last executing test programs: 2.062684183s ago: executing program 3 (id=518): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{r1}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x1c}, 0x1c}}, 0x0) 2.034254795s ago: executing program 3 (id=519): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0xa0000004}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000140)={0xa0000001}) epoll_wait(r3, &(0x7f0000000280)=[{}], 0x1, 0x4000005) close_range(r0, 0xffffffffffffffff, 0x0) ptrace(0x10, 0x0) 1.867458258s ago: executing program 0 (id=527): memfd_create(0x0, 0x0) unshare(0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5, 0x0, 0x7e, 0x2) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 1.867313428s ago: executing program 3 (id=528): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r0}, 0x0, &(0x7f00000004c0)='%pI4 \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010001fff00000000000000f6ff060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32], 0x40}}, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r2) sendmsg$TIPC_CMD_SET_LINK_PRI(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r4, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x7, @link='broadcast-link\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40004) 1.71887625s ago: executing program 2 (id=529): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 1.441273973s ago: executing program 2 (id=532): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008900000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1}, 0x57) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000200000000000000000000000850000004100000095000000000000004be98911ed5a3cf4451d51e400827eef4df9eb3fd52b8f0a456c3a6cfd127868ad3fe3f9a9b946c97f9fc091e4c3f4b0a0d7ed298717a480c48868562f04005972b6a5265519fee4cb1b8b93f0b164770fd40c7a8060ce72beff7cda177e28a1a97b2c8c56a3f15b2f7a9b7ae2cf52d08555d3c3315e95095217bff8c9441a45fd00000000000000979ed4e35d21d13d428af521c553b9420385390207dc1634aee0244045e5c380e6090329d37b29a56c16d5c7bee160b91246bd2c205047bd92581165c774b1fd46072c161f1d33e6d5c1a5db7a714e3ed5468408f279bd9f98ec3c5ffd79cd37810f03000000b65d147fa05253a600adfb03775847b220369339529d434f3190c81c3dd501a780cfaaaa916c8a33ee4b52d18e160428893f33d206d3a7195e7f69c831099bdc940000aa2c2e61509bf6c58b100000000000000000000000005e3210346531c1eb14fbec6eb35d6f3e3853512c6bf186bd8b75d17aeeaa07"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r3, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000640)={@empty, @broadcast, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x3, 0x18, 0x2c, 0x66, 0x0, 0x1, 0x6, 0x0, @broadcast, @rand_addr=0x64010102}, @payload_conn={{{0x18, 0x0, 0x1, 0x1, 0x1, 0x6, 0x0, 0x2, 0x78f6, 0x0, 0x0, 0x1, 0x3, 0x0, 0xa, 0xe, 0x4, 0x4e21, 0x4e20}}}}}}}, 0x0) 1.441093003s ago: executing program 3 (id=534): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x41, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r3, 0x1276, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000001, 0x31, 0xffffffffffffffff, 0x0) 1.440799963s ago: executing program 0 (id=536): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x1}, 0x18) move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) 1.410610866s ago: executing program 2 (id=543): bpf$MAP_CREATE(0x0, 0x0, 0x48) syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) r0 = syz_io_uring_setup(0x42e6, &(0x7f00000002c0)={0x0, 0x5eda, 0x10100, 0x6, 0x25d}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpu.stat\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_SPLICE={0x1e, 0x2b, 0x0, @fd_index=0x7, 0x80000001, {}, 0x7}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x49, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x7330, 0x0, 0x0, 0x0, 0x0) 1.329642292s ago: executing program 0 (id=539): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x77359400}, 0x0) 1.219725851s ago: executing program 4 (id=541): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x800002, &(0x7f0000000300)={[{@nomblk_io_submit}, {@nogrpid}, {@noinit_itable}, {@nogrpid}, {@block_validity}, {@errors_continue}, {@nojournal_checksum}, {@acl}, {@jqfmt_vfsold}, {@jqfmt_vfsv0}, {@data_err_ignore}]}, 0x3, 0x587, &(0x7f0000001300)="$eJzs3V9rW+UfAPDvSdP9/f1cB2OoiBR24USXrq1/JngxL0WHA72foY1lNF1Gk461DrZduBtvZAgiDsR7vfdy7A34KgY6GDKKXngTOclJl7YnbbZ1S2c+Hzjt8+Q5yXO+55znyXPynJAAhtZ4+qcQ8VJEfJNEHOoqK0ZWON5eb/XBlZl0SaLZ/PTPJJLssWK2fpL9P5hlXoyIO19FvFHYXG99eWW+XK1WFrP8RGPh4kR9eeXE+YXyXGWucmFqevrU29NT7737zo7F+vrZv7//5PaHp74+tvrdL/cO30zidPwvK0vj2LB6oSukfl3rzozHePYCo3F6w4qTj7rxu1Rn/z3qjmJ3GMna+WikfcChGInioDcJeEauRkQTGFKJ9g9DqjMO6Fzb51wH/6fd/6B9AbQ5/mL7s5HY17o2OrCarLsySq93x3ag/rSOX/+4dTNdIv9ziI2SDR8zADyWa9cj4mSxuLn/S7L+7/Gd7GOdjXUM2/sPDNLtdPzzZt74p7A2/omc8c/BnLb7OLZv/4V7O1BNT+n47/3c8e/apNXYSJb7f2vMN5p8cb5aSfu2FyLieIzuTfNbzeecWr3b7FXWPf5Ll7T+zlgw2457xb3rnzNbbpSfJOZu969HvJw7/k3Wjn+Sc/zT/XG2zzqOVm692qts+/ifruZPEa9FxJ097Xx3/B3J1vOTE63zYaJzVmz2142jv61lVteXDTr+9PgfyD3/1+Lfn/1vz9fWH72OH/f9U4nm1dyybeNPIvLO/z3JZ610dtjicrnRWJyM2JN8vPnxqYfP7eQ766fxHz+2df+Xd/6nO+XzPuO/ceTnV3qV5cRfeNbHf3br4z+WtObr014wPf6difv+E3c/+vKHXvWvi/9a9Oj/3mqljmeP9NP/9buBT7LvAAAAAAAAYLcptL7DmRRKa+lCoVRq399xpDUz3LrXdOnCbPu7nmMxWujMdB/quh9iMrsftpOf2pCfjojDEfHtyP5WvjRTq84OOngAAAAAAAAAAAAAAAAAAADYJQ72+P5/6veRQW8d8NT5yW8YXtu2/534pSdgV/L+D8NL+4fhpf3D8NL+YXhp/zC8svZvuh+GkPd/GF7aPwAAAAAAAAAAAAAAAAAAAAAAAAAAAOyos2fOpEtz9cGVmTQ/e2l5ab526cRspT5fWliaKc3UFi+W5mq1uWqlNFNb2O71qrXaxcmpWLo80ajUGxP15ZVzC7WlC41z5xfKc5VzldFnEhUAAAAAAAAAAAAAAAAAAAA8X+rLK/PlarWyKPEcJwoxuNqLu2UnSOxoYtA9EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA89G8AAAD//2JwLmY=") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x18) io_uring_setup(0x1d48, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r2 = fspick(r1, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 1.078893632s ago: executing program 4 (id=542): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x3a, 0xe, 0x0, &(0x7f0000000200)="e460cdfbef2408322900119386dd", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffd}, 0x50) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x90, 0x24, 0x4ee4e6a52ff56741, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xf}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x60, 0x2, {{0x9, 0x2, 0x8, 0x0, 0x1f69521d}, [@TCA_NETEM_RATE64={0xc, 0x8, 0x803203b50b69e52d}, @TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_JITTER64={0xc, 0xb, 0x7}, @TCA_NETEM_RATE={0x14, 0x6, {0x80000001, 0x2, 0x2c9, 0x9}}, @TCA_NETEM_CORR={0x10, 0x1, {0x7f, 0x81, 0x5}}]}}}]}, 0x90}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000006c0)={'syztnl0\x00', &(0x7f0000000640)={'syztnl2\x00', r2, 0x0, 0x9c, 0x9, 0x8, 0x22, @mcast2, @empty, 0x20, 0x20, 0x120, 0xfffeffff}}) 1.076048322s ago: executing program 4 (id=544): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r2) 1.049783654s ago: executing program 4 (id=545): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, &(0x7f0000000c40)=[{}, {0x0, 0x4}, {0x0, 0x4, 0x10009, 0x5}], 0x10, 0xfffffff7}, 0x94) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803002d000b12d25a80648c2594f90124fc60100c020000040000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 1.021474737s ago: executing program 1 (id=546): syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7fe, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x2}, r1, 0xb}}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0xe3b9}, 0x18) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r5], 0x2c}}, 0x0) 910.971506ms ago: executing program 1 (id=547): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r2 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) openat$incfs(0xffffffffffffff9c, 0x0, 0x410000, 0x80) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x6) symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r3, &(0x7f0000000080)='./file0\x00') readlinkat(r3, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000780)=""/198, 0xc6) 910.818826ms ago: executing program 1 (id=548): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) 894.875837ms ago: executing program 1 (id=549): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000400)={0xa}) epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) 756.110078ms ago: executing program 2 (id=550): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x4}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2060, 0x0) fcntl$setlease(r3, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000040), 0x0, 0x0, 0x0) fremovexattr(r3, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00') 726.12722ms ago: executing program 2 (id=551): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffb, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, 0x0, 0x4000008) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @multicast2}}, 0x5, 0x0, 0xffffffff, 0x0, 0x20, 0x0, 0x2}, 0x9c) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r3, 0x0, 0x10000000000ac6}, 0x18) syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000001340)=0x0, &(0x7f0000000140)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000000)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x2, 0x0, 0x1, 0x20, 0x1}) io_uring_enter(r0, 0x47fb, 0x0, 0x0, 0x0, 0x0) 501.897669ms ago: executing program 0 (id=552): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r1 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0xa0000004}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000140)={0xa0000001}) epoll_wait(r3, &(0x7f0000000280)=[{}], 0x1, 0x4000005) close_range(r0, 0xffffffffffffffff, 0x0) ptrace(0x10, 0x0) 501.746949ms ago: executing program 2 (id=553): r0 = socket$igmp(0x2, 0x3, 0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="74000000020601030000000000000000020000080c000300686173683a6970000e0003006269746d61703a69700000000500040003000000050005000a0000000900020073797a320000000032000300686173683a6e65742c706f72740000000900020073797a30000000000500010007000000"], 0x74}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000800) socket$phonet_pipe(0x23, 0x5, 0x2) ptrace(0x10, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='sched_switch\x00', r1, 0x0, 0x2}, 0x18) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f00000009c0)={[{@errors_remount}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x2, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=") ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ptrace(0x10, 0x0) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000200)={0x1, 0x1, 0x5, 0x0, @vifc_lcl_addr=@multicast1, @multicast2}, 0x10) 501.573199ms ago: executing program 3 (id=554): openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0, 0x0, 0x4}, 0x18) syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0x3204400, &(0x7f0000000300)=ANY=[@ANYRES32=r0], 0x1, 0x282, &(0x7f0000000c00)="$eJzs281qE10cx/FfX56nb7aJVqutiH90o5uhjVcQSgtiQKmN+ALC1E40ZJqUTKhExHbn1q1XIBSX7gTxBrrxCly468ZlF+JIZ2KbtBGtoGOb72dz/uHML5yTcyacxczm7RdLpULgFNyaurtMvVK/tqS0utWjWFej7Y7q/9VsTZdHcx/P3bxz91o2l5uZM5vNzl/JmNnI+XePn76+8L42dOvNyNs+baTvb37OfNoY2xjf/Dr/qBhYMbBypWauLVQqNXfB92yxGJQcsxu+5waeFcuBV23pL/iV5eW6ueXF4cHlqhcE5pbrVvLqVqtYrVo396FbLJvjODY8KPxMfn1uzs0mPQr8WdVq1p2WNLGvJ7+eyIAAAECi2pz/1zj/dwrO/51g+/x/r3H/tuL8DwAAAAAAAAAAAAAAAAAAAADAYbAVhqkwDFPf2/+k6A2fsPF5QNKgpCFJxyQNSxqRlJKUlnRc0glJo5JOSjolaUzSaUlnJI03fVfSc8V+yaz/QJJTRhPu/87G+ne2phd3+6Wl5yv5lXzcxv3Zgory5WlSKX2J1rIhrmev5mYmLZLW2aXVRn51Jd/Tmp9SanvDtMtPxXlrzfdF+24nn1Fqe4PF2Zct+UzbfL8uXWzKO0rpwwNV5Gsx2pO7+WdTZtPXc3vyE9F1R51jO9qun+P8qD/OH2B/7Pl9ezXRm+zcIQX1JyXX970qBcVRKF7pnxjG4S+S/mfC37C76EmPBAAAAAAAAAAAAAAAAABwEL/7hGC4Gud/5eKk5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwF7fAgAA//+tvV1C") pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r2, &(0x7f0000002a80)=[{&(0x7f0000000240)="1b", 0x1}], 0x1) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r5, 0x0, 0xf3a, 0x0) splice(r1, 0x0, r5, 0x0, 0x80, 0x8) write(r3, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 346.328792ms ago: executing program 3 (id=555): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NET_GET(r3, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000240), r2) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x110c230000, 0x3, 0x2}) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) 314.431374ms ago: executing program 0 (id=556): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='page_pool_release\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x2, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, 0x0, 0x240008c4) 238.98996ms ago: executing program 0 (id=557): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)) mkdir(&(0x7f0000000640)='./file0\x00', 0x77) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000280), 0x0, 0x0) read$hiddev(r2, &(0x7f0000000600)=""/98, 0x62) 183.708935ms ago: executing program 4 (id=558): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) sync() 45.229556ms ago: executing program 4 (id=559): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002140)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="00e2db00002100000000000000000000007d2a07b4078303e75e1ca99de237a8e67a253ba3248a8725e8000000d4e804a5b67a2630cbd439c561d6a016d04a4d2665026726bc8e4ec8358d9f02a1de78646618510e298fdadd0e9145543f12f0b46fce58dd09088fb72463a48df7f8ca78f080d6f5994bd004e991c1e51f5191ace7ea13b017440e000000000000001000000000f60bcbf9c8ccd710ec3a7668124a0ec1f8bdb1c5ca7d2f4a88a1259b14291c5dfdd87bdc7b3bf710c2d7a5a3fb5b3182328ffb54649ccc5e11a32d3ef0a484", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50) connect$unix(0xffffffffffffffff, 0x0, 0x0) unshare(0x28020480) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = mq_open(&(0x7f0000000040)='!se\xf7ih,\x17i\xacP\xe6lNnuxselinux\x00', 0x6e93ebbbcc0884f2, 0x2, &(0x7f0000000300)={0x0, 0x1, 0x6}) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) 30.699017ms ago: executing program 1 (id=560): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0}, 0x94) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) setns(r3, 0x24020000) 0s ago: executing program 1 (id=561): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0200000004000000080000000100"], 0x50) r0 = socket(0x1f, 0x1, 0x5) setsockopt$MRT6_DONE(r0, 0x29, 0xc9, 0x12, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r2, &(0x7f0000004200)='t', 0x1) sendfile(r2, r1, 0x0, 0x3ffff) sendfile(r2, r1, 0x0, 0x7ffff000) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000001c0)=ANY=[], 0x30}}], 0x1, 0x4c0c0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts. [ 26.848842][ T29] audit: type=1400 audit(1754868074.649:62): avc: denied { mounton } for pid=3259 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.849944][ T3259] cgroup: Unknown subsys name 'net' [ 26.871672][ T29] audit: type=1400 audit(1754868074.649:63): avc: denied { mount } for pid=3259 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.899030][ T29] audit: type=1400 audit(1754868074.679:64): avc: denied { unmount } for pid=3259 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.047024][ T3259] cgroup: Unknown subsys name 'cpuset' [ 27.053326][ T3259] cgroup: Unknown subsys name 'rlimit' [ 27.165302][ T29] audit: type=1400 audit(1754868074.959:65): avc: denied { setattr } for pid=3259 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.189619][ T29] audit: type=1400 audit(1754868074.969:66): avc: denied { create } for pid=3259 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.210286][ T29] audit: type=1400 audit(1754868074.969:67): avc: denied { write } for pid=3259 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.219148][ T3292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.230717][ T29] audit: type=1400 audit(1754868074.969:68): avc: denied { read } for pid=3259 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.259594][ T29] audit: type=1400 audit(1754868074.969:69): avc: denied { mounton } for pid=3259 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.284432][ T29] audit: type=1400 audit(1754868074.969:70): avc: denied { mount } for pid=3259 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.295328][ T3259] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.307822][ T29] audit: type=1400 audit(1754868075.049:71): avc: denied { relabelto } for pid=3292 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.517151][ T3308] chnl_net:caif_netlink_parms(): no params data found [ 28.533490][ T3305] chnl_net:caif_netlink_parms(): no params data found [ 28.570003][ T3299] chnl_net:caif_netlink_parms(): no params data found [ 28.578901][ T3303] chnl_net:caif_netlink_parms(): no params data found [ 28.634829][ T3300] chnl_net:caif_netlink_parms(): no params data found [ 28.689149][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.696208][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.703410][ T3308] bridge_slave_0: entered allmulticast mode [ 28.710652][ T3308] bridge_slave_0: entered promiscuous mode [ 28.717261][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.724568][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.731723][ T3308] bridge_slave_1: entered allmulticast mode [ 28.738250][ T3308] bridge_slave_1: entered promiscuous mode [ 28.744488][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.751648][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.758778][ T3305] bridge_slave_0: entered allmulticast mode [ 28.765110][ T3305] bridge_slave_0: entered promiscuous mode [ 28.798739][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.805821][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.813083][ T3305] bridge_slave_1: entered allmulticast mode [ 28.819517][ T3305] bridge_slave_1: entered promiscuous mode [ 28.833575][ T3299] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.840702][ T3299] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.847826][ T3299] bridge_slave_0: entered allmulticast mode [ 28.854353][ T3299] bridge_slave_0: entered promiscuous mode [ 28.860840][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.867928][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.875021][ T3303] bridge_slave_0: entered allmulticast mode [ 28.881671][ T3303] bridge_slave_0: entered promiscuous mode [ 28.889409][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.898551][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.905667][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.912921][ T3303] bridge_slave_1: entered allmulticast mode [ 28.919288][ T3303] bridge_slave_1: entered promiscuous mode [ 28.933102][ T3299] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.940189][ T3299] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.947336][ T3299] bridge_slave_1: entered allmulticast mode [ 28.953708][ T3299] bridge_slave_1: entered promiscuous mode [ 28.961082][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.985680][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.996043][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.020982][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.031168][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.056480][ T3299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.075290][ T3300] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.082385][ T3300] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.089598][ T3300] bridge_slave_0: entered allmulticast mode [ 29.096056][ T3300] bridge_slave_0: entered promiscuous mode [ 29.103182][ T3308] team0: Port device team_slave_0 added [ 29.109879][ T3299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.119633][ T3308] team0: Port device team_slave_1 added [ 29.131188][ T3305] team0: Port device team_slave_0 added [ 29.137757][ T3303] team0: Port device team_slave_0 added [ 29.143593][ T3300] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.150784][ T3300] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.158068][ T3300] bridge_slave_1: entered allmulticast mode [ 29.164592][ T3300] bridge_slave_1: entered promiscuous mode [ 29.181602][ T3305] team0: Port device team_slave_1 added [ 29.192761][ T3303] team0: Port device team_slave_1 added [ 29.208977][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.216004][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.241955][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.262719][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.269682][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.295646][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.318167][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.327504][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.334485][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.360963][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.372373][ T3299] team0: Port device team_slave_0 added [ 29.378333][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.385271][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.411188][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.428253][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.441015][ T3299] team0: Port device team_slave_1 added [ 29.449298][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.456290][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.482286][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.514919][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.521906][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.547847][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.567667][ T3300] team0: Port device team_slave_0 added [ 29.574570][ T3300] team0: Port device team_slave_1 added [ 29.587709][ T3299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.594751][ T3299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.620796][ T3299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.632494][ T3299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.639520][ T3299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.665434][ T3299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.706572][ T3308] hsr_slave_0: entered promiscuous mode [ 29.712635][ T3308] hsr_slave_1: entered promiscuous mode [ 29.745459][ T3305] hsr_slave_0: entered promiscuous mode [ 29.751607][ T3305] hsr_slave_1: entered promiscuous mode [ 29.757587][ T3305] debugfs: 'hsr0' already exists in 'hsr' [ 29.763344][ T3305] Cannot create hsr debugfs directory [ 29.775170][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.782189][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.808211][ T3300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.821212][ T3303] hsr_slave_0: entered promiscuous mode [ 29.827206][ T3303] hsr_slave_1: entered promiscuous mode [ 29.833297][ T3303] debugfs: 'hsr0' already exists in 'hsr' [ 29.839137][ T3303] Cannot create hsr debugfs directory [ 29.846900][ T3299] hsr_slave_0: entered promiscuous mode [ 29.852916][ T3299] hsr_slave_1: entered promiscuous mode [ 29.858789][ T3299] debugfs: 'hsr0' already exists in 'hsr' [ 29.864507][ T3299] Cannot create hsr debugfs directory [ 29.880359][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.887337][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.913304][ T3300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.970742][ T3300] hsr_slave_0: entered promiscuous mode [ 29.977663][ T3300] hsr_slave_1: entered promiscuous mode [ 29.983454][ T3300] debugfs: 'hsr0' already exists in 'hsr' [ 29.989204][ T3300] Cannot create hsr debugfs directory [ 30.159026][ T3305] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.168041][ T3305] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.176898][ T3305] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.185817][ T3305] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.212833][ T3308] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.230384][ T3308] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.240059][ T3308] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.249089][ T3308] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.276841][ T3303] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.295291][ T3303] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.304788][ T3303] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.314710][ T3303] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.352775][ T3299] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.365836][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.376573][ T3299] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.390367][ T3299] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.400133][ T3299] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.413828][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.443271][ T3305] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.456038][ T322] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.463198][ T322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.472761][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.487767][ T3300] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.497672][ T3300] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.506821][ T3300] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.516335][ T3300] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.528453][ T322] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.535512][ T322] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.556739][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.563883][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.572930][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.580019][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.599012][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.641364][ T3303] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.657426][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.672682][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.679762][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.688588][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.695657][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.710824][ T3305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.764245][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.782212][ T3299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.791411][ T3300] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.804458][ T3299] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.816221][ T1084] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.823315][ T1084] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.845137][ T3300] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 30.855614][ T3300] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 30.869128][ T1084] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.876194][ T1084] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.892929][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.900084][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.910241][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.928753][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.935836][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.959921][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.985518][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.000781][ T3299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.031143][ T3300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.148014][ T3299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.162911][ T3305] veth0_vlan: entered promiscuous mode [ 31.184406][ T3308] veth0_vlan: entered promiscuous mode [ 31.203146][ T3305] veth1_vlan: entered promiscuous mode [ 31.216421][ T3308] veth1_vlan: entered promiscuous mode [ 31.232617][ T3303] veth0_vlan: entered promiscuous mode [ 31.255314][ T3305] veth0_macvtap: entered promiscuous mode [ 31.264973][ T3305] veth1_macvtap: entered promiscuous mode [ 31.278170][ T3303] veth1_vlan: entered promiscuous mode [ 31.291268][ T3308] veth0_macvtap: entered promiscuous mode [ 31.309306][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.319079][ T3303] veth0_macvtap: entered promiscuous mode [ 31.331643][ T3308] veth1_macvtap: entered promiscuous mode [ 31.340223][ T3303] veth1_macvtap: entered promiscuous mode [ 31.360921][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.369842][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.377646][ T3299] veth0_vlan: entered promiscuous mode [ 31.392234][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.402845][ T3434] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.412998][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.422082][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.431502][ T3299] veth1_vlan: entered promiscuous mode [ 31.437738][ T263] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.476984][ T263] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.493495][ T263] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.511064][ T3300] veth0_vlan: entered promiscuous mode [ 31.520034][ T263] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.531847][ T3303] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.537205][ T3299] veth0_macvtap: entered promiscuous mode [ 31.560619][ T263] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.572892][ T3299] veth1_macvtap: entered promiscuous mode [ 31.580102][ T3300] veth1_vlan: entered promiscuous mode [ 31.609960][ T263] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.621901][ T3299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.654082][ T3300] veth0_macvtap: entered promiscuous mode [ 31.667066][ T263] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.675877][ T263] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.690423][ T3300] veth1_macvtap: entered promiscuous mode [ 31.697036][ T263] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.705829][ T263] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.715360][ T3299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.722739][ T3475] tipc: Started in network mode [ 31.727749][ T3475] tipc: Node identity ac141413, cluster identity 4711 [ 31.734698][ T3475] tipc: New replicast peer: 10.1.1.2 [ 31.740211][ T3475] tipc: Enabled bearer , priority 10 [ 31.749326][ T263] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.765416][ T263] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.780787][ T263] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.791160][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.814177][ T3480] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6'. [ 31.828223][ T263] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.839517][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.861959][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 31.861974][ T29] audit: type=1326 audit(1754868079.659:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 31.891314][ T29] audit: type=1326 audit(1754868079.659:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 31.955498][ T29] audit: type=1326 audit(1754868079.669:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 31.978596][ T29] audit: type=1326 audit(1754868079.669:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.001813][ T29] audit: type=1326 audit(1754868079.669:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.002761][ T3482] loop3: detected capacity change from 0 to 8192 [ 32.024913][ T29] audit: type=1326 audit(1754868079.669:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.054441][ T29] audit: type=1326 audit(1754868079.669:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.077547][ T29] audit: type=1326 audit(1754868079.669:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.100701][ T29] audit: type=1326 audit(1754868079.669:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.123803][ T29] audit: type=1326 audit(1754868079.669:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.3.8" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 32.150700][ T3478] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 32.169022][ T263] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.222615][ T263] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.256010][ T1084] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.275240][ T3494] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.310756][ T1084] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.330714][ T3496] bridge1: entered allmulticast mode [ 32.356503][ T1084] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.389756][ T3503] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 32.454803][ T3512] loop2: detected capacity change from 0 to 764 [ 32.573322][ T3518] loop4: detected capacity change from 0 to 1024 [ 32.590114][ T3518] ======================================================= [ 32.590114][ T3518] WARNING: The mand mount option has been deprecated and [ 32.590114][ T3518] and is ignored by this kernel. Remove the mand [ 32.590114][ T3518] option from the mount to silence this warning. [ 32.590114][ T3518] ======================================================= [ 32.651918][ T3518] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 32.685669][ T3518] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.18: Allocating blocks 449-513 which overlap fs metadata [ 32.724219][ T3518] SELinux: Context @ is not valid (left unmapped). [ 32.731672][ T3518] EXT4-fs (loop4): pa ffff888107278070: logic 48, phys. 177, len 21 [ 32.739742][ T3518] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 32.763969][ T3518] syz.4.18 (3518) used greatest stack depth: 10568 bytes left [ 32.775134][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.831479][ T3534] tipc: Started in network mode [ 32.836484][ T3534] tipc: Node identity 1a237ddc8de2, cluster identity 4711 [ 32.843661][ T3534] tipc: Enabled bearer , priority 0 [ 32.854087][ T3534] D: renamed from syzkaller0 [ 32.860757][ T3534] tipc: Disabling bearer [ 32.876566][ T3380] tipc: Node number set to 2886997011 [ 32.999343][ T3503] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.035565][ T3541] netlink: 277 bytes leftover after parsing attributes in process `syz.4.26'. [ 33.230804][ T3494] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.427293][ T3548] loop2: detected capacity change from 0 to 2048 [ 33.439822][ T3548] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.452795][ T3548] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.468990][ T3548] EXT4-fs error (device loop2): ext4_free_inode:354: comm syz.2.28: bit already cleared for inode 15 [ 33.581338][ T3503] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 33.800737][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.837173][ T3556] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.968732][ T3564] netlink: 5 bytes leftover after parsing attributes in process `syz.2.34'. [ 33.978143][ T3564] 0XD: renamed from gretap0 (while UP) [ 33.989515][ T3564] 0XD: entered allmulticast mode [ 33.995269][ T3564] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 34.036167][ T3566] netlink: 'syz.4.35': attribute type 1 has an invalid length. [ 34.046300][ T3566] netlink: 4 bytes leftover after parsing attributes in process `syz.4.35'. [ 34.311036][ T3503] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.368057][ T322] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.384147][ T322] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.395451][ T322] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.404273][ T322] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.431609][ T3571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.37'. [ 34.463437][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 34.471319][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 34.483516][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 34.490992][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 34.530803][ T3494] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.557141][ T3583] loop0: detected capacity change from 0 to 1024 [ 34.563443][ T3581] loop4: detected capacity change from 0 to 2048 [ 34.565728][ T3583] EXT4-fs: Ignoring removed orlov option [ 34.594491][ T3581] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 34.618152][ T3583] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.637049][ T3583] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.699963][ T3494] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 34.720629][ T3592] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 34.743448][ T3434] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.746381][ T3592] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1774 with error 28 [ 34.764142][ T3592] EXT4-fs (loop4): This should not happen!! Data will be lost [ 34.764142][ T3592] [ 34.764622][ T322] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.773790][ T3592] EXT4-fs (loop4): Total free blocks count 0 [ 34.773808][ T3592] EXT4-fs (loop4): Free/Dirty block details [ 34.773822][ T3592] EXT4-fs (loop4): free_blocks=2415919104 [ 34.773837][ T3592] EXT4-fs (loop4): dirty_blocks=1776 [ 34.804153][ T322] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.805022][ T3592] EXT4-fs (loop4): Block reservation details [ 34.805035][ T3592] EXT4-fs (loop4): i_reserved_data_blocks=111 [ 34.849011][ T3597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'. [ 34.858251][ T3597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'. [ 34.867915][ T322] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.877438][ T3597] Zero length message leads to an empty skb [ 34.949757][ T3592] syz.4.42 (3592) used greatest stack depth: 10120 bytes left [ 34.989344][ T3434] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 34.993682][ T3601] loop3: detected capacity change from 0 to 512 [ 35.021895][ T3601] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 35.035121][ T3601] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 35.044293][ T3601] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 35.053513][ T3601] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 35.071732][ T3601] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 35.080387][ T3601] System zones: 0-2, 18-18, 34-35 [ 35.090378][ T3601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.104889][ T3604] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.120288][ T3606] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3606 comm=syz.2.49 [ 35.177310][ T3604] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.191871][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.250405][ T3604] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.308998][ T3604] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.406832][ T1084] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.420108][ T1084] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.437296][ T1084] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.448640][ T1084] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.532972][ T3630] netlink: 'syz.3.59': attribute type 1 has an invalid length. [ 35.541156][ T3629] netlink: 'syz.4.58': attribute type 1 has an invalid length. [ 35.554802][ T3630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.59'. [ 35.568318][ T3630] vlan2: entered promiscuous mode [ 35.573404][ T3630] veth0: entered promiscuous mode [ 35.575805][ T3630] dummy0: entered promiscuous mode [ 35.604018][ T3635] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 35.611261][ T3635] IPv6: NLM_F_CREATE should be set when creating new route [ 35.618510][ T3635] IPv6: NLM_F_CREATE should be set when creating new route [ 35.626203][ T3635] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 35.668212][ T3640] loop0: detected capacity change from 0 to 512 [ 35.675288][ T3640] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 35.690863][ T3640] EXT4-fs (loop0): 1 truncate cleaned up [ 35.696997][ T3640] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.713911][ T3640] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.721150][ T3640] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.763341][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.810174][ T3651] wireguard0: entered promiscuous mode [ 35.848690][ T3702] netlink: 156 bytes leftover after parsing attributes in process `syz.4.65'. [ 35.863590][ T3711] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.924703][ T3711] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.978493][ T3711] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.029211][ T3711] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 36.135514][ T3726] syz_tun: entered allmulticast mode [ 36.153258][ T3725] syz_tun: left allmulticast mode [ 36.212423][ T3728] process 'syz.2.72' launched '/dev/fd/4' with NULL argv: empty string added [ 36.889828][ T29] kauditd_printk_skb: 237 callbacks suppressed [ 36.889845][ T29] audit: type=1400 audit(1754868084.689:355): avc: denied { mounton } for pid=3733 comm="syz.4.74" path="/15/file0" dev="tmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 36.919737][ T29] audit: type=1400 audit(1754868084.689:356): avc: denied { mount } for pid=3733 comm="syz.4.74" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 36.941767][ T29] audit: type=1400 audit(1754868084.719:357): avc: denied { setattr } for pid=3733 comm="syz.4.74" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 36.967826][ T29] audit: type=1400 audit(1754868084.769:358): avc: denied { unmount } for pid=3300 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 37.060472][ T29] audit: type=1400 audit(1754868084.859:359): avc: denied { name_connect } for pid=3735 comm="syz.0.76" dest=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 37.127442][ T3742] loop2: detected capacity change from 0 to 512 [ 37.147955][ T3742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.162260][ T3742] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.970315][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.011248][ T29] audit: type=1326 audit(1754868085.809:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f83d7835ba7 code=0x7ffc0000 [ 38.109765][ T29] audit: type=1326 audit(1754868085.809:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f83d77dadd9 code=0x7ffc0000 [ 38.132962][ T29] audit: type=1326 audit(1754868085.829:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f83d7835ba7 code=0x7ffc0000 [ 38.156178][ T29] audit: type=1326 audit(1754868085.829:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f83d77dadd9 code=0x7ffc0000 [ 38.179544][ T29] audit: type=1326 audit(1754868085.829:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3753 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 38.230957][ C0] hrtimer: interrupt took 46621 ns [ 38.892380][ T3768] syzkaller0: entered promiscuous mode [ 38.897961][ T3768] syzkaller0: entered allmulticast mode [ 39.129571][ T3777] netlink: 8 bytes leftover after parsing attributes in process `syz.4.88'. [ 39.383374][ T3723] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.401886][ T3723] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.428002][ T3723] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.462708][ T3723] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.481922][ T3791] loop3: detected capacity change from 0 to 1024 [ 39.499866][ T3791] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 39.537738][ T3791] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #3: block 1: comm syz.3.94: lblock 1 mapped to illegal pblock 1 (length 1) [ 39.655874][ T3791] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.94: Failed to acquire dquot type 0 [ 39.713901][ T3791] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.94: Freeing blocks not in datazone - block = 0, count = 4096 [ 39.735514][ T3791] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.94: Invalid inode bitmap blk 0 in block_group 0 [ 39.748777][ T3693] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:49: lblock 1 mapped to illegal pblock 1 (length 1) [ 39.764948][ T3693] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:49: Failed to release dquot type 0 [ 39.776803][ T3791] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 39.786353][ T3791] EXT4-fs (loop3): 1 orphan inode deleted [ 39.797144][ T3791] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.898454][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.901430][ T3804] loop2: detected capacity change from 0 to 512 [ 39.920635][ T3804] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 39.942038][ T3804] EXT4-fs (loop2): orphan cleanup on readonly fs [ 39.949179][ T3804] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.99: Block bitmap for bg 0 marked uninitialized [ 39.969941][ T3804] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 39.980337][ T3693] bond0: (slave bond_slave_0): interface is now down [ 39.986794][ T3804] EXT4-fs (loop2): 1 orphan inode deleted [ 39.987310][ T3693] bond0: (slave bond_slave_1): interface is now down [ 39.993525][ T3804] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 40.019298][ T3693] bond0: (slave bond_slave_0): interface is now down [ 40.026111][ T3693] bond0: (slave bond_slave_1): interface is now down [ 40.033417][ T3693] bond0: now running without any active interface! [ 40.108149][ T3811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 40.127218][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.171990][ T3811] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 40.198044][ T3820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'. [ 40.248048][ T3826] loop1: detected capacity change from 0 to 512 [ 40.259697][ T3826] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 40.319016][ T3831] bridge0: entered allmulticast mode [ 40.336908][ T3831] bridge_slave_1: left allmulticast mode [ 40.342589][ T3831] bridge_slave_1: left promiscuous mode [ 40.348345][ T3831] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.395906][ T3831] bridge_slave_0: left allmulticast mode [ 40.401649][ T3831] bridge_slave_0: left promiscuous mode [ 40.407477][ T3831] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.574852][ T3841] veth0_to_team: entered promiscuous mode [ 40.589867][ T3817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.105'. [ 41.177710][ T3864] SELinux: security_context_str_to_sid (VWW) failed with errno=-22 [ 42.159215][ T29] kauditd_printk_skb: 365 callbacks suppressed [ 42.159232][ T29] audit: type=1400 audit(1754868089.959:727): avc: denied { firmware_load } for pid=3913 comm="syz.2.144" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 42.371021][ T29] audit: type=1400 audit(1754868090.169:728): avc: denied { write } for pid=3915 comm="syz.0.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 42.377675][ T3917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.146'. [ 42.461087][ T3917] veth0_macvtap: left promiscuous mode [ 42.475639][ T29] audit: type=1400 audit(1754868090.269:729): avc: denied { map } for pid=3921 comm="syz.1.147" path="socket:[6658]" dev="sockfs" ino=6658 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 42.498978][ T29] audit: type=1400 audit(1754868090.269:730): avc: denied { read } for pid=3921 comm="syz.1.147" path="socket:[6658]" dev="sockfs" ino=6658 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 42.543750][ T3922] loop1: detected capacity change from 0 to 2048 [ 42.620698][ T3499] loop1: p1 < > p4 [ 42.625922][ T3499] loop1: p4 size 8388608 extends beyond EOD, truncated [ 42.674592][ T3922] loop1: p1 < > p4 [ 42.679081][ T3922] loop1: p4 size 8388608 extends beyond EOD, truncated [ 42.733509][ T2992] loop1: p1 < > p4 [ 42.754941][ T2992] loop1: p4 size 8388608 extends beyond EOD, truncated [ 42.897942][ T3914] syz.2.144 (3914) used greatest stack depth: 9288 bytes left [ 42.978470][ T29] audit: type=1326 audit(1754868090.779:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 42.981425][ T3930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 43.005956][ T29] audit: type=1326 audit(1754868090.779:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 43.033339][ T29] audit: type=1326 audit(1754868090.779:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 43.056775][ T29] audit: type=1326 audit(1754868090.779:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f64c2c5d550 code=0x7ffc0000 [ 43.080076][ T29] audit: type=1326 audit(1754868090.779:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64c2c5e7eb code=0x7ffc0000 [ 43.103276][ T29] audit: type=1326 audit(1754868090.779:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f64c2c5e7eb code=0x7ffc0000 [ 43.126722][ T3930] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 43.202121][ T3933] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.247941][ T3933] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.297818][ T3933] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.325095][ T3939] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.332437][ T3939] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.344220][ T3939] bridge0: entered allmulticast mode [ 43.353564][ T3933] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 43.367451][ T3939] bridge_slave_1: left allmulticast mode [ 43.373231][ T3939] bridge_slave_1: left promiscuous mode [ 43.379055][ T3939] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.388095][ T3939] bridge_slave_0: left allmulticast mode [ 43.393809][ T3939] bridge_slave_0: left promiscuous mode [ 43.399560][ T3939] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.487526][ T31] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.502238][ T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.546398][ T31] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.554728][ T31] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.592025][ T3946] ------------[ cut here ]------------ [ 43.597579][ T3946] 'send_pkt()' returns 0, but 65536 expected [ 43.604691][ T3946] WARNING: CPU: 1 PID: 3946 at net/vmw_vsock/virtio_transport_common.c:428 virtio_transport_send_pkt_info+0x846/0x860 [ 43.617326][ T3946] Modules linked in: [ 43.621279][ T3946] CPU: 1 UID: 0 PID: 3946 Comm: syz.3.156 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 43.632010][ T3946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 43.642139][ T3946] RIP: 0010:virtio_transport_send_pkt_info+0x846/0x860 [ 43.649058][ T3946] Code: 7b 01 fc 48 c7 c7 1d 37 d4 86 e8 95 2c 1c fc c6 05 2b b9 7d 01 01 90 48 c7 c7 ed db 5e 86 44 89 fe 48 89 da e8 1b 1f cb fb 90 <0f> 0b 90 90 e9 f6 fe ff ff e8 bc 7b 01 fc 90 0f 0b 90 e9 04 fb ff [ 43.668881][ T3946] RSP: 0018:ffffc90012e6f918 EFLAGS: 00010246 [ 43.675064][ T3946] RAX: a4544102eed15600 RBX: 0000000000010000 RCX: 0000000000080000 [ 43.683204][ T3946] RDX: ffffc90004804000 RSI: 000000000000525c RDI: 000000000000525d [ 43.691248][ T3946] RBP: 0000000000010000 R08: 0001c90012e6f78f R09: 0000000000000000 [ 43.699304][ T3946] R10: 00000000ffffffff R11: 0000000000000002 R12: 0000000000040000 [ 43.707321][ T3946] R13: ffff888123fb642c R14: ffffffff86d1f4b8 R15: 0000000000000000 [ 43.715313][ T3946] FS: 00007f65d5b376c0(0000) GS:ffff8882aef44000(0000) knlGS:0000000000000000 [ 43.724353][ T3946] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.731279][ T3946] CR2: 000020000003f000 CR3: 000000010955a000 CR4: 00000000003506f0 [ 43.739347][ T3946] Call Trace: [ 43.742660][ T3946] [ 43.745621][ T3946] virtio_transport_seqpacket_enqueue+0xb4/0xe0 [ 43.752074][ T3946] vsock_connectible_sendmsg+0x752/0x980 [ 43.757802][ T3946] ? __pfx_woken_wake_function+0x10/0x10 [ 43.763525][ T3946] ? __pfx_vsock_connectible_sendmsg+0x10/0x10 [ 43.769793][ T3946] __sock_sendmsg+0x145/0x180 [ 43.774530][ T3946] ____sys_sendmsg+0x345/0x4e0 [ 43.779412][ T3946] ___sys_sendmsg+0x17b/0x1d0 [ 43.784125][ T3946] __sys_sendmmsg+0x178/0x300 [ 43.788935][ T3946] __x64_sys_sendmmsg+0x57/0x70 [ 43.793824][ T3946] x64_sys_call+0x1c4a/0x2ff0 [ 43.798547][ T3946] do_syscall_64+0xd2/0x200 [ 43.803163][ T3946] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 43.809409][ T3946] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 43.815233][ T3946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 43.821267][ T3946] RIP: 0033:0x7f65d70cebe9 [ 43.825796][ T3946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 43.845900][ T3946] RSP: 002b:00007f65d5b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 43.854491][ T3946] RAX: ffffffffffffffda RBX: 00007f65d72f5fa0 RCX: 00007f65d70cebe9 [ 43.862530][ T3946] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004 [ 43.870673][ T3946] RBP: 00007f65d7151e19 R08: 0000000000000000 R09: 0000000000000000 [ 43.878695][ T3946] R10: 0000000024008094 R11: 0000000000000246 R12: 0000000000000000 [ 43.886879][ T3946] R13: 00007f65d72f6038 R14: 00007f65d72f5fa0 R15: 00007ffeaf708998 [ 43.894883][ T3946] [ 43.897949][ T3946] ---[ end trace 0000000000000000 ]--- [ 44.140911][ T3963] loop4: detected capacity change from 0 to 512 [ 44.168239][ T3963] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.199689][ T3963] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.242109][ T3963] EXT4-fs error (device loop4): ext4_empty_dir:3081: inode #12: comm syz.4.162: invalid size [ 44.253055][ T3963] EXT4-fs (loop4): Remounting filesystem read-only [ 44.291627][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.306988][ T31] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 44.496713][ T4001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.165'. [ 45.042649][ C0] IPv4: Oversized IP packet from 172.20.20.170 [ 45.065923][ T4027] loop1: detected capacity change from 0 to 512 [ 45.068703][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.090673][ T4027] EXT4-fs: test_dummy_encryption option not supported [ 45.108429][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.115095][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.121840][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.128350][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.134836][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.151832][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.159460][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.166031][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 45.224807][ T4037] netlink: 24 bytes leftover after parsing attributes in process `syz.0.171'. [ 45.445313][ T4066] random: crng reseeded on system resumption [ 45.467909][ T4066] netlink: 24 bytes leftover after parsing attributes in process `syz.4.173'. [ 45.481464][ T4066] netlink: 32 bytes leftover after parsing attributes in process `syz.4.173'. [ 45.491102][ T3380] IPVS: starting estimator thread 0... [ 45.587117][ T4070] IPVS: using max 2112 ests per chain, 105600 per kthread [ 46.026108][ T4114] netlink: 'syz.1.177': attribute type 4 has an invalid length. [ 46.060622][ T4114] netlink: 'syz.1.177': attribute type 4 has an invalid length. [ 46.148268][ T4120] lo speed is unknown, defaulting to 1000 [ 46.154044][ T4120] lo speed is unknown, defaulting to 1000 [ 46.160129][ T4120] lo speed is unknown, defaulting to 1000 [ 46.166156][ T4120] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 46.174735][ T4120] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 46.195826][ T4120] lo speed is unknown, defaulting to 1000 [ 46.203399][ T4124] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.214898][ T4120] lo speed is unknown, defaulting to 1000 [ 46.222471][ T4120] lo speed is unknown, defaulting to 1000 [ 46.229432][ T4120] lo speed is unknown, defaulting to 1000 [ 46.235473][ T4120] lo speed is unknown, defaulting to 1000 [ 46.242991][ T4124] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.497529][ T4124] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.558399][ T4124] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.628948][ T3434] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.646160][ T4157] loop2: detected capacity change from 0 to 2048 [ 46.656167][ T3434] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.669920][ T3434] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.695461][ T3434] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.722105][ T4157] Alternate GPT is invalid, using primary GPT. [ 46.728599][ T4157] loop2: p2 p3 p7 [ 46.761273][ T4169] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 46.770352][ T4169] netlink: 12 bytes leftover after parsing attributes in process `+}[@'. [ 47.168685][ T29] kauditd_printk_skb: 158 callbacks suppressed [ 47.168700][ T29] audit: type=1326 audit(1754868094.969:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4156 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 47.246270][ T29] audit: type=1326 audit(1754868095.019:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4156 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 47.269666][ T29] audit: type=1326 audit(1754868095.029:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4156 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 47.293010][ T29] audit: type=1326 audit(1754868095.039:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4156 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 47.316886][ T29] audit: type=1326 audit(1754868095.119:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4156 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 47.357783][ T29] audit: type=1326 audit(1754868095.149:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4156 comm="syz.2.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 47.425715][ T29] audit: type=1400 audit(1754868095.219:899): avc: denied { create } for pid=4182 comm="syz.2.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 47.529402][ T4186] syzkaller0: entered promiscuous mode [ 47.534931][ T4186] syzkaller0: entered allmulticast mode [ 47.762997][ T29] audit: type=1326 audit(1754868095.559:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4201 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 47.808954][ T29] audit: type=1326 audit(1754868095.589:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4201 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 47.832178][ T29] audit: type=1326 audit(1754868095.589:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4201 comm="syz.0.198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 47.859245][ T4205] netlink: 60 bytes leftover after parsing attributes in process `syz.0.199'. [ 47.868259][ T4205] netlink: 12 bytes leftover after parsing attributes in process `syz.0.199'. [ 47.877167][ T4205] netlink: 60 bytes leftover after parsing attributes in process `syz.0.199'. [ 47.891029][ T4191] pim6reg: entered allmulticast mode [ 47.899201][ T4191] pim6reg: left allmulticast mode [ 48.035321][ T4218] loop0: detected capacity change from 0 to 2048 [ 48.049245][ T4218] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.078793][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.107019][ T4227] siw: device registration error -23 [ 48.283166][ T4233] loop0: detected capacity change from 0 to 4096 [ 48.301847][ T4233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.208'. [ 48.363455][ T4238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 48.373127][ T4238] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 48.549994][ T4249] syz_tun: entered allmulticast mode [ 48.559586][ T4248] syz_tun: left allmulticast mode [ 48.587673][ T4251] bond1 (unregistering): Released all slaves [ 48.689445][ T4255] can: request_module (can-proto-0) failed. [ 48.908597][ T4261] loop0: detected capacity change from 0 to 256 [ 49.188207][ T4270] bridge: RTM_NEWNEIGH with invalid ether address [ 49.224192][ T4272] loop2: detected capacity change from 0 to 4096 [ 49.236999][ T4272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.307203][ T4272] EXT4-fs error (device loop2): ext4_empty_dir:3100: inode #12: block 80: comm syz.2.221: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 49.328029][ T4272] EXT4-fs warning (device loop2): ext4_empty_dir:3103: inode #12: comm syz.2.221: directory missing '..' [ 49.374853][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.485173][ T4287] loop2: detected capacity change from 0 to 512 [ 49.501576][ T4287] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 49.510172][ T4287] EXT4-fs (loop2): orphan cleanup on readonly fs [ 49.520397][ T4287] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 49.557023][ T4287] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 49.564236][ T4287] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.227: bg 0: block 40: padding at end of block bitmap is not set [ 49.580961][ T4287] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 49.590312][ T4287] EXT4-fs (loop2): 1 truncate cleaned up [ 49.596507][ T4287] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 49.613011][ T4287] netlink: 'syz.2.227': attribute type 39 has an invalid length. [ 49.704360][ T4299] pim6reg1: entered promiscuous mode [ 49.709750][ T4299] pim6reg1: entered allmulticast mode [ 49.750418][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.854363][ T4312] loop4: detected capacity change from 0 to 4096 [ 49.866168][ T4312] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.944015][ T4322] __nla_validate_parse: 13 callbacks suppressed [ 49.944034][ T4322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.239'. [ 49.956193][ T4312] EXT4-fs error (device loop4): ext4_empty_dir:3100: inode #12: block 80: comm syz.4.235: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 49.983878][ T4312] EXT4-fs warning (device loop4): ext4_empty_dir:3103: inode #12: comm syz.4.235: directory missing '..' [ 50.004426][ T4326] netlink: 4 bytes leftover after parsing attributes in process `syz.2.240'. [ 50.013698][ T4328] wireguard0: entered promiscuous mode [ 50.019268][ T4328] wireguard0: entered allmulticast mode [ 50.029160][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.043449][ T4326] hsr_slave_0: left promiscuous mode [ 50.049497][ T4326] hsr_slave_1: left promiscuous mode [ 50.061053][ T4332] syz.4.241 uses obsolete (PF_INET,SOCK_PACKET) [ 50.188440][ T4342] netlink: 8 bytes leftover after parsing attributes in process `syz.0.247'. [ 50.206083][ T4338] loop4: detected capacity change from 0 to 512 [ 50.253187][ T4338] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 50.277545][ T4338] EXT4-fs (loop4): orphan cleanup on readonly fs [ 50.284644][ T4338] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:517: comm syz.4.245: Block bitmap for bg 0 marked uninitialized [ 50.299376][ T4338] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 50.308621][ T4338] EXT4-fs (loop4): 1 orphan inode deleted [ 50.315067][ T4338] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 50.334855][ T4354] loop0: detected capacity change from 0 to 512 [ 50.352672][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.365174][ T4354] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.378404][ T4354] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.432705][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.470289][ T4362] loop0: detected capacity change from 0 to 4096 [ 50.491327][ T4362] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.582510][ T4362] EXT4-fs error (device loop0): ext4_empty_dir:3100: inode #12: block 80: comm syz.0.252: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 50.607483][ T4362] EXT4-fs warning (device loop0): ext4_empty_dir:3103: inode #12: comm syz.0.252: directory missing '..' [ 50.669563][ T4379] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.689490][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.731661][ T4383] netlink: 28 bytes leftover after parsing attributes in process `syz.0.263'. [ 50.740915][ T4387] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 50.757922][ T4379] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.779306][ T4388] lo speed is unknown, defaulting to 1000 [ 50.828146][ T4379] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.929226][ T4379] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.999098][ T3674] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.017810][ T3674] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.031402][ T3674] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.129672][ T3674] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.155315][ T4405] loop0: detected capacity change from 0 to 2048 [ 51.221232][ T4405] Alternate GPT is invalid, using primary GPT. [ 51.228284][ T4405] loop0: p2 p3 p7 [ 51.413606][ T4419] netlink: 21 bytes leftover after parsing attributes in process `syz.2.270'. [ 51.760105][ T4426] loop4: detected capacity change from 0 to 512 [ 51.791747][ T4426] journal_path: Non-blockdev passed as './bus' [ 51.798748][ T4426] EXT4-fs: error: could not find journal device path [ 52.319214][ T29] kauditd_printk_skb: 245 callbacks suppressed [ 52.319231][ T29] audit: type=1326 audit(1754868100.119:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.0.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 52.379393][ T29] audit: type=1326 audit(1754868100.159:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4431 comm="syz.0.280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 52.416561][ T4442] net_ratelimit: 22 callbacks suppressed [ 52.416583][ T4442] IPv4: Oversized IP packet from 127.202.26.0 [ 52.440542][ T4444] netlink: 'syz.1.285': attribute type 13 has an invalid length. [ 52.465544][ T4444] gretap0: refused to change device tx_queue_len [ 52.476787][ T4444] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 52.553599][ T29] audit: type=1326 audit(1754868100.349:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4455 comm="syz.1.290" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x0 [ 52.608233][ T29] audit: type=1400 audit(1754868100.409:1150): avc: denied { connect } for pid=4458 comm="syz.1.291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 52.627794][ T29] audit: type=1400 audit(1754868100.409:1151): avc: denied { setopt } for pid=4458 comm="syz.1.291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 52.683695][ T4463] loop3: detected capacity change from 0 to 512 [ 52.692634][ T4463] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.293: casefold flag without casefold feature [ 52.706166][ T4463] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.293: couldn't read orphan inode 15 (err -117) [ 52.718631][ T4463] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.758312][ T4469] loop4: detected capacity change from 0 to 1024 [ 52.765925][ T4469] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 52.794157][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.798765][ T4469] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.821852][ T29] audit: type=1400 audit(1754868100.619:1152): avc: denied { setattr } for pid=4468 comm="syz.4.295" name="file0" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 52.860027][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.946064][ T4477] syzkaller0: entered promiscuous mode [ 52.952388][ T4477] syzkaller0: entered allmulticast mode [ 53.026554][ T4482] @: renamed from bond_slave_0 (while UP) [ 53.050616][ T29] audit: type=1400 audit(1754868100.849:1153): avc: denied { setopt } for pid=4483 comm="syz.3.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.077529][ T29] audit: type=1400 audit(1754868100.879:1154): avc: denied { write } for pid=4483 comm="syz.3.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.097671][ T29] audit: type=1400 audit(1754868100.879:1155): avc: denied { nlmsg_write } for pid=4483 comm="syz.3.301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 53.244446][ T29] audit: type=1326 audit(1754868101.039:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4504 comm="syz.3.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65d70cebe9 code=0x7ffc0000 [ 53.374878][ T4514] loop3: detected capacity change from 0 to 164 [ 53.399818][ T4514] syz.3.314: attempt to access beyond end of device [ 53.399818][ T4514] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 53.420309][ T4514] syz.3.314: attempt to access beyond end of device [ 53.420309][ T4514] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 53.462857][ T4517] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.547320][ T4522] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 53.553923][ T4522] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 53.561427][ T4522] vhci_hcd vhci_hcd.0: Device attached [ 53.606008][ T4522] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 53.612629][ T4522] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 53.620917][ T4522] vhci_hcd vhci_hcd.0: Device attached [ 53.622976][ T4517] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.632543][ T4522] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 53.643206][ T4522] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 53.651698][ T4522] vhci_hcd vhci_hcd.0: Device attached [ 53.672809][ T4531] vhci_hcd: connection closed [ 53.672884][ T31] vhci_hcd: stop threads [ 53.673084][ T4529] vhci_hcd: connection closed [ 53.677693][ T31] vhci_hcd: release socket [ 53.691040][ T31] vhci_hcd: disconnect device [ 53.695650][ T4523] vhci_hcd: connection closed [ 53.695939][ T31] vhci_hcd: stop threads [ 53.704957][ T31] vhci_hcd: release socket [ 53.709447][ T31] vhci_hcd: disconnect device [ 53.714586][ T31] vhci_hcd: stop threads [ 53.719694][ T31] vhci_hcd: release socket [ 53.724186][ T31] vhci_hcd: disconnect device [ 53.749884][ T4517] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.760279][ T2955] vhci_hcd: vhci_device speed not set [ 53.833907][ T4517] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.904874][ T3701] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.921205][ T3434] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.933169][ T3434] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.947667][ T3434] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.211123][ T4550] loop3: detected capacity change from 0 to 128 [ 54.224549][ T4550] FAT-fs (loop3): error, clusters badly computed (2 != 1) [ 54.231839][ T4550] FAT-fs (loop3): Filesystem has been set read-only [ 54.238632][ T4550] FAT-fs (loop3): error, clusters badly computed (3 != 2) [ 54.245927][ T4550] FAT-fs (loop3): error, clusters badly computed (4 != 3) [ 54.249343][ T4554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'. [ 54.253248][ T4550] FAT-fs (loop3): error, clusters badly computed (5 != 4) [ 54.268510][ T4554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'. [ 54.269295][ T4550] FAT-fs (loop3): error, clusters badly computed (6 != 5) [ 54.279157][ T4554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'. [ 54.296071][ T4554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'. [ 54.369967][ T4559] loop2: detected capacity change from 0 to 512 [ 54.406062][ T4559] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.419942][ T4559] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.480584][ T4572] bond0: (slave bond_slave_0): Releasing backup interface [ 54.502856][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.512284][ T4572] bond0: (slave bond_slave_1): Releasing backup interface [ 54.524730][ T4572] team0: Port device team_slave_0 removed [ 54.535630][ T4572] team0: Port device team_slave_1 removed [ 54.543111][ T4572] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 54.551460][ T4572] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 54.560875][ T4572] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 54.564830][ T4577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.341'. [ 54.568458][ T4572] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 54.668784][ T4582] vlan2: entered allmulticast mode [ 54.673938][ T4582] bridge_slave_0: entered allmulticast mode [ 54.682602][ T4582] bridge0: port 1(vlan2) entered blocking state [ 54.689024][ T4582] bridge0: port 1(vlan2) entered disabled state [ 54.696033][ T4582] vlan2: entered promiscuous mode [ 54.701193][ T4582] bridge_slave_0: entered promiscuous mode [ 54.774591][ T4588] loop3: detected capacity change from 0 to 128 [ 54.798167][ T4592] can: request_module (can-proto-0) failed. [ 54.799553][ T4590] bond1: entered promiscuous mode [ 54.809526][ T4590] bond1: entered allmulticast mode [ 54.815553][ T4590] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.830636][ T4590] bond1 (unregistering): Released all slaves [ 55.061907][ T4610] __nla_validate_parse: 5 callbacks suppressed [ 55.061923][ T4610] netlink: 52 bytes leftover after parsing attributes in process `syz.4.345'. [ 55.077174][ T4610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.345'. [ 55.086040][ T4610] netlink: 52 bytes leftover after parsing attributes in process `syz.4.345'. [ 55.094946][ T4610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.345'. [ 55.103841][ T4610] netlink: 52 bytes leftover after parsing attributes in process `syz.4.345'. [ 55.263470][ T4613] loop1: detected capacity change from 0 to 512 [ 55.271122][ T4613] EXT4-fs: Ignoring removed bh option [ 55.277663][ T4613] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 55.286778][ T4613] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 55.317233][ T4613] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 55.342426][ T4613] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 55.377399][ T4613] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.563462][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.678170][ T4630] netlink: 'syz.2.352': attribute type 12 has an invalid length. [ 55.750761][ T4633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 55.788186][ T4633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 55.801266][ T4633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 55.814073][ T4633] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 55.858709][ T4643] loop4: detected capacity change from 0 to 1024 [ 55.879305][ T4643] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.925455][ T4649] lo speed is unknown, defaulting to 1000 [ 55.966098][ T4643] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.358: Allocating blocks 449-513 which overlap fs metadata [ 56.058055][ T4642] EXT4-fs (loop4): pa ffff8881072781c0: logic 48, phys. 177, len 21 [ 56.066124][ T4642] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 56.188110][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.352930][ T4665] ipvlan2: entered promiscuous mode [ 56.360389][ T4665] bridge0: port 3(ipvlan2) entered blocking state [ 56.366893][ T4665] bridge0: port 3(ipvlan2) entered disabled state [ 56.373801][ T4665] ipvlan2: entered allmulticast mode [ 56.379237][ T4665] bridge0: entered allmulticast mode [ 56.399591][ T4665] ipvlan2: left allmulticast mode [ 56.404803][ T4665] bridge0: left allmulticast mode [ 56.517892][ T4672] lo speed is unknown, defaulting to 1000 [ 56.614059][ T4676] : renamed from bond0 (while UP) [ 56.707235][ T4685] netlink: 'syz.2.374': attribute type 1 has an invalid length. [ 56.760049][ T4685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.850413][ T4685] bond0: (slave geneve2): making interface the new active one [ 56.863350][ T4685] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 57.109072][ T4714] Illegal XDP return value 4294967274 on prog (id 300) dev syz_tun, expect packet loss! [ 57.319759][ T4730] loop2: detected capacity change from 0 to 512 [ 57.327402][ T29] kauditd_printk_skb: 337 callbacks suppressed [ 57.327417][ T29] audit: type=1326 audit(1754868105.129:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4704 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 57.357812][ T29] audit: type=1326 audit(1754868105.129:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4704 comm="syz.0.391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 57.398980][ T4730] EXT4-fs (loop2): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 57.445124][ T4730] atomic_op ffff888124a24928 conn xmit_atomic 0000000000000000 [ 57.537003][ T3308] EXT4-fs (loop2): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 57.755410][ T4740] loop4: detected capacity change from 0 to 128 [ 57.795160][ T29] audit: type=1400 audit(1754868105.589:1496): avc: denied { create } for pid=4739 comm="syz.4.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 57.900286][ T4742] netlink: 8 bytes leftover after parsing attributes in process `syz.4.395'. [ 57.915649][ T29] audit: type=1400 audit(1754868105.619:1497): avc: denied { ioctl } for pid=4739 comm="syz.4.394" path="socket:[9831]" dev="sockfs" ino=9831 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 58.003740][ T4746] loop2: detected capacity change from 0 to 512 [ 58.013859][ T4746] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.114904][ T29] audit: type=1326 audit(1754868105.909:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4754 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 58.146999][ T29] audit: type=1326 audit(1754868105.939:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4754 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 58.171003][ T29] audit: type=1326 audit(1754868105.939:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4754 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 58.194429][ T29] audit: type=1326 audit(1754868105.939:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4754 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 58.217980][ T29] audit: type=1326 audit(1754868105.939:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4754 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 58.230470][ T4753] SELinux: failed to load policy [ 58.242143][ T29] audit: type=1326 audit(1754868105.939:1503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4754 comm="syz.0.408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb980b2ebe9 code=0x7ffc0000 [ 58.292667][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.320982][ T4764] netlink: 'syz.2.402': attribute type 1 has an invalid length. [ 58.337484][ T4764] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.350134][ T4767] vlan3: entered allmulticast mode [ 58.366173][ T4764] bond1 (unregistering): Released all slaves [ 58.417197][ T4776] bond1: entered promiscuous mode [ 58.422343][ T4776] bond1: entered allmulticast mode [ 58.428152][ T4776] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.453733][ T4776] bond1 (unregistering): Released all slaves [ 58.529379][ T4784] netlink: 'syz.4.410': attribute type 1 has an invalid length. [ 58.531183][ T4786] loop1: detected capacity change from 0 to 128 [ 58.578151][ T4789] mmap: syz.0.412 (4789) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 58.594103][ T4784] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.618082][ T4791] bond1 (unregistering): Released all slaves [ 58.663109][ T4795] loop2: detected capacity change from 0 to 1024 [ 58.706420][ T4795] EXT4-fs: Ignoring removed orlov option [ 58.765553][ T4795] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.794322][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794322][ T3674] loop1: rw=1, sector=145, nr_sectors = 16 limit=128 [ 58.794433][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794433][ T3674] loop1: rw=1, sector=169, nr_sectors = 8 limit=128 [ 58.794473][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794473][ T3674] loop1: rw=1, sector=185, nr_sectors = 8 limit=128 [ 58.794557][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794557][ T3674] loop1: rw=1, sector=201, nr_sectors = 8 limit=128 [ 58.794659][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794659][ T3674] loop1: rw=1, sector=217, nr_sectors = 8 limit=128 [ 58.794690][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794690][ T3674] loop1: rw=1, sector=233, nr_sectors = 8 limit=128 [ 58.794727][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794727][ T3674] loop1: rw=1, sector=249, nr_sectors = 8 limit=128 [ 58.794819][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794819][ T3674] loop1: rw=1, sector=265, nr_sectors = 8 limit=128 [ 58.794874][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794874][ T3674] loop1: rw=1, sector=281, nr_sectors = 8 limit=128 [ 58.794915][ T3674] kworker/u8:30: attempt to access beyond end of device [ 58.794915][ T3674] loop1: rw=1, sector=297, nr_sectors = 8 limit=128 [ 59.091287][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.125955][ T4826] loop4: detected capacity change from 0 to 512 [ 59.165811][ T4826] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.220475][ T4826] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.251413][ T4838] loop2: detected capacity change from 0 to 1024 [ 59.258885][ T4838] EXT4-fs: Ignoring removed orlov option [ 59.277484][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.287672][ T4838] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.310791][ T4843] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.318065][ T4843] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.356241][ T4843] bridge0: entered allmulticast mode [ 59.368888][ T4846] bridge_slave_1: left allmulticast mode [ 59.374581][ T4846] bridge_slave_1: left promiscuous mode [ 59.380495][ T4846] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.468749][ T4846] bridge_slave_0: left allmulticast mode [ 59.474503][ T4846] bridge_slave_0: left promiscuous mode [ 59.480198][ T4846] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.601903][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.648153][ T4861] geneve3: entered promiscuous mode [ 59.653453][ T4861] geneve3: entered allmulticast mode [ 59.661163][ T3688] netdevsim netdevsim2 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 59.682644][ T3688] netdevsim netdevsim2 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 59.709763][ T3688] netdevsim netdevsim2 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 59.729424][ T3688] netdevsim netdevsim2 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 59.811201][ T4877] loop3: detected capacity change from 0 to 512 [ 59.862531][ T4877] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.962303][ T4890] loop9: detected capacity change from 0 to 7 [ 59.978817][ T4877] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.019013][ T4890] Buffer I/O error on dev loop9, logical block 0, async page read [ 60.040527][ T4890] Buffer I/O error on dev loop9, logical block 0, async page read [ 60.049225][ T4890] loop9: unable to read partition table [ 60.070676][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.091184][ T4890] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 60.091184][ T4890] ) failed (rc=-5) [ 60.139999][ T4898] loop3: detected capacity change from 0 to 512 [ 60.169115][ T4898] ext4: Unknown parameter '"' [ 60.290108][ T4904] loop3: detected capacity change from 0 to 2048 [ 60.296521][ T4907] loop4: detected capacity change from 0 to 8192 [ 60.351236][ T4904] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.367851][ T4904] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.470249][ T4915] netlink: 'syz.4.457': attribute type 10 has an invalid length. [ 60.529768][ T3305] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.593999][ T4925] can: request_module (can-proto-0) failed. [ 60.842875][ T4932] __nla_validate_parse: 4 callbacks suppressed [ 60.842892][ T4932] netlink: 156 bytes leftover after parsing attributes in process `syz.4.464'. [ 60.884025][ T4932] netlink: 24 bytes leftover after parsing attributes in process `syz.4.464'. [ 60.895111][ T4934] netlink: 11 bytes leftover after parsing attributes in process `syz.2.465'. [ 60.907944][ T4934] netlink: 4 bytes leftover after parsing attributes in process `syz.2.465'. [ 60.917863][ T4934] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 60.925382][ T4934] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 60.938142][ T4934] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 60.945607][ T4934] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 60.954820][ T4936] loop4: detected capacity change from 0 to 1024 [ 60.979201][ T4936] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.006812][ T4936] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.466: Allocating blocks 449-513 which overlap fs metadata [ 61.039378][ T4936] EXT4-fs (loop4): pa ffff8881072295b0: logic 48, phys. 177, len 21 [ 61.047498][ T4936] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 61.073880][ T4940] netlink: 12 bytes leftover after parsing attributes in process `syz.2.467'. [ 61.085020][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.108264][ T4942] loop3: detected capacity change from 0 to 128 [ 61.123585][ T4942] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 61.153691][ T4942] ext4 filesystem being mounted at /88/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 61.174512][ T4949] netlink: 12 bytes leftover after parsing attributes in process `syz.2.471'. [ 61.398708][ T4964] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4964 comm=syz.0.477 [ 61.467918][ T4967] loop4: detected capacity change from 0 to 1024 [ 61.482130][ T4970] loop1: detected capacity change from 0 to 1024 [ 61.509152][ T4967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.509619][ T4970] EXT4-fs: Ignoring removed orlov option [ 61.548813][ T4970] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.650918][ T4967] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.478: Allocating blocks 497-513 which overlap fs metadata [ 61.712742][ T4965] EXT4-fs (loop4): pa ffff8881072782a0: logic 64, phys. 209, len 19 [ 61.721525][ T4965] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1 [ 61.810410][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.965851][ T3305] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 62.028918][ T4982] netlink: 'syz.3.482': attribute type 1 has an invalid length. [ 62.042389][ T4982] 8021q: adding VLAN 0 to HW filter on device bond1 [ 62.055999][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.067841][ T4982] netlink: 4 bytes leftover after parsing attributes in process `syz.3.482'. [ 62.107487][ T4982] bond1 (unregistering): Released all slaves [ 62.332747][ T5000] netlink: 24 bytes leftover after parsing attributes in process `syz.1.485'. [ 62.337792][ T4999] netlink: 'syz.3.489': attribute type 10 has an invalid length. [ 62.359040][ T5002] loop4: detected capacity change from 0 to 512 [ 62.365910][ T5002] EXT4-fs: Ignoring removed mblk_io_submit option [ 62.373120][ T4999] dummy0: left promiscuous mode [ 62.381140][ T4999] team0: Port device dummy0 added [ 62.389563][ T4999] netlink: 'syz.3.489': attribute type 10 has an invalid length. [ 62.399139][ T5002] EXT4-fs (loop4): failed to initialize system zone (-117) [ 62.413971][ T5006] loop0: detected capacity change from 0 to 128 [ 62.425569][ T29] kauditd_printk_skb: 1010 callbacks suppressed [ 62.425586][ T29] audit: type=1326 audit(1754868110.219:2514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.455973][ T29] audit: type=1326 audit(1754868110.219:2515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.480497][ T29] audit: type=1326 audit(1754868110.219:2516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.504101][ T29] audit: type=1326 audit(1754868110.219:2517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.528211][ T29] audit: type=1326 audit(1754868110.219:2518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.531150][ T5002] EXT4-fs (loop4): mount failed [ 62.551554][ T29] audit: type=1326 audit(1754868110.219:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.554075][ T29] audit: type=1326 audit(1754868110.359:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.606511][ T29] audit: type=1326 audit(1754868110.359:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5004 comm="syz.1.491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f64c2c5ebe9 code=0x7ffc0000 [ 62.630472][ T4999] team0: Port device dummy0 removed [ 62.632254][ T29] audit: type=1326 audit(1754868110.409:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5009 comm="syz.2.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 62.641609][ T4999] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 62.659946][ T29] audit: type=1326 audit(1754868110.409:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5009 comm="syz.2.493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d783ebe9 code=0x7ffc0000 [ 62.765797][ T5012] SELinux: failed to load policy [ 62.921624][ T5043] loop4: detected capacity change from 0 to 512 [ 62.929142][ T5045] loop3: detected capacity change from 0 to 128 [ 62.940998][ T5043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 62.970413][ T5046] team0 (unregistering): Port device team_slave_0 removed [ 63.006889][ T5046] team0 (unregistering): Port device team_slave_1 removed [ 63.137977][ T5061] netlink: 52 bytes leftover after parsing attributes in process `syz.1.511'. [ 63.139736][ T5060] lo speed is unknown, defaulting to 1000 [ 63.146912][ T5061] netlink: 12 bytes leftover after parsing attributes in process `syz.1.511'. [ 63.163300][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.262986][ T5069] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5069 comm=syz.3.518 [ 63.310653][ T5063] team0 (unregistering): Port device team_slave_0 removed [ 63.320586][ T5063] team0 (unregistering): Port device team_slave_1 removed [ 63.378613][ T5078] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 63.385885][ T5078] IPv6: NLM_F_CREATE should be set when creating new route [ 63.584056][ T5095] wireguard0: entered promiscuous mode [ 63.590452][ T5095] wireguard0: entered allmulticast mode [ 63.659300][ T5099] bond0: (slave 5@): Releasing backup interface [ 63.668617][ T5099] bond0: (slave bond_slave_1): Releasing backup interface [ 63.680634][ T5099] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 63.688811][ T5099] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 63.698020][ T5099] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 63.705429][ T5099] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 63.730150][ T5099] vlan2: left promiscuous mode [ 63.734951][ T5099] bridge_slave_0: left promiscuous mode [ 63.740807][ T5099] bridge0: port 1(vlan2) entered disabled state [ 63.762729][ T5105] geneve2: entered promiscuous mode [ 63.768055][ T5105] geneve2: entered allmulticast mode [ 63.778045][ T5106] pim6reg1: entered promiscuous mode [ 63.783370][ T5106] pim6reg1: entered allmulticast mode [ 63.801495][ T3690] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 63.815311][ T3690] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 63.831143][ T3690] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 63.840307][ T3690] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 63.942191][ T5124] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 63.948740][ T5124] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 63.956915][ T5124] vhci_hcd vhci_hcd.0: Device attached [ 63.996088][ T5124] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(5) [ 64.002637][ T5124] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 64.010156][ T5124] vhci_hcd vhci_hcd.0: Device attached [ 64.070433][ T5131] vhci_hcd: connection closed [ 64.070877][ T3697] vhci_hcd: stop threads [ 64.080007][ T3697] vhci_hcd: release socket [ 64.084454][ T3697] vhci_hcd: disconnect device [ 64.096843][ T5125] vhci_hcd: connection closed [ 64.100095][ T3697] vhci_hcd: stop threads [ 64.109895][ T3697] vhci_hcd: release socket [ 64.114354][ T3697] vhci_hcd: disconnect device [ 64.153418][ T5142] loop4: detected capacity change from 0 to 1024 [ 64.159840][ T3394] vhci_hcd: vhci_device speed not set [ 64.165739][ T5142] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.178731][ T5142] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 64.188498][ T5142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.204622][ T5142] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 64.214138][ T5142] EXT4-fs error (device loop4): ext4_lookup:1787: inode #15: comm syz.4.541: iget: bad extended attribute block 8388352 [ 64.238469][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.371856][ T5158] netlink: 'syz.4.545': attribute type 2 has an invalid length. [ 64.379675][ T5158] netlink: 'syz.4.545': attribute type 1 has an invalid length. [ 64.872399][ T5173] loop3: detected capacity change from 0 to 128 [ 64.880179][ T5173] vfat: Unknown parameter '' [ 64.893203][ T5170] loop2: detected capacity change from 0 to 512 [ 64.902074][ T5170] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c02c, mo2=0102] [ 64.911986][ T5170] System zones: 1-12 [ 64.916877][ T5170] EXT4-fs error (device loop2): ext4_xattr_inode_iget:442: comm syz.2.553: error while reading EA inode 32 err=-116 [ 64.929734][ T5170] EXT4-fs (loop2): Remounting filesystem read-only [ 64.936310][ T5170] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 64.949390][ T5170] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 64.961991][ T5170] EXT4-fs (loop2): 1 orphan inode deleted [ 64.971770][ T5170] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 65.053936][ T5182] dvmrp1: entered allmulticast mode [ 65.333853][ T5194] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.368098][ T5196] loop1: detected capacity change from 0 to 1024 [ 65.375511][ T5196] EXT4-fs: Ignoring removed orlov option [ 65.383535][ T5196] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.542671][ T5196] ================================================================== [ 65.550786][ T5196] BUG: KCSAN: data-race in generic_buffers_fsync_noflush / writeback_single_inode [ 65.560019][ T5196] [ 65.562357][ T5196] write to 0xffff8881071ce008 of 4 bytes by task 5198 on cpu 1: [ 65.569987][ T5196] writeback_single_inode+0x14a/0x3e0 [ 65.575359][ T5196] sync_inode_metadata+0x5b/0x90 [ 65.580308][ T5196] generic_buffers_fsync_noflush+0xd9/0x120 [ 65.586201][ T5196] ext4_sync_file+0x1ab/0x690 [ 65.590885][ T5196] vfs_fsync_range+0x10d/0x130 [ 65.595646][ T5196] ext4_buffered_write_iter+0x34f/0x3c0 [ 65.601227][ T5196] ext4_file_write_iter+0x383/0xf00 [ 65.606445][ T5196] iter_file_splice_write+0x666/0x9e0 [ 65.611810][ T5196] direct_splice_actor+0x153/0x2a0 [ 65.616956][ T5196] splice_direct_to_actor+0x30f/0x680 [ 65.622321][ T5196] do_splice_direct+0xda/0x150 [ 65.627080][ T5196] do_sendfile+0x380/0x650 [ 65.631505][ T5196] __x64_sys_sendfile64+0x105/0x150 [ 65.636715][ T5196] x64_sys_call+0x2bb0/0x2ff0 [ 65.641390][ T5196] do_syscall_64+0xd2/0x200 [ 65.645892][ T5196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.651870][ T5196] [ 65.654191][ T5196] read to 0xffff8881071ce008 of 4 bytes by task 5196 on cpu 0: [ 65.661721][ T5196] generic_buffers_fsync_noflush+0x80/0x120 [ 65.667618][ T5196] ext4_sync_file+0x1ab/0x690 [ 65.672333][ T5196] vfs_fsync_range+0x10d/0x130 [ 65.677096][ T5196] ext4_buffered_write_iter+0x34f/0x3c0 [ 65.682677][ T5196] ext4_file_write_iter+0x383/0xf00 [ 65.687926][ T5196] iter_file_splice_write+0x666/0x9e0 [ 65.693324][ T5196] direct_splice_actor+0x153/0x2a0 [ 65.698446][ T5196] splice_direct_to_actor+0x30f/0x680 [ 65.703815][ T5196] do_splice_direct+0xda/0x150 [ 65.708584][ T5196] do_sendfile+0x380/0x650 [ 65.713019][ T5196] __x64_sys_sendfile64+0x105/0x150 [ 65.718254][ T5196] x64_sys_call+0x2bb0/0x2ff0 [ 65.722932][ T5196] do_syscall_64+0xd2/0x200 [ 65.727438][ T5196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.733340][ T5196] [ 65.735665][ T5196] value changed: 0x00000038 -> 0x00000002 [ 65.741418][ T5196] [ 65.743739][ T5196] Reported by Kernel Concurrency Sanitizer on: [ 65.749893][ T5196] CPU: 0 UID: 0 PID: 5196 Comm: syz.1.561 Tainted: G W 6.17.0-rc1-syzkaller #0 PREEMPT(voluntary) [ 65.762063][ T5196] Tainted: [W]=WARN [ 65.765877][ T5196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 65.775925][ T5196] ================================================================== [ 65.795290][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.817952][ T3299] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.