][ T4285] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.097926][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.108862][ T4285] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.180387][ T4285] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.189622][ T4285] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.199032][ T4285] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.207976][ T4285] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.240153][ T4306] usb usb8: usbfs: process 4306 (syz.3.327) did not claim interface 0 before use [ 52.380281][ T4289] 8021q: adding VLAN 0 to HW filter on device  [ 52.409231][ T4289] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.420629][ T4320] loop0: detected capacity change from 0 to 1024 [ 52.433345][ T4322] loop2: detected capacity change from 0 to 1024 [ 52.447831][ T4320] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.460037][ T4289] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 52.604929][ T4322] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.636449][ T4322] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.711967][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.722546][ T4339] netlink: 'syz.4.335': attribute type 10 has an invalid length. [ 52.730529][ T4339] bridge_slave_1: left allmulticast mode [ 52.736322][ T4339] bridge_slave_1: left promiscuous mode [ 52.742750][ T4339] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.767231][ T4339] : (slave bridge_slave_1): Enslaving as an active interface with an up link [ 52.964682][ T4361] loop3: detected capacity change from 0 to 512 [ 53.014703][ T4361] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 53.139711][ T4371] xt_hashlimit: size too large, truncated to 1048576 [ 53.163902][ T4373] netlink: 32 bytes leftover after parsing attributes in process `syz.4.346'. [ 53.235524][ T3417] IPVS: starting estimator thread 0... [ 53.332093][ T4375] IPVS: using max 2304 ests per chain, 115200 per kthread [ 53.490648][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.586496][ T4399] netlink: 'syz.0.357': attribute type 10 has an invalid length. [ 53.600933][ T4399] veth0_vlan: entered allmulticast mode [ 53.613907][ T4399] veth0_vlan: left promiscuous mode [ 53.621687][ T4399] veth0_vlan: entered promiscuous mode [ 53.629517][ T4399] team0: Device veth0_vlan failed to register rx_handler [ 53.659391][ T4403] wg2: entered promiscuous mode [ 53.664488][ T4403] wg2: entered allmulticast mode [ 53.882303][ T4423] loop4: detected capacity change from 0 to 512 [ 53.890277][ T4423] EXT4-fs: Ignoring removed mblk_io_submit option [ 53.899431][ T4423] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 53.909708][ T4423] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.370: iget: bad extended attribute block 1 [ 53.924043][ T4423] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.370: couldn't read orphan inode 15 (err -117) [ 53.936769][ T4423] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.950698][ T29] kauditd_printk_skb: 174 callbacks suppressed [ 53.950711][ T29] audit: type=1400 audit(1750083960.864:1083): avc: denied { mount } for pid=4422 comm="syz.4.370" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 53.979943][ T29] audit: type=1400 audit(1750083960.874:1084): avc: denied { add_name } for pid=4422 comm="syz.4.370" name="cpu.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 54.000972][ T29] audit: type=1400 audit(1750083960.874:1085): avc: denied { create } for pid=4422 comm="syz.4.370" name="cpu.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.021506][ T29] audit: type=1400 audit(1750083960.884:1086): avc: denied { read append open } for pid=4422 comm="syz.4.370" path="/70/file0/cpu.stat" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.058544][ T29] audit: type=1400 audit(1750083960.974:1087): avc: denied { ioctl } for pid=4427 comm="syz.1.371" path="socket:[7841]" dev="sockfs" ino=7841 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 54.091551][ T4428] syzkaller0: entered allmulticast mode [ 54.103202][ T4428] syzkaller0 (unregistering): left allmulticast mode [ 54.179519][ T29] audit: type=1400 audit(1750083961.094:1088): avc: denied { map } for pid=4422 comm="syz.4.370" path="/70/file0/hugetlb.2MB.usage_in_bytes" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.205850][ T29] audit: type=1400 audit(1750083961.094:1089): avc: denied { write } for pid=4422 comm="syz.4.370" path="/70/file0/hugetlb.2MB.usage_in_bytes" dev="loop4" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.239531][ T29] audit: type=1400 audit(1750083961.154:1090): avc: denied { execmem } for pid=4435 comm="syz.0.375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 54.261337][ T4437] loop2: detected capacity change from 0 to 2048 [ 54.269685][ T29] audit: type=1400 audit(1750083961.174:1091): avc: denied { ioctl } for pid=4422 comm="syz.4.370" path="/70/file0/cpu.stat" dev="loop4" ino=18 ioctlcmd=0x583b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.315578][ T4437] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.332610][ T29] audit: type=1400 audit(1750083961.254:1092): avc: denied { sys_module } for pid=4433 comm="syz.2.374" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 54.353940][ T4434] Invalid ELF header magic: != ELF [ 54.375635][ T4439] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.376'. [ 54.397228][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.434315][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.757198][ T4472] loop1: detected capacity change from 0 to 512 [ 54.777796][ T4472] EXT4-fs: Ignoring removed mblk_io_submit option [ 54.787725][ T4474] xt_hashlimit: size too large, truncated to 1048576 [ 54.814064][ T4472] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 54.891806][ T4472] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.390: iget: bad extended attribute block 1 [ 54.905866][ T4472] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.390: couldn't read orphan inode 15 (err -117) [ 54.943699][ T4472] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.347229][ T4489] netlink: 'syz.3.395': attribute type 10 has an invalid length. [ 55.368024][ T4489] veth0_vlan: entered allmulticast mode [ 55.399292][ T4489] veth0_vlan: left promiscuous mode [ 55.415727][ T4489] veth0_vlan: entered promiscuous mode [ 55.425702][ T4489] team0: Device veth0_vlan failed to register rx_handler [ 55.440289][ T4491] netlink: 20 bytes leftover after parsing attributes in process `syz.4.397'. [ 55.542950][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.556447][ T4503] loop3: detected capacity change from 0 to 1024 [ 55.583133][ T4503] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.601449][ T4503] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.653962][ T4514] loop0: detected capacity change from 0 to 2048 [ 55.674065][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.674816][ T4514] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.722759][ T4514] Invalid ELF header magic: != ELF [ 55.763389][ T4528] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 55.787659][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.829731][ T4537] bond_slave_1: mtu less than device minimum [ 55.880467][ T4544] ref_ctr increment failed for inode: 0x1b3 offset: 0x9 ref_ctr_offset: 0x82 of mm: 0xffff8881040d6d40 [ 55.897378][ T4548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.418'. [ 55.912793][ T4543] uprobe: syz.4.419:4543 failed to unregister, leaking uprobe [ 55.925319][ T4550] netlink: 'syz.1.420': attribute type 27 has an invalid length. [ 55.956314][ T4550] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.963910][ T4550] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.990270][ T4550] wg2: left promiscuous mode [ 55.995581][ T4550] wg2: left allmulticast mode [ 56.022097][ T4550] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.033260][ T4550] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.080112][ T4550] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.088688][ T4550] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.097422][ T4550] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.106078][ T4550] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.116172][ T4550] ip6gre1: left allmulticast mode [ 56.136291][ T4553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.149187][ T4553] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.160905][ T4553] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 56.215540][ T4565] netlink: 'syz.1.424': attribute type 10 has an invalid length. [ 56.224097][ T4565] veth0_vlan: entered allmulticast mode [ 56.230080][ T4565] veth0_vlan: left promiscuous mode [ 56.237417][ T4565] veth0_vlan: entered promiscuous mode [ 56.248056][ T4565] team0: Device veth0_vlan failed to register rx_handler [ 56.373613][ T4578] loop4: detected capacity change from 0 to 256 [ 56.545215][ T4586] netlink: 24 bytes leftover after parsing attributes in process `syz.0.433'. [ 56.849149][ T4599] netlink: 'syz.2.437': attribute type 27 has an invalid length. [ 56.889356][ T4599] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.012384][ T4599] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 57.042505][ T4599] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 57.095167][ T4599] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.103917][ T4599] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.112374][ T4599] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.120918][ T4599] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.236723][ T4601] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.292932][ T4601] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.314283][ T4601] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 57.337138][ T4619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=203 sclass=netlink_route_socket pid=4619 comm=syz.4.447 [ 57.798732][ T4638] process 'syz.4.455' launched './file0' with NULL argv: empty string added [ 58.132114][ T4660] loop0: detected capacity change from 0 to 512 [ 58.139490][ T4660] EXT4-fs: Ignoring removed mblk_io_submit option [ 58.147043][ T4660] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 58.174252][ T4660] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.463: iget: bad extended attribute block 1 [ 58.205735][ T4660] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.463: couldn't read orphan inode 15 (err -117) [ 58.219265][ T4660] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.614857][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.911658][ T4693] sg_write: data in/out 476/14 bytes for SCSI command 0x4-- guessing data in; [ 58.911658][ T4693] program syz.2.486 not setting count and/or reply_len properly [ 58.991595][ T29] kauditd_printk_skb: 162 callbacks suppressed [ 58.991615][ T29] audit: type=1400 audit(1750083965.824:1255): avc: denied { read write } for pid=4692 comm="syz.2.486" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.022111][ T29] audit: type=1400 audit(1750083965.824:1256): avc: denied { open } for pid=4692 comm="syz.2.486" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.603777][ T29] audit: type=1400 audit(1750083966.514:1257): avc: denied { mount } for pid=4705 comm="syz.1.480" name="/" dev="configfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 59.626646][ T29] audit: type=1400 audit(1750083966.514:1258): avc: denied { search } for pid=4705 comm="syz.1.480" name="/" dev="configfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 59.649054][ T29] audit: type=1400 audit(1750083966.514:1259): avc: denied { search } for pid=4705 comm="syz.1.480" name="/" dev="configfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 59.671395][ T29] audit: type=1400 audit(1750083966.514:1260): avc: denied { read open } for pid=4705 comm="syz.1.480" path="/" dev="configfs" ino=838 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 59.694715][ T29] audit: type=1400 audit(1750083966.554:1261): avc: denied { read write } for pid=4708 comm="syz.0.483" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 59.719426][ T29] audit: type=1400 audit(1750083966.554:1262): avc: denied { open } for pid=4708 comm="syz.0.483" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 59.809503][ T29] audit: type=1326 audit(1750083966.724:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4714 comm="syz.0.485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb66078e929 code=0x7ffc0000 [ 59.833789][ T29] audit: type=1326 audit(1750083966.724:1264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4714 comm="syz.0.485" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb66078e929 code=0x7ffc0000 [ 59.990058][ T4725] netlink: 'syz.4.482': attribute type 10 has an invalid length. [ 60.017958][ T4725] team0: Port device dummy0 added [ 60.049735][ T4725] netlink: 'syz.4.482': attribute type 10 has an invalid length. [ 60.107007][ T4725] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 60.134291][ T4725] team0: Failed to send options change via netlink (err -105) [ 60.151684][ T4725] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 60.171975][ T4725] team0: Port device dummy0 removed [ 60.179935][ T4725] : (slave dummy0): Enslaving as an active interface with an up link [ 60.565511][ T4763] pimreg: entered allmulticast mode [ 60.574865][ T4763] pimreg: left allmulticast mode [ 61.174065][ T4785] loop2: detected capacity change from 0 to 1024 [ 61.181241][ T4785] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 61.191573][ T4785] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 61.202323][ T4785] EXT4-fs error (device loop2): ext4_get_journal_inode:5796: inode #32: comm syz.2.514: iget: special inode unallocated [ 61.215355][ T4785] EXT4-fs (loop2): Remounting filesystem read-only [ 61.222055][ T4785] EXT4-fs (loop2): no journal found [ 61.227492][ T4785] EXT4-fs (loop2): can't get journal size [ 61.250247][ T4785] EXT4-fs (loop2): filesystem is read-only [ 61.256709][ T4785] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 61.293204][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.346271][ T4798] ip6gre1: entered allmulticast mode [ 61.375903][ T4800] ÿÿÿÿÿÿ: renamed from vlan1 [ 61.405205][ T4801] loop1: detected capacity change from 0 to 2048 [ 61.430778][ T4801] EXT4-fs (loop1): failed to initialize system zone (-117) [ 61.439748][ T4801] EXT4-fs (loop1): mount failed [ 61.468263][ T4805] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4805 comm=syz.2.534 [ 61.480742][ T4805] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4805 comm=syz.2.534 [ 61.503728][ T4808] ÿÿÿÿÿÿ: renamed from vlan1 [ 61.538631][ T4813] netlink: 24 bytes leftover after parsing attributes in process `syz.3.537'. [ 61.544590][ T4812] loop0: detected capacity change from 0 to 1024 [ 61.568996][ T4812] EXT4-fs: Ignoring removed orlov option [ 61.611952][ T4812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.674307][ T4828] netlink: 48 bytes leftover after parsing attributes in process `syz.3.530'. [ 61.701271][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.781779][ T4838] ip6gre1: entered allmulticast mode [ 61.808773][ T4841] ÿÿÿÿÿÿ: renamed from vlan1 [ 62.850738][ T4968] loop3: detected capacity change from 0 to 736 [ 62.866867][ T4968] iso9660: Unknown parameter '§ÐQþ{Uº²a×ÓNÉDÙÂ?»sæM00000000000000000000' [ 63.256467][ T5017] SELinux: failed to load policy [ 63.361014][ T5021] loop3: detected capacity change from 0 to 1024 [ 63.388066][ T5021] EXT4-fs: Ignoring removed orlov option [ 63.405548][ T5021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.670996][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.821172][ T5042] 9pnet: p9_errstr2errno: server reported unknown error [ 64.169116][ T5064] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.235678][ T5064] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.275050][ T29] kauditd_printk_skb: 237 callbacks suppressed [ 64.275074][ T29] audit: type=1326 audit(1750083971.174:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.305207][ T29] audit: type=1326 audit(1750083971.174:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.329015][ T29] audit: type=1326 audit(1750083971.174:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.352557][ T29] audit: type=1326 audit(1750083971.174:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.376412][ T29] audit: type=1326 audit(1750083971.174:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.396225][ T5072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.584'. [ 64.400025][ T29] audit: type=1326 audit(1750083971.174:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.400125][ T29] audit: type=1326 audit(1750083971.174:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.400176][ T29] audit: type=1326 audit(1750083971.174:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.400205][ T29] audit: type=1326 audit(1750083971.174:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.503950][ T29] audit: type=1326 audit(1750083971.174:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5069 comm="syz.1.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 64.565415][ T5064] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.586981][ T5076] netlink: 16 bytes leftover after parsing attributes in process `syz.4.586'. [ 64.613188][ T5064] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 64.687401][ T5064] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.708198][ T5064] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.730186][ T5064] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.758546][ T5064] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.416497][ T5117] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 65.515270][ T5126] netlink: 12 bytes leftover after parsing attributes in process `syz.2.607'. [ 65.558198][ T5132] loop2: detected capacity change from 0 to 512 [ 65.565406][ T5132] EXT4-fs: Ignoring removed orlov option [ 65.573022][ T5132] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 65.585700][ T5132] EXT4-fs (loop2): orphan cleanup on readonly fs [ 65.593136][ T5132] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.618: bg 0: block 248: padding at end of block bitmap is not set [ 65.609172][ T5132] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.618: Failed to acquire dquot type 1 [ 65.622171][ T5132] EXT4-fs (loop2): 1 truncate cleaned up [ 65.629003][ T5132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 65.646214][ T5130] loop1: detected capacity change from 0 to 2048 [ 65.656288][ T5132] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 65.672233][ T5132] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 65.680892][ T5132] ext4 filesystem being remounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 65.685773][ T5130] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 65.709393][ T5132] netlink: 160 bytes leftover after parsing attributes in process `syz.2.618'. [ 65.718906][ T5132] netlink: 160 bytes leftover after parsing attributes in process `syz.2.618'. [ 65.738913][ T5132] syz.2.618 (5132) used greatest stack depth: 9304 bytes left [ 65.750189][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.760761][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.766804][ T5140] tipc: Started in network mode [ 65.774913][ T5140] tipc: Node identity 4, cluster identity 4711 [ 65.781146][ T5140] tipc: Node number set to 4 [ 65.810674][ T5144] loop1: detected capacity change from 0 to 1024 [ 65.817846][ T5144] EXT4-fs: Ignoring removed orlov option [ 65.828241][ T5144] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.208818][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.522419][ T5162] netlink: 20 bytes leftover after parsing attributes in process `syz.1.619'. [ 66.675985][ T5168] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 66.683314][ T5168] IPv6: NLM_F_CREATE should be set when creating new route [ 66.890481][ T5174] netlink: 12 bytes leftover after parsing attributes in process `syz.0.634'. [ 67.076528][ T5190] syzkaller1: entered promiscuous mode [ 67.082351][ T5190] syzkaller1: entered allmulticast mode [ 67.472932][ T5236] syzkaller1: entered promiscuous mode [ 67.478489][ T5236] syzkaller1: entered allmulticast mode [ 67.840192][ T5265] cgroup: fork rejected by pids controller in /syz2 [ 68.608854][ T5792] netlink: 12 bytes leftover after parsing attributes in process `syz.3.660'. [ 68.632389][ T5794] tipc: Started in network mode [ 68.637413][ T5794] tipc: Node identity 4, cluster identity 4711 [ 68.643794][ T5794] tipc: Node number set to 4 [ 68.673976][ T5797] netlink: 20 bytes leftover after parsing attributes in process `syz.2.662'. [ 68.764100][ T5808] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.667'. [ 68.868793][ T5818] netlink: 24 bytes leftover after parsing attributes in process `syz.2.673'. [ 68.940591][ T5821] wg2: entered promiscuous mode [ 68.945627][ T5821] wg2: entered allmulticast mode [ 69.093888][ T5827] netlink: 596 bytes leftover after parsing attributes in process `syz.3.677'. [ 69.485675][ T5836] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.681'. [ 69.532535][ T5846] netlink: 'syz.0.686': attribute type 4 has an invalid length. [ 69.757462][ T29] kauditd_printk_skb: 83 callbacks suppressed [ 69.757488][ T29] audit: type=1400 audit(1750083976.674:1593): avc: denied { ioctl } for pid=5860 comm="syz.2.692" path="socket:[12341]" dev="sockfs" ino=12341 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 69.823604][ T5865] netlink: 596 bytes leftover after parsing attributes in process `syz.2.694'. [ 69.825221][ T5866] batadv_slave_1: entered promiscuous mode [ 69.843316][ T29] audit: type=1326 audit(1750083976.764:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 69.871051][ T5863] batadv_slave_1: left promiscuous mode [ 69.878238][ T29] audit: type=1326 audit(1750083976.784:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 69.902094][ T29] audit: type=1326 audit(1750083976.784:1596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 69.925779][ T29] audit: type=1326 audit(1750083976.784:1597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 69.949342][ T29] audit: type=1326 audit(1750083976.784:1598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 69.972765][ T29] audit: type=1326 audit(1750083976.784:1599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 69.996358][ T29] audit: type=1326 audit(1750083976.784:1600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 70.020125][ T29] audit: type=1326 audit(1750083976.784:1601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 70.043586][ T29] audit: type=1326 audit(1750083976.784:1602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5863 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 70.261295][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.714'. [ 70.328099][ T5895] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.385233][ T5895] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.473339][ T5895] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.514805][ T5905] netlink: 596 bytes leftover after parsing attributes in process `syz.4.706'. [ 70.520079][ T5904] syzkaller0: entered promiscuous mode [ 70.529497][ T5904] syzkaller0: entered allmulticast mode [ 70.537795][ T5895] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.567261][ T5907] $Hÿ: renamed from  (while UP) [ 70.574727][ T5907] $Hÿ: entered promiscuous mode [ 70.579922][ T5907] bond_slave_0: entered promiscuous mode [ 70.585911][ T5907] bond_slave_1: entered promiscuous mode [ 70.591706][ T5907] bridge_slave_1: entered promiscuous mode [ 70.598004][ T5907] dummy0: entered promiscuous mode [ 70.621511][ T5895] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.633859][ T5895] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.646042][ T5895] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.676473][ T5895] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.694272][ T5917] netlink: 'syz.3.716': attribute type 4 has an invalid length. [ 70.869526][ T5936] $Hÿ: renamed from bond0 (while UP) [ 70.877197][ T5936] $Hÿ: entered promiscuous mode [ 70.882423][ T5936] bond_slave_0: entered promiscuous mode [ 70.888362][ T5936] bond_slave_1: entered promiscuous mode [ 70.895616][ T5936] dummy0: entered promiscuous mode [ 71.008039][ T5948] $Hÿ: renamed from bond0 (while UP) [ 71.017522][ T5948] $Hÿ: entered promiscuous mode [ 71.022808][ T5948] bond_slave_0: entered promiscuous mode [ 71.028885][ T5948] bond_slave_1: entered promiscuous mode [ 71.040982][ T5950] netlink: 'syz.4.730': attribute type 4 has an invalid length. [ 71.062296][ T5952] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.119042][ T5952] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.184701][ T5952] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.243715][ T5952] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.299558][ T5952] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.311103][ T5952] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.322847][ T5952] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.334311][ T5952] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.398607][ T5969] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.473244][ T5969] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.523331][ T5969] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.583457][ T5969] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.691809][ T5980] $Hÿ: renamed from bond0 (while UP) [ 71.699602][ T5980] $Hÿ: entered promiscuous mode [ 71.704958][ T5980] bond_slave_0: entered promiscuous mode [ 71.710866][ T5980] bond_slave_1: entered promiscuous mode [ 71.765886][ T5982] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 72.582079][ T6013] vhci_hcd: invalid port number 96 [ 72.587395][ T6013] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 72.603688][ T6009] vhci_hcd: default hub control req: 0000 v0000 i0000 l65535 [ 72.976113][ T6034] pim6reg1: entered promiscuous mode [ 72.981562][ T6034] pim6reg1: entered allmulticast mode [ 72.998977][ T6040] __nla_validate_parse: 2 callbacks suppressed [ 72.998994][ T6040] netlink: 24 bytes leftover after parsing attributes in process `syz.1.770'. [ 73.144785][ T6022] Set syz1 is full, maxelem 65536 reached [ 73.158956][ T6042] sch_tbf: burst 88 is lower than device veth5 mtu (1514) ! [ 73.266658][ T6053] loop1: detected capacity change from 0 to 512 [ 73.275354][ T6053] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.774: iget: bad i_size value: 38620345925642 [ 73.288453][ T6053] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.774: couldn't read orphan inode 15 (err -117) [ 73.301031][ T6053] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.326546][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.375108][ T6065] pim6reg1: entered promiscuous mode [ 73.380506][ T6065] pim6reg1: entered allmulticast mode [ 74.357308][ T6082] Set syz1 is full, maxelem 65536 reached [ 74.446707][ T6089] netlink: 'syz.4.788': attribute type 10 has an invalid length. [ 74.459843][ T6089] $Hÿ: (slave dummy0): Releasing backup interface [ 74.469329][ T6089] dummy0: left promiscuous mode [ 74.481915][ T6089] team0: Failed to send options change via netlink (err -105) [ 74.489509][ T6089] team0: Port device dummy0 added [ 74.498443][ T6092] netlink: 'syz.4.788': attribute type 10 has an invalid length. [ 74.507119][ T6092] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 74.528553][ T6092] team0: Failed to send options change via netlink (err -105) [ 74.537537][ T6092] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 74.547015][ T6092] team0: Port device dummy0 removed [ 74.561075][ T6092] dummy0: entered promiscuous mode [ 74.566749][ T6092] $Hÿ: (slave dummy0): Enslaving as an active interface with an up link [ 74.627268][ T5969] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.641112][ T5969] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.654860][ T5969] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.668956][ T5969] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.771548][ T29] kauditd_printk_skb: 68 callbacks suppressed [ 74.771563][ T29] audit: type=1400 audit(1750083981.684:1671): avc: denied { create } for pid=6107 comm="syz.2.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 74.798372][ T6110] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.796'. [ 74.807643][ T6110] netlink: 12 bytes leftover after parsing attributes in process `syz.3.796'. [ 74.812415][ T29] audit: type=1400 audit(1750083981.714:1672): avc: denied { bind } for pid=6107 comm="syz.2.797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 74.974158][ T6116] sch_fq: defrate 0 ignored. [ 75.305569][ T29] audit: type=1400 audit(1750083982.224:1673): avc: denied { sqpoll } for pid=6139 comm="syz.2.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 75.352076][ T6147] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.393203][ T6147] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.474720][ T6147] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.524389][ T6147] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.608989][ T6147] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.704834][ T6147] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.769411][ T6147] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.845800][ T6153] loop3: detected capacity change from 0 to 2048 [ 75.877616][ T6147] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.024289][ T6153] EXT4-fs error (device loop3): __ext4_iget:5379: inode #2: block 127754: comm syz.3.813: invalid block [ 76.109772][ T6153] EXT4-fs (loop3): get root inode failed [ 76.115685][ T6153] EXT4-fs (loop3): mount failed [ 76.455149][ T29] audit: type=1326 audit(1750083983.364:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.478781][ T29] audit: type=1326 audit(1750083983.364:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.509731][ T6157] loop4: detected capacity change from 0 to 8192 [ 76.610785][ T29] audit: type=1326 audit(1750083983.424:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.634572][ T29] audit: type=1326 audit(1750083983.424:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.658014][ T29] audit: type=1326 audit(1750083983.424:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.681509][ T29] audit: type=1326 audit(1750083983.424:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.704940][ T29] audit: type=1326 audit(1750083983.424:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6162 comm="syz.1.818" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 76.969840][ T6193] netlink: 'syz.0.828': attribute type 12 has an invalid length. [ 77.080660][ T6212] netlink: 4 bytes leftover after parsing attributes in process `syz.2.831'. [ 77.090884][ T6207] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.116098][ T6212] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.124463][ T6212] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.132834][ T6212] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.141280][ T6212] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.153437][ T6212] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.161948][ T6212] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.170474][ T6212] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.178992][ T6212] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.193087][ T6207] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.255662][ T6207] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.307152][ T6207] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.793686][ T6277] loop2: detected capacity change from 0 to 512 [ 77.807289][ T6277] EXT4-fs: Ignoring removed i_version option [ 77.822432][ T6277] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 77.844235][ T6277] EXT4-fs (loop2): orphan cleanup on readonly fs [ 77.860008][ T6277] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.843: bg 0: block 131: padding at end of block bitmap is not set [ 77.894515][ T6277] EXT4-fs (loop2): Remounting filesystem read-only [ 77.901303][ T6277] EXT4-fs (loop2): 1 truncate cleaned up [ 77.915671][ T6277] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 77.954978][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.152512][ T6267] Set syz1 is full, maxelem 65536 reached [ 78.179971][ T6290] bridge0: entered promiscuous mode [ 78.194361][ T6290] bridge0: port 2(macvlan2) entered blocking state [ 78.203072][ T6290] bridge0: port 2(macvlan2) entered disabled state [ 78.214647][ T6290] macvlan2: entered allmulticast mode [ 78.220789][ T6290] bridge0: entered allmulticast mode [ 78.235080][ T6290] macvlan2: left allmulticast mode [ 78.241171][ T6290] bridge0: left allmulticast mode [ 78.253767][ T6290] bridge0: left promiscuous mode [ 78.280675][ T6294] 9pnet: p9_errstr2errno: server reported unknown error [ 78.353898][ T6297] SELinux: failed to load policy [ 78.454909][ T6305] loop2: detected capacity change from 0 to 256 [ 78.481642][ T6305] FAT-fs (loop2): Directory bread(block 64) failed [ 78.493865][ T6305] FAT-fs (loop2): Directory bread(block 65) failed [ 78.500531][ T6305] FAT-fs (loop2): Directory bread(block 66) failed [ 78.507201][ T6305] FAT-fs (loop2): Directory bread(block 67) failed [ 78.514005][ T6305] FAT-fs (loop2): Directory bread(block 68) failed [ 78.520638][ T6305] FAT-fs (loop2): Directory bread(block 69) failed [ 78.524131][ T6311] ip6gre1: entered allmulticast mode [ 78.528635][ T6305] FAT-fs (loop2): Directory bread(block 70) failed [ 78.539271][ T6305] FAT-fs (loop2): Directory bread(block 71) failed [ 78.560618][ T6305] FAT-fs (loop2): Directory bread(block 72) failed [ 78.568304][ T6305] FAT-fs (loop2): Directory bread(block 73) failed [ 78.698274][ T6324] loop4: detected capacity change from 0 to 2048 [ 78.750203][ T6326] loop2: detected capacity change from 0 to 512 [ 78.769553][ T6326] EXT4-fs: Ignoring removed mblk_io_submit option [ 78.778499][ T6326] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 78.793432][ T6326] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c018, mo2=0002] [ 78.804558][ T6326] System zones: 1-12 [ 78.825502][ T6326] EXT4-fs (loop2): 1 truncate cleaned up [ 78.843077][ T6326] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.947870][ T6336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.869'. [ 78.964745][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.971255][ T6336] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.982148][ T6336] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.990386][ T6336] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 78.998682][ T6336] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 79.008458][ T6336] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.017037][ T6336] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.025519][ T6336] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.033993][ T6336] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 79.257369][ T6353] loop1: detected capacity change from 0 to 8192 [ 79.266483][ T6353] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 79.323390][ T6357] loop3: detected capacity change from 0 to 512 [ 79.331751][ T6357] EXT4-fs error (device loop3): ext4_iget_extra_inode:5035: inode #15: comm syz.3.880: corrupted in-inode xattr: invalid ea_ino [ 79.345436][ T6357] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.880: couldn't read orphan inode 15 (err -117) [ 79.371455][ T6357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.390310][ T6362] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 79.397643][ T6362] IPv6: NLM_F_CREATE should be set when creating new route [ 79.423399][ T6363] wg2: entered promiscuous mode [ 79.428382][ T6363] wg2: entered allmulticast mode [ 79.439994][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.463206][ T6367] loop3: detected capacity change from 0 to 512 [ 79.492627][ T6367] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 79.523581][ T6367] EXT4-fs (loop3): 1 truncate cleaned up [ 79.529885][ T6367] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.713094][ T6376] netlink: 'syz.4.887': attribute type 39 has an invalid length. [ 79.721235][ T6367] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.728570][ T6367] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.768591][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.795630][ T6379] tipc: Enabling of bearer rejected, failed to enable media [ 79.796941][ T6381] loop3: detected capacity change from 0 to 1024 [ 79.825037][ T6381] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.845927][ T29] kauditd_printk_skb: 135 callbacks suppressed [ 79.845984][ T29] audit: type=1400 audit(1750083986.764:1816): avc: denied { execute } for pid=6380 comm="syz.3.888" path="/172/file1/blkio.bfq.group_wait_time" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 79.891895][ T6387] xt_hashlimit: size too large, truncated to 1048576 [ 80.019589][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.074077][ T29] audit: type=1326 audit(1750083986.984:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.076097][ T6396] netlink: 4 bytes leftover after parsing attributes in process `syz.1.894'. [ 80.134869][ T6207] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.145999][ T6400] loop3: detected capacity change from 0 to 512 [ 80.162031][ T29] audit: type=1400 audit(1750083986.994:1818): avc: denied { bind } for pid=6395 comm="syz.1.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 80.182731][ T29] audit: type=1326 audit(1750083987.024:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.206445][ T29] audit: type=1326 audit(1750083987.024:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.230017][ T29] audit: type=1326 audit(1750083987.024:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.253554][ T29] audit: type=1326 audit(1750083987.024:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.266284][ T6207] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.276917][ T29] audit: type=1326 audit(1750083987.024:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.276967][ T29] audit: type=1326 audit(1750083987.024:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.331960][ T29] audit: type=1326 audit(1750083987.024:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6393 comm="syz.3.893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f92ee10e929 code=0x7ffc0000 [ 80.335717][ T6207] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.380739][ T6398] netlink: 28 bytes leftover after parsing attributes in process `syz.2.895'. [ 80.402440][ T6400] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.445589][ T6400] ext4 filesystem being mounted at /174/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 80.459375][ T6207] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.529895][ T6415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.900'. [ 80.550767][ T6416] netlink: 'syz.0.902': attribute type 13 has an invalid length. [ 80.648622][ T6417] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 80.684157][ T6417] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error [ 80.713401][ T6416] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.720704][ T6416] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.743578][ T6417] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 80.776334][ C1] vcan0: j1939_tp_rxtimer: 0xffff88811a419a00: rx timeout, send abort [ 80.818097][ T6417] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error [ 80.880642][ T6416] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 80.891932][ T6416] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 80.907790][ T6417] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117) [ 80.934654][ T6417] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117) [ 80.967959][ T6416] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.976524][ T6416] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.985128][ T6416] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 80.993657][ T6416] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.019598][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.320194][ T6472] netlink: 'syz.3.916': attribute type 10 has an invalid length. [ 81.334545][ T6472] batman_adv: batadv0: Adding interface: team0 [ 81.341054][ T6472] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 81.366786][ T6472] netlink: 'syz.3.916': attribute type 10 has an invalid length. [ 81.376103][ T6472] netlink: 2 bytes leftover after parsing attributes in process `syz.3.916'. [ 81.385521][ T6472] team0: entered promiscuous mode [ 81.390822][ T6472] team_slave_0: entered promiscuous mode [ 81.390925][ T6475] netlink: 3 bytes leftover after parsing attributes in process `syz.2.917'. [ 81.396855][ T6472] team_slave_1: entered promiscuous mode [ 81.419618][ T6472] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.429066][ T6472] batman_adv: batadv0: Interface activated: team0 [ 81.435768][ T6472] batman_adv: batadv0: Interface deactivated: team0 [ 81.442620][ T6472] batman_adv: batadv0: Removing interface: team0 [ 81.452858][ T6472] bridge0: port 3(team0) entered blocking state [ 81.459225][ T6472] bridge0: port 3(team0) entered disabled state [ 81.466969][ T6472] team0: entered allmulticast mode [ 81.472251][ T6472] team_slave_0: entered allmulticast mode [ 81.478159][ T6472] team_slave_1: entered allmulticast mode [ 81.487267][ T6475] 0ªX¹¦À: renamed from caif0 [ 81.490008][ T6480] SELinux: failed to load policy [ 81.499366][ T6475] 0ªX¹¦À: entered allmulticast mode [ 81.504938][ T6475] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 81.523231][ T6477] tipc: New replicast peer: 255.255.255.255 [ 81.529516][ T6477] tipc: Enabled bearer , priority 10 [ 81.740819][ T6498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.929'. [ 81.768355][ T6498] team0 (unregistering): Port device team_slave_0 removed [ 81.777675][ T6498] team0 (unregistering): Port device team_slave_1 removed [ 81.788048][ T6507] netlink: 132 bytes leftover after parsing attributes in process `syz.4.932'. [ 81.857171][ T6514] macvlan2: entered promiscuous mode [ 81.862842][ T6514] macvlan2: entered allmulticast mode [ 81.909165][ T6525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.939'. [ 81.941281][ T6529] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=6529 comm=syz.4.941 [ 82.120529][ T6549] loop2: detected capacity change from 0 to 256 [ 82.296152][ T6561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6561 comm=syz.2.955 [ 82.330492][ T6563] netlink: 8 bytes leftover after parsing attributes in process `syz.2.956'. [ 82.449374][ T6565] wireguard0: entered promiscuous mode [ 82.456753][ T6565] wireguard0: entered allmulticast mode [ 82.746378][ T6575] loop3: detected capacity change from 0 to 512 [ 82.763817][ T6575] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.778443][ T6575] ext4 filesystem being mounted at /182/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.805259][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.052858][ T6559] syz.4.954 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 83.067081][ T6559] CPU: 0 UID: 0 PID: 6559 Comm: syz.4.954 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(voluntary) [ 83.067124][ T6559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 83.067141][ T6559] Call Trace: [ 83.067150][ T6559] [ 83.067161][ T6559] __dump_stack+0x1d/0x30 [ 83.067190][ T6559] dump_stack_lvl+0xe8/0x140 [ 83.067242][ T6559] dump_stack+0x15/0x1b [ 83.067258][ T6559] dump_header+0x81/0x220 [ 83.067351][ T6559] oom_kill_process+0x334/0x3f0 [ 83.067389][ T6559] out_of_memory+0x979/0xb80 [ 83.067488][ T6559] try_charge_memcg+0x5e6/0x9e0 [ 83.067528][ T6559] obj_cgroup_charge_pages+0xa6/0x150 [ 83.067569][ T6559] __memcg_kmem_charge_page+0x9f/0x170 [ 83.067640][ T6559] __alloc_frozen_pages_noprof+0x188/0x360 [ 83.067689][ T6559] alloc_pages_mpol+0xb3/0x250 [ 83.067733][ T6559] alloc_pages_noprof+0x90/0x130 [ 83.067833][ T6559] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 83.067887][ T6559] __kvmalloc_node_noprof+0x30f/0x4e0 [ 83.067921][ T6559] ? ip_set_alloc+0x1f/0x30 [ 83.068011][ T6559] ? ip_set_alloc+0x1f/0x30 [ 83.068120][ T6559] ? __kmalloc_cache_noprof+0x189/0x320 [ 83.068174][ T6559] ip_set_alloc+0x1f/0x30 [ 83.068211][ T6559] hash_netiface_create+0x282/0x740 [ 83.068251][ T6559] ? __pfx_hash_netiface_create+0x10/0x10 [ 83.068283][ T6559] ip_set_create+0x3cc/0x960 [ 83.068334][ T6559] ? save_fpregs_to_fpstate+0x100/0x160 [ 83.068388][ T6559] nfnetlink_rcv_msg+0x4c3/0x590 [ 83.068508][ T6559] ? selinux_capable+0x1f9/0x270 [ 83.068551][ T6559] netlink_rcv_skb+0x123/0x220 [ 83.068626][ T6559] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 83.068659][ T6559] nfnetlink_rcv+0x16b/0x1690 [ 83.068684][ T6559] ? __kfree_skb+0x109/0x150 [ 83.068779][ T6559] ? nlmon_xmit+0x4f/0x60 [ 83.068807][ T6559] ? consume_skb+0x49/0x150 [ 83.068906][ T6559] ? nlmon_xmit+0x4f/0x60 [ 83.068927][ T6559] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 83.068973][ T6559] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 83.069017][ T6559] ? __dev_queue_xmit+0x182/0x1fb0 [ 83.069088][ T6559] ? ref_tracker_free+0x37d/0x3e0 [ 83.069146][ T6559] ? __netlink_deliver_tap+0x4dc/0x500 [ 83.069173][ T6559] netlink_unicast+0x59e/0x670 [ 83.069209][ T6559] netlink_sendmsg+0x58b/0x6b0 [ 83.069269][ T6559] ? __pfx_netlink_sendmsg+0x10/0x10 [ 83.069295][ T6559] __sock_sendmsg+0x142/0x180 [ 83.069327][ T6559] ____sys_sendmsg+0x31e/0x4e0 [ 83.069366][ T6559] ___sys_sendmsg+0x17b/0x1d0 [ 83.069445][ T6559] __x64_sys_sendmsg+0xd4/0x160 [ 83.069470][ T6559] x64_sys_call+0x2999/0x2fb0 [ 83.069500][ T6559] do_syscall_64+0xd2/0x200 [ 83.069524][ T6559] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 83.069579][ T6559] ? clear_bhb_loop+0x40/0x90 [ 83.069599][ T6559] ? clear_bhb_loop+0x40/0x90 [ 83.069623][ T6559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.069676][ T6559] RIP: 0033:0x7f54848be929 [ 83.069704][ T6559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.069727][ T6559] RSP: 002b:00007f5482f27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 83.069749][ T6559] RAX: ffffffffffffffda RBX: 00007f5484ae5fa0 RCX: 00007f54848be929 [ 83.069766][ T6559] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000006 [ 83.069785][ T6559] RBP: 00007f5484940b39 R08: 0000000000000000 R09: 0000000000000000 [ 83.069797][ T6559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.069812][ T6559] R13: 0000000000000000 R14: 00007f5484ae5fa0 R15: 00007ffd3d22baa8 [ 83.069834][ T6559] [ 83.069840][ T6559] memory: usage 307200kB, limit 307200kB, failcnt 283 [ 83.424267][ T6559] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0 [ 83.432197][ T6559] kmem: usage 307120kB, limit 9007199254740988kB, failcnt 0 [ 83.439513][ T6559] Memory cgroup stats for /syz4: [ 83.440046][ T6559] cache 0 [ 83.448149][ T6559] rss 0 [ 83.450988][ T6559] shmem 0 [ 83.453961][ T6559] mapped_file 0 [ 83.457425][ T6559] dirty 0 [ 83.460456][ T6559] writeback 0 [ 83.463769][ T6559] workingset_refault_anon 2 [ 83.468286][ T6559] workingset_refault_file 110 [ 83.473062][ T6559] swap 184320 [ 83.476349][ T6559] swapcached 8192 [ 83.479985][ T6559] pgpgin 75645 [ 83.483481][ T6559] pgpgout 75643 [ 83.486974][ T6559] pgfault 54721 [ 83.490435][ T6559] pgmajfault 8 [ 83.493866][ T6559] inactive_anon 8192 [ 83.497917][ T6559] active_anon 0 [ 83.501486][ T6559] inactive_file 0 [ 83.505209][ T6559] active_file 0 [ 83.508787][ T6559] unevictable 0 [ 83.512385][ T6559] hierarchical_memory_limit 314572800 [ 83.517893][ T6559] hierarchical_memsw_limit 9223372036854771712 [ 83.524092][ T6559] total_cache 0 [ 83.527558][ T6559] total_rss 0 [ 83.530883][ T6559] total_shmem 0 [ 83.534467][ T6559] total_mapped_file 0 [ 83.538458][ T6559] total_dirty 0 [ 83.541975][ T6559] total_writeback 0 [ 83.545805][ T6559] total_workingset_refault_anon 2 [ 83.550982][ T6559] total_workingset_refault_file 110 [ 83.556217][ T6559] total_swap 184320 [ 83.560026][ T6559] total_swapcached 8192 [ 83.564251][ T6559] total_pgpgin 75645 [ 83.568207][ T6559] total_pgpgout 75643 [ 83.572241][ T6559] total_pgfault 54721 [ 83.576317][ T6559] total_pgmajfault 8 [ 83.580224][ T6559] total_inactive_anon 8192 [ 83.584772][ T6559] total_active_anon 0 [ 83.588792][ T6559] total_inactive_file 0 [ 83.592982][ T6559] total_active_file 0 [ 83.597062][ T6559] total_unevictable 0 [ 83.601068][ T6559] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.954,pid=6558,uid=0 [ 83.615827][ T6559] Memory cgroup out of memory: Killed process 6558 (syz.4.954) total-vm:93620kB, anon-rss:936kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 83.755255][ T6559] syz.4.954 (6559) used greatest stack depth: 7160 bytes left [ 83.786204][ T6598] loop4: detected capacity change from 0 to 512 [ 83.794375][ T6598] EXT4-fs: inline encryption not supported [ 83.800554][ T6598] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 83.811919][ T6601] 9pnet: p9_errstr2errno: server reported unknown error [ 83.822347][ T6602] loop3: detected capacity change from 0 to 1024 [ 83.834661][ T6602] EXT4-fs: Ignoring removed orlov option [ 83.849319][ T6602] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 83.857922][ T6608] can0: slcan on ttyS3. [ 83.899883][ T6610] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=6610 comm=syz.2.972 [ 83.912360][ T6606] can0 (unregistered): slcan off ttyS3. [ 84.104358][ T6620] loop4: detected capacity change from 0 to 2048 [ 84.142573][ T6620] loop4: p1 < > p4 [ 84.147452][ T6620] loop4: p4 size 8388608 extends beyond EOD, truncated [ 84.239434][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.243123][ T6632] __nla_validate_parse: 6 callbacks suppressed [ 84.243144][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.983'. [ 84.282181][ T6636] loop3: detected capacity change from 0 to 2048 [ 84.304244][ T6636] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.318868][ T6632] netlink: 4 bytes leftover after parsing attributes in process `syz.0.983'. [ 84.325268][ T6636] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 84.342993][ T6636] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 84.355316][ T6636] EXT4-fs (loop3): This should not happen!! Data will be lost [ 84.355316][ T6636] [ 84.365016][ T6636] EXT4-fs (loop3): Total free blocks count 0 [ 84.371158][ T6636] EXT4-fs (loop3): Free/Dirty block details [ 84.377169][ T6636] EXT4-fs (loop3): free_blocks=2415919504 [ 84.382981][ T6636] EXT4-fs (loop3): dirty_blocks=16 [ 84.388320][ T6636] EXT4-fs (loop3): Block reservation details [ 84.394455][ T6636] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 84.434288][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.468113][ T6651] netlink: 12 bytes leftover after parsing attributes in process `syz.3.986'. [ 84.487284][ T6651] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.596165][ T6662] wireguard0: entered promiscuous mode [ 84.601943][ T6662] wireguard0: entered allmulticast mode [ 84.699626][ T6673] netlink: 'syz.0.991': attribute type 1 has an invalid length. [ 84.707441][ T6673] netlink: 224 bytes leftover after parsing attributes in process `syz.0.991'. [ 84.743566][ T6678] netlink: 'syz.0.993': attribute type 7 has an invalid length. [ 84.751454][ T6678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.993'. [ 84.835380][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.842894][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.850328][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.858011][ T29] kauditd_printk_skb: 250 callbacks suppressed [ 84.858032][ T29] audit: type=1400 audit(1750083991.764:2076): avc: granted { setsecparam } for pid=6690 comm="syz.4.999" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 84.883541][ T29] audit: type=1326 audit(1750083991.764:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 84.907094][ T29] audit: type=1326 audit(1750083991.764:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 84.930786][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.938278][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.945141][ T6689] loop1: detected capacity change from 0 to 1024 [ 84.945743][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.959591][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.967104][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.974606][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.982058][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.989510][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 84.997020][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.004481][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.011992][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.019588][ T29] audit: type=1326 audit(1750083991.784:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 85.021433][ T6689] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.043028][ T29] audit: type=1326 audit(1750083991.784:2080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 85.055088][ T6689] ext4 filesystem being mounted at /214/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.078308][ T29] audit: type=1326 audit(1750083991.784:2081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 85.112302][ T29] audit: type=1326 audit(1750083991.784:2082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 85.135639][ T29] audit: type=1326 audit(1750083991.784:2083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 85.159067][ T29] audit: type=1326 audit(1750083991.784:2084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f54848be929 code=0x7ffc0000 [ 85.182626][ T29] audit: type=1326 audit(1750083991.794:2085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6690 comm="syz.4.999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f54848b58e7 code=0x7ffc0000 [ 85.211409][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.218878][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.226466][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.230174][ T6697] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1000'. [ 85.233974][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.250573][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.258109][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.265559][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.273064][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.280484][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.287937][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.295409][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.302940][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.310364][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.317889][ T6448] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 85.325878][ T6448] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 85.348369][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.469285][ T6710] loop1: detected capacity change from 0 to 512 [ 85.482994][ T6710] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.495977][ T6710] ext4 filesystem being mounted at /217/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.509553][ T6710] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1006: corrupted inode contents [ 85.522115][ T6710] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1006: mark_inode_dirty error [ 85.533962][ T6710] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1006: corrupted inode contents [ 85.547559][ T6710] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1006: corrupted inode contents [ 85.559606][ T6710] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1006: mark_inode_dirty error [ 85.571400][ T6710] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1006: corrupted inode contents [ 85.583953][ T6710] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #2: comm syz.1.1006: mark_inode_dirty error [ 85.595466][ T6710] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1006: corrupted inode contents [ 85.608002][ T6710] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #2: comm syz.1.1006: mark_inode_dirty error [ 85.620738][ T6715] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #2: comm syz.1.1006: corrupted inode contents [ 85.645730][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.692957][ T6721] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1009'. [ 85.793096][ T6734] loop2: detected capacity change from 0 to 512 [ 85.801258][ T6734] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.1015: casefold flag without casefold feature [ 85.815069][ T6734] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1015: couldn't read orphan inode 15 (err -117) [ 85.827659][ T6734] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.853970][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.943649][ T6746] netlink: 'syz.2.1020': attribute type 4 has an invalid length. [ 85.954513][ T6746] netlink: 'syz.2.1020': attribute type 4 has an invalid length. [ 86.686571][ T6775] loop4: detected capacity change from 0 to 1024 [ 86.707096][ T6775] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.746486][ T6786] bridge: RTM_NEWNEIGH with invalid ether address [ 86.755093][ T6775] ext4 filesystem being mounted at /198/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.793581][ T6775] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 86.855622][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.056082][ T6807] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1046'. [ 87.065089][ T6807] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.073000][ T6807] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.100846][ T6811] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1048'. [ 87.122642][ T6811] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6811 comm=syz.4.1048 [ 87.183320][ T6823] loop4: detected capacity change from 0 to 512 [ 87.190239][ T6823] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 87.201670][ T6823] EXT4-fs (loop4): 1 truncate cleaned up [ 87.207756][ T6823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 87.271320][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.316426][ T6835] netlink: 'syz.0.1059': attribute type 1 has an invalid length. [ 87.326129][ T6835] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1059'. [ 87.378003][ T6843] IPv4: Oversized IP packet from 127.202.26.0 [ 87.448078][ T6448] IPVS: starting estimator thread 0... [ 87.461006][ T6851] vlan2: entered allmulticast mode [ 87.466352][ T6851] bond0: entered allmulticast mode [ 87.485463][ T6858] netlink: 'syz.0.1068': attribute type 1 has an invalid length. [ 87.511127][ T6858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.540622][ T6858] bond0 (unregistering): Released all slaves [ 87.541578][ T6855] IPVS: using max 2352 ests per chain, 117600 per kthread [ 87.673659][ T6875] wg2: entered promiscuous mode [ 87.678684][ T6875] wg2: entered allmulticast mode [ 87.734601][ T6880] 8021q: adding VLAN 0 to HW filter on device bond2 [ 87.744218][ T6880] bond1: (slave bond2): Enslaving as an active interface with an up link [ 87.775042][ T6880] bond1 (unregistering): (slave bond2): Releasing backup interface [ 87.793673][ T6880] bond1 (unregistering): Released all slaves [ 87.927064][ T6893] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.486379][ T6919] loop3: detected capacity change from 0 to 512 [ 88.495444][ T6919] EXT4-fs: Ignoring removed mblk_io_submit option [ 88.694084][ T6919] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 88.732673][ T6919] EXT4-fs error (device loop3): ext4_clear_blocks:876: inode #13: comm syz.3.1091: attempt to clear invalid blocks 2 len 1 [ 88.783445][ T6919] EXT4-fs (loop3): Remounting filesystem read-only [ 88.790695][ T6919] EXT4-fs (loop3): 1 truncate cleaned up [ 88.796627][ T6927] loop4: detected capacity change from 0 to 512 [ 88.797013][ T6919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.815981][ T6927] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 88.817855][ T6919] EXT4-fs (loop3): Quota file not on filesystem root. Journaled quota will not work [ 88.826953][ T6927] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.1094: iget: bogus i_mode (5) [ 88.845349][ T6927] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1094: couldn't read orphan inode 15 (err -117) [ 88.857748][ T6927] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.870190][ T6927] ext2 filesystem being mounted at /213/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.891021][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.951040][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.979942][ T6939] @: renamed from vlan0 [ 89.018840][ T6943] loop4: detected capacity change from 0 to 2048 [ 89.033302][ T6943] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.050830][ T6943] EXT4-fs error (device loop4): ext4_find_extent:939: inode #2: comm syz.4.1100: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 89.096517][ T6943] EXT4-fs (loop4): Remounting filesystem read-only [ 89.105764][ T6943] xt_hashlimit: max too large, truncated to 1048576 [ 89.153427][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.223323][ T6959] loop4: detected capacity change from 0 to 1764 [ 89.253524][ T6959] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 89.293595][ T6963] loop1: detected capacity change from 0 to 512 [ 89.312390][ T6963] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 89.348143][ T6963] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.369472][ T6963] ext4 filesystem being mounted at /229/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.386181][ T6972] loop3: detected capacity change from 0 to 2048 [ 89.445543][ T6972] loop3: p2 p3 < > p4 < p5 > [ 89.450309][ T6972] loop3: partition table partially beyond EOD, truncated [ 89.481839][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.497420][ T6972] loop3: p3 start 4284289 is beyond EOD, truncated [ 89.555727][ T6985] __nla_validate_parse: 7 callbacks suppressed [ 89.555750][ T6985] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1119'. [ 89.598799][ T6985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.617317][ T6997] random: crng reseeded on system resumption [ 89.649983][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1125'. [ 89.737676][ T7011] loop3: detected capacity change from 0 to 512 [ 89.766256][ T7011] EXT4-fs error (device loop3): ext4_orphan_get:1419: comm syz.3.1123: bad orphan inode 11 [ 89.784780][ T7011] ext4_test_bit(bit=10, block=4) = 1 [ 89.790163][ T7011] is_bad_inode(inode)=0 [ 89.794562][ T7011] NEXT_ORPHAN(inode)=2080374784 [ 89.799518][ T7011] max_ino=32 [ 89.802900][ T7011] i_nlink=0 [ 89.806373][ T7011] EXT4-fs (loop3): 1 truncate cleaned up [ 89.812776][ T7011] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.852038][ T7017] syzkaller0: entered promiscuous mode [ 89.857586][ T7017] syzkaller0: entered allmulticast mode [ 90.018258][ T7041] loop2: detected capacity change from 0 to 512 [ 90.019047][ T7041] EXT4-fs (loop2): invalid inodes per group: 393248 [ 90.019047][ T7041] [ 90.037622][ T7041] loop2: detected capacity change from 0 to 2048 [ 90.053279][ T7044] bridge: RTM_NEWNEIGH with invalid ether address [ 90.067025][ T7041] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.079399][ T7041] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 90.112953][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.139664][ T29] kauditd_printk_skb: 351 callbacks suppressed [ 90.139682][ T29] audit: type=1326 audit(1750083997.054:2437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7047 comm="syz.1.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.169398][ T29] audit: type=1326 audit(1750083997.054:2438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7047 comm="syz.1.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.208447][ T29] audit: type=1326 audit(1750083997.054:2439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7047 comm="syz.1.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.232304][ T29] audit: type=1326 audit(1750083997.054:2440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7047 comm="syz.1.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.232339][ T29] audit: type=1326 audit(1750083997.054:2441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7047 comm="syz.1.1136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.232843][ T29] audit: type=1326 audit(1750083997.124:2442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7049 comm="syz.1.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.232878][ T29] audit: type=1326 audit(1750083997.124:2443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7049 comm="syz.1.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.232910][ T29] audit: type=1326 audit(1750083997.124:2444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7049 comm="syz.1.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.232943][ T29] audit: type=1326 audit(1750083997.124:2445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7049 comm="syz.1.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.233007][ T29] audit: type=1326 audit(1750083997.124:2446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7049 comm="syz.1.1138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33a6ee929 code=0x7ffc0000 [ 90.468317][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.468967][ T7057] pim6reg1: entered promiscuous mode [ 90.468988][ T7057] pim6reg1: entered allmulticast mode [ 90.535937][ T7065] loop1: detected capacity change from 0 to 128 [ 90.634459][ T7065] syz.1.1144: attempt to access beyond end of device [ 90.634459][ T7065] loop1: rw=0, sector=121, nr_sectors = 120 limit=128 [ 90.675374][ T4986] kworker/u8:8: attempt to access beyond end of device [ 90.675374][ T4986] loop1: rw=1, sector=241, nr_sectors = 800 limit=128 [ 90.690811][ T7078] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1150'. [ 90.704654][ T7081] veth1_to_bond: entered allmulticast mode [ 90.710660][ T7081] veth1_to_bond: entered promiscuous mode [ 90.719764][ T7081] veth1_to_bond: left promiscuous mode [ 90.725524][ T7081] veth1_to_bond: left allmulticast mode [ 90.799488][ T7078] vlan1: entered allmulticast mode [ 90.799599][ T7078] bond1: entered allmulticast mode [ 90.961215][ T7109] netlink: 'syz.0.1164': attribute type 4 has an invalid length. [ 91.051476][ T7119] loop1: detected capacity change from 0 to 1024 [ 91.064656][ T7119] EXT4-fs: Ignoring removed nomblk_io_submit option [ 91.100468][ T7127] loop2: detected capacity change from 0 to 1024 [ 91.107627][ T7119] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.117988][ T7127] EXT4-fs: Ignoring removed nobh option [ 91.125452][ T7127] EXT4-fs: Ignoring removed bh option [ 91.145806][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.157146][ T7127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.233716][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.277040][ T7133] random: crng reseeded on system resumption [ 91.435449][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1180'. [ 91.693108][ T7179] loop1: detected capacity change from 0 to 8192 [ 91.755890][ T7191] batadv_slave_1: entered promiscuous mode [ 91.781323][ T7194] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1196'. [ 91.792009][ T7194] netlink: 'syz.0.1196': attribute type 9 has an invalid length. [ 91.799804][ T7194] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1196'. [ 91.809113][ T7194] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1196'. [ 91.819596][ T7190] batadv_slave_1: left promiscuous mode [ 91.941407][ T7201] loop4: detected capacity change from 0 to 256 [ 91.952657][ T7201] FAT-fs (loop4): bogus number of FAT sectors [ 91.958871][ T7201] FAT-fs (loop4): Can't find a valid FAT filesystem [ 92.006919][ T7204] netlink: 'syz.0.1200': attribute type 1 has an invalid length. [ 92.014752][ T7204] netlink: 'syz.0.1200': attribute type 4 has an invalid length. [ 92.022527][ T7204] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1200'. [ 92.057689][ T7205] netlink: 'syz.0.1200': attribute type 1 has an invalid length. [ 92.065668][ T7205] netlink: 'syz.0.1200': attribute type 4 has an invalid length. [ 92.073542][ T7205] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1200'. [ 92.521866][ T7233] loop4: detected capacity change from 0 to 8192 [ 92.532382][ T7237] tipc: Enabled bearer , priority 0 [ 92.556265][ T7237] syzkaller0: MTU too low for tipc bearer [ 92.562140][ T7237] tipc: Disabling bearer [ 93.244265][ T6246] ================================================================== [ 93.252394][ T6246] BUG: KCSAN: data-race in copy_folio_from_iter_atomic / fat16_ent_put [ 93.260665][ T6246] [ 93.262999][ T6246] write to 0xffff8881235beb68 of 2 bytes by task 7249 on cpu 0: [ 93.270641][ T6246] fat16_ent_put+0x28/0x60 [ 93.275090][ T6246] fat_ent_write+0x6c/0xe0 [ 93.279528][ T6246] fat_chain_add+0x15b/0x3f0 [ 93.284148][ T6246] fat_get_block+0x46c/0x5e0 [ 93.288759][ T6246] __block_write_begin_int+0x400/0xf90 [ 93.294274][ T6246] cont_write_begin+0x5fc/0x970 [ 93.299148][ T6246] fat_write_begin+0x4f/0xe0 [ 93.303766][ T6246] generic_perform_write+0x184/0x490 [ 93.309068][ T6246] __generic_file_write_iter+0x9e/0x120 [ 93.314631][ T6246] generic_file_write_iter+0x8d/0x2f0 [ 93.320028][ T6246] vfs_write+0x4a0/0x8e0 [ 93.324297][ T6246] __x64_sys_pwrite64+0xfd/0x150 [ 93.329264][ T6246] x64_sys_call+0xe45/0x2fb0 [ 93.333876][ T6246] do_syscall_64+0xd2/0x200 [ 93.338395][ T6246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.344304][ T6246] [ 93.346635][ T6246] read to 0xffff8881235bea00 of 512 bytes by task 6246 on cpu 1: [ 93.354362][ T6246] copy_folio_from_iter_atomic+0x7fc/0x1170 [ 93.360273][ T6246] generic_perform_write+0x2c2/0x490 [ 93.365573][ T6246] shmem_file_write_iter+0xc5/0xf0 [ 93.370704][ T6246] lo_rw_aio+0x6ed/0x7a0 [ 93.374974][ T6246] loop_process_work+0x52d/0xa60 [ 93.379939][ T6246] loop_workfn+0x31/0x40 [ 93.384208][ T6246] process_scheduled_works+0x4ce/0x9d0 [ 93.389692][ T6246] worker_thread+0x582/0x770 [ 93.394311][ T6246] kthread+0x486/0x510 [ 93.398398][ T6246] ret_from_fork+0xda/0x150 [ 93.402923][ T6246] ret_from_fork_asm+0x1a/0x30 [ 93.407703][ T6246] [ 93.410033][ T6246] Reported by Kernel Concurrency Sanitizer on: [ 93.416203][ T6246] CPU: 1 UID: 0 PID: 6246 Comm: kworker/u8:61 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(voluntary) [ 93.427159][ T6246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.437249][ T6246] Workqueue: loop4 loop_workfn [ 93.442045][ T6246] ==================================================================