last executing test programs: 2.364141128s ago: executing program 3 (id=1772): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000001540)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES32, @ANYRESDEC=0x0, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRESOCT=0x0], 0x1, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) fdatasync(r0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 1.568016463s ago: executing program 3 (id=1795): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f00000026c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x36b, &(0x7f0000000a00)="$eJzs3U1vG1UXAODTvM1H85I6C4QECHFVNrCxkvAHGqFWQkQChRoVFkhTMgEr0zjyWEGuEHTHlt9RsWSHhPgDWcCeHbtsWHZRdVDsuPloCIvUHgrPI0X3xPce+4zHM7qb0dm//d3drc2yuZn1Yup6iqmImHoYsTiIhi4djlODeCaOux9vNW7/9tqHH3/y3ura2o31lG6u3np7JaV09fWfvvzq+2s/9/7/0Q9Xf5yNvcVP9/9Y+X3vpb2X9x/f+qJdpnaZtju9lKU7nU4vu1PkaaNdbjVT+qDIszJP7e0y756Y3yw6Ozv9lG1vLMzvdPOyTNl2P23l/dTrpF63n7LPs/Z2ajabaWE++DutB+vr2eownjtn3fVJFcQYdLur2cE1PPvUTOtBLQUBALW66P5/5pnu/6fD/n+Sju//+bc62P/PHF6/J9n/AwAAAAAAAAAAAADA8+BhVTWqqmqMxmr0kPDh/zWXx5g9df5P/dVdH+N17MG9uYji293Wbms4DudXN6MdReSxFI14dHBbGBnGN99du7GUBhZj4e43g/xrv0S0/ncyfzkasXh2/vIwPz3Jj4NxOuaP569EI148O3/lzPyZePONY/nNaMSvn0UnitgY3N6O8r9eTumd99dO5c8O1gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw39BMI6/GsO/9biviSuwe9u9vHi1YPNkff5j/pL/+UjTi0dn9+ZfO7M9/OV65XO+xAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBI2b+3lRVF3p1UMOr5P3hlZhT8ddal4fL7p6auxARrLop86lm94eOqqsZV6txkT+VFgumI885gdfgrufhnvRAR56yZjYj6v41/YlDXHQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqc9T0u+5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqFPZv7eVFUXeHWNQ9zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8T/4MAAD//yeQEY0=") r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) write$binfmt_elf64(r2, &(0x7f0000000e80)=ANY=[], 0x78) sendfile(r2, r2, &(0x7f0000000000)=0x9, 0xffffffff) 1.37701296s ago: executing program 1 (id=1801): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r2}, 0x18) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 1.345602912s ago: executing program 1 (id=1802): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$chown(0x4, r0, 0xee01, 0xee00) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/tty/drivers\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x20000023892) 1.258448656s ago: executing program 1 (id=1803): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000840), 0x81, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000070000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021340011800a0001006c696d6974000000240002800c00024000000000000000030c00014000000000000001010800044000000001480000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000001c0003800c00008008000340000000020c0000800800034000000002"], 0x100}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1.257632046s ago: executing program 1 (id=1804): bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) unshare(0x62040200) socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x1d, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000000), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_ifindex, @remote}, 0x10) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x6, 0x4) 1.042496655s ago: executing program 1 (id=1806): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000001540)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES32, @ANYRESDEC=0x0, @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRESOCT=0x0], 0x1, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) fdatasync(r0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 987.707167ms ago: executing program 4 (id=1807): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001780)=""/4096, &(0x7f00000002c0)=0x1000) pipe2(&(0x7f00000006c0)={0xffffffffffffffff}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310) close_range(r0, 0xffffffffffffffff, 0x0) 987.346587ms ago: executing program 4 (id=1808): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0xa1c406, &(0x7f0000000400)=ANY=[@ANYBLOB="646f74730000f5ff522c246d6173a594e5e0ee30303030010000000000400017c3d234e02f30303030302c6e6f646f742c6e66733d6e0973", @ANYRES16, @ANYRESDEC], 0x1, 0x2a0, &(0x7f0000001400)="$eJzs3M9r02AYwPFnydZ0k/04CXrxQS96CbMe1UOVDcSC0q2iHoSMZVpW25EUbUUwZ0/7O4ZHb4L4D+y/8DYE2WknI22zNOu633Wt3fcDI8/b5323p33JeLKRbD1ff7u64tsrTlWMtIohEsiOyIwUZddIdEw141T8utzPSCC3Zt9tf1548fJxNpeby6vOZxfvZFR16tr39x+/XP9RvfTs65RlyebMq63fmZ+blzevbP1ZfFP0tZiScqWqji5VKlVnqeTqctFftVWfllzHd7VY9l1vT36lVFlbq6tTXp6cWPNc31enXFdD6lqtaDqqqqy2bevkRCNOywWSOvGKwkY+72Tb4zmztxVhEHhe1mls7Pi+s6Gw0Z+KAABAPx3c/xvxnN3+3+js/0WO6P8/RbOmvnXt/309ff9viuf6u0U0+/+qV1fntVNM9v84VGf/fzzGvykGZzESJAYP9qQ8LzvefRH9PwAAAAAAAAAAAAAAAAAAAAAA/4OdMJwOw3C6cTREJIzGloiYiXGXpRfq3vphldz/MPFlRRt8yP5jCCRu3EuL/ApqhVphpHls5ecf5eZmtSlx4992rVYw4/ztVl735sdkIspnuuZTcvNGK9/IPXySS+bXa4VxWT608qBXHwEAAAAAAEPP1thM/GJa4ut721ZLOvPN6/dWFLT/PqDtRwM18qNydfQ83wkAAAAAADiIX/+w6pRKrnc+gXmOP+vUgcjplt8NrZ6UYYrIEXPyCyL9/6D2BZYMRBnDHNzr1Tc0278BxqKw4ywAAAAAMFza1wMnX8u/9wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I0zPUXMON7kfr9HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFD8DQAA///mXbd/") r3 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r3, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c) 986.630847ms ago: executing program 4 (id=1809): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, 0x0}, 0x138) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f00000001c0)}, 0x20) r0 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0x28ad, 0x80, 0x9, 0x200}, &(0x7f0000000680)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 913.265401ms ago: executing program 4 (id=1811): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000780), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0, 0x0, 0x8}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x19, 0x3, 0x7ffc0001}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000005c0)='\"', 0x1, 0x4fed0) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x50) sendfile(r2, r2, 0x0, 0x800000009) 882.333051ms ago: executing program 4 (id=1812): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r2, @in6={{0xa, 0x4e20, 0xffffffff, @private2, 0x7}}}, 0x90) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89ff, 0x0) 861.556383ms ago: executing program 4 (id=1813): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x42, 0x61) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x1) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00'}, 0x10) sendfile(r1, r0, 0x0, 0x7ffff000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001b00)=@newtfilter={0x38, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xe, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 770.463616ms ago: executing program 2 (id=1816): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000070000000010"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 718.461379ms ago: executing program 2 (id=1818): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1100, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f0000000000)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) memfd_create(0x0, 0x4) 666.902981ms ago: executing program 2 (id=1819): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 666.218451ms ago: executing program 0 (id=1820): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0xa1c406, &(0x7f0000000400)=ANY=[@ANYBLOB="646f74730000f5ff522c246d6173a594e5e0ee30303030010000000000400017c3d234e02f30303030302c6e6f646f742c6e66733d6e0973", @ANYRES16, @ANYRESDEC], 0x1, 0x2a0, &(0x7f0000001400)="$eJzs3M9r02AYwPFnydZ0k/04CXrxQS96CbMe1UOVDcSC0q2iHoSMZVpW25EUbUUwZ0/7O4ZHb4L4D+y/8DYE2WknI22zNOu633Wt3fcDI8/b5323p33JeLKRbD1ff7u64tsrTlWMtIohEsiOyIwUZddIdEw141T8utzPSCC3Zt9tf1548fJxNpeby6vOZxfvZFR16tr39x+/XP9RvfTs65RlyebMq63fmZ+blzevbP1ZfFP0tZiScqWqji5VKlVnqeTqctFftVWfllzHd7VY9l1vT36lVFlbq6tTXp6cWPNc31enXFdD6lqtaDqqqqy2bevkRCNOywWSOvGKwkY+72Tb4zmztxVhEHhe1mls7Pi+s6Gw0Z+KAABAPx3c/xvxnN3+3+js/0WO6P8/RbOmvnXt/309ff9viuf6u0U0+/+qV1fntVNM9v84VGf/fzzGvykGZzESJAYP9qQ8LzvefRH9PwAAAAAAAAAAAAAAAAAAAAAA/4OdMJwOw3C6cTREJIzGloiYiXGXpRfq3vphldz/MPFlRRt8yP5jCCRu3EuL/ApqhVphpHls5ecf5eZmtSlx4992rVYw4/ztVl735sdkIspnuuZTcvNGK9/IPXySS+bXa4VxWT608qBXHwEAAAAAAEPP1thM/GJa4ut721ZLOvPN6/dWFLT/PqDtRwM18qNydfQ83wkAAAAAADiIX/+w6pRKrnc+gXmOP+vUgcjplt8NrZ6UYYrIEXPyCyL9/6D2BZYMRBnDHNzr1Tc0278BxqKw4ywAAAAAMFza1wMnX8u/9wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I0zPUXMON7kfr9HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFD8DQAA///mXbd/") r3 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r3, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c) 589.074654ms ago: executing program 0 (id=1821): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, 0x0}, 0x138) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, 0x0, &(0x7f00000001c0)}, 0x20) r0 = syz_io_uring_setup(0xa4d, &(0x7f0000000480)={0x0, 0x28ad, 0x80, 0x9, 0x200}, &(0x7f0000000680)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2c, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x9, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 588.830685ms ago: executing program 2 (id=1822): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0x1218088, &(0x7f00000005c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae356940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c1a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b52a0352a82c794995bbb97c82fcde79d14fb20e5127150de"], 0x4a, 0x2d1, &(0x7f0000000c80)="$eJzs3U9rI2UcB/DfpOlk1ENy8CTCDrgHT4vdm3hJkV0Qe3LJYfWgxd0FaYKwCwX/YNyTVy8ePPgKBMGL72IvvgPBq+DNFRZGZjLTTGraJtpUbD+fS3995vnO8zzp0zQ55OkHL08O7uXx4PHnv0SWJdEZxjCeJjGITjS+jAXDrwMA+D97WhTxezGzTi6JiGxz0wIANmi1v//defnjhUwLANigO3fffXt3b+/WO1lkcXvy1eGofGdffp1d330QH8U47sdr0Y9nEdXrhPqNf1nfLopi2s1Lg7g+mR6OyuTk/Sf1/Xd/i6jyO9GPwVGserVR5d/au7VTxfNeKz8t5/F8Pf6wzN+Mfrx4FF7I35zl83Y+Rmm8+kpr/jeiHz9/GB/HOO5Vk5jnv9jJ8zeLb/747L1yemU+mR6OelW/uWLrIn8uAAAAAAAAAAAAAAAAAAAAAABcbjfy5vCd/Fpcn5RN9fk7W8/Suk/dZTBPlddnVdI0tc4HKk2L+G52pOD2wnjz83268VK3fbAgAAAAAAAAAAAAAAAAAAAAXF2PPvn0YH88vv/wXIrmNIBuRPx5J+Kf3mfYarkWp3fu1WPuj8edulzo8yRtt8RW0yeJOHUa5SLO6WE5q3guOzbnpvj+h3KB69wwa7W8vnyB22et627v3+6NZncd7CfLx+pF05LVm+TbNGLeJ40Vx0pPulREe/udteR06aX+2mtPX6iK6Yl9imTJFm0Vb/w6u163JHHslyitHtWlo2/XRSt+bG+stJ8jm8X//lyRVKd19DbxNAQAAAAAAAAAAAAAAAAAACx8xrv87qfFi49PjXYKHwUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JKY////NYppHV6hcxoPH/3HSwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAK+CsAAP//cutM2w==") openat(0xffffffffffffff9c, 0x0, 0x8042, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) fdatasync(r0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0xa75) 428.558001ms ago: executing program 0 (id=1823): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000780), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000000400"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0, 0x0, 0x8}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x19, 0x3, 0x7ffc0001}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f00000005c0)='\"', 0x1, 0x4fed0) r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x50) sendfile(r2, r2, 0x0, 0x800000009) 428.112941ms ago: executing program 3 (id=1824): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000400)={r2, @in6={{0xa, 0x4e20, 0xffffffff, @private2, 0x7}}}, 0x90) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89ff, 0x0) 409.920882ms ago: executing program 3 (id=1825): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000025c0)={0xffffffffffffffff}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x56a9, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x1a, 0x4) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) shutdown(r0, 0x0) 335.758115ms ago: executing program 2 (id=1826): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000001400)={0x0, 0x0, 0x47a}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7}, 0x8) 335.141365ms ago: executing program 3 (id=1827): r0 = socket$inet_udp(0x2, 0x2, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000003c0)=[{&(0x7f0000001800)='\x00', 0x1}], 0x1, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0x25a5, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 306.150627ms ago: executing program 2 (id=1828): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000b40)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1, 0x0, 0x80000}, 0x18) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 305.542037ms ago: executing program 0 (id=1829): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x80) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) rmdir(&(0x7f0000000640)='./file0\x00') 167.700643ms ago: executing program 0 (id=1830): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) syz_open_dev$usbfs(&(0x7f0000000000), 0x203, 0x402) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) 167.474763ms ago: executing program 0 (id=1831): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x492492492492846, 0x0) ppoll(&(0x7f00000000c0)=[{r2}], 0x1, 0x0, 0x0, 0x0) connect$unix(r1, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) 85.263666ms ago: executing program 1 (id=1832): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) io_setup(0x25, &(0x7f00000002c0)=0x0) r2 = eventfd2(0x0, 0x0) io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) ppoll(&(0x7f0000000480)=[{r2, 0x1e1}], 0x1, 0x0, 0x0, 0x0) io_pgetevents(r1, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], 0x0, 0x0) shutdown(r0, 0x0) 0s ago: executing program 3 (id=1833): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = syz_io_uring_setup(0x14f5, &(0x7f0000000400)={0x0, 0xd144, 0x1000, 0xffffffff, 0x289}, &(0x7f00000001c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}}) io_uring_enter(r3, 0x3516, 0xddd6, 0x4, 0x0, 0x0) kernel console output (not intermixed with test programs): for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.511481][ T3299] cgroup: Unknown subsys name 'cpuset' [ 23.517539][ T3299] cgroup: Unknown subsys name 'rlimit' [ 23.647087][ T29] audit: type=1400 audit(1765210789.148:73): avc: denied { setattr } for pid=3299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.670913][ T29] audit: type=1400 audit(1765210789.148:74): avc: denied { create } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.691392][ T29] audit: type=1400 audit(1765210789.148:75): avc: denied { write } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.711808][ T29] audit: type=1400 audit(1765210789.148:76): avc: denied { read } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.718746][ T3301] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.732102][ T29] audit: type=1400 audit(1765210789.158:77): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.765390][ T29] audit: type=1400 audit(1765210789.158:78): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 23.788629][ T29] audit: type=1400 audit(1765210789.168:79): avc: denied { read } for pid=3039 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 23.824928][ T3299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.092398][ T3311] chnl_net:caif_netlink_parms(): no params data found [ 26.109248][ T3308] chnl_net:caif_netlink_parms(): no params data found [ 26.144721][ T3312] chnl_net:caif_netlink_parms(): no params data found [ 26.208929][ T3310] chnl_net:caif_netlink_parms(): no params data found [ 26.225540][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.232654][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.239792][ T3311] bridge_slave_0: entered allmulticast mode [ 26.246194][ T3311] bridge_slave_0: entered promiscuous mode [ 26.255743][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.262815][ T3311] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.269883][ T3311] bridge_slave_1: entered allmulticast mode [ 26.276410][ T3311] bridge_slave_1: entered promiscuous mode [ 26.286634][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.293757][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.301003][ T3308] bridge_slave_0: entered allmulticast mode [ 26.307237][ T3308] bridge_slave_0: entered promiscuous mode [ 26.333705][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.340751][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.347884][ T3308] bridge_slave_1: entered allmulticast mode [ 26.354213][ T3308] bridge_slave_1: entered promiscuous mode [ 26.364448][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.371564][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.378637][ T3312] bridge_slave_0: entered allmulticast mode [ 26.385023][ T3312] bridge_slave_0: entered promiscuous mode [ 26.399072][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.416449][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.423576][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.430788][ T3312] bridge_slave_1: entered allmulticast mode [ 26.437196][ T3312] bridge_slave_1: entered promiscuous mode [ 26.444049][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.468688][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.491088][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.500167][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 26.514409][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.524283][ T3311] team0: Port device team_slave_0 added [ 26.541691][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.551402][ T3311] team0: Port device team_slave_1 added [ 26.565281][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.572410][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.579531][ T3310] bridge_slave_0: entered allmulticast mode [ 26.586013][ T3310] bridge_slave_0: entered promiscuous mode [ 26.605368][ T3308] team0: Port device team_slave_0 added [ 26.611155][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.618192][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.625549][ T3310] bridge_slave_1: entered allmulticast mode [ 26.631985][ T3310] bridge_slave_1: entered promiscuous mode [ 26.650454][ T3308] team0: Port device team_slave_1 added [ 26.661003][ T3312] team0: Port device team_slave_0 added [ 26.666807][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.673769][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 26.699761][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.722204][ T3312] team0: Port device team_slave_1 added [ 26.728128][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.735091][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 26.761023][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.778794][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 26.798996][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.805954][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 26.831953][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.843496][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 26.857896][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 26.864886][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 26.890797][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 26.906157][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.913156][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 26.939039][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.954922][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 26.962016][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 26.987918][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 26.998693][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.005790][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.012995][ T3309] bridge_slave_0: entered allmulticast mode [ 27.019488][ T3309] bridge_slave_0: entered promiscuous mode [ 27.039434][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.046570][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.053789][ T3309] bridge_slave_1: entered allmulticast mode [ 27.060089][ T3309] bridge_slave_1: entered promiscuous mode [ 27.072852][ T3310] team0: Port device team_slave_0 added [ 27.079604][ T3310] team0: Port device team_slave_1 added [ 27.091673][ T3311] hsr_slave_0: entered promiscuous mode [ 27.097620][ T3311] hsr_slave_1: entered promiscuous mode [ 27.132608][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.151706][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.158642][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.184555][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.196469][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.207773][ T3308] hsr_slave_0: entered promiscuous mode [ 27.213825][ T3308] hsr_slave_1: entered promiscuous mode [ 27.219655][ T3308] debugfs: 'hsr0' already exists in 'hsr' [ 27.225381][ T3308] Cannot create hsr debugfs directory [ 27.236946][ T3312] hsr_slave_0: entered promiscuous mode [ 27.242902][ T3312] hsr_slave_1: entered promiscuous mode [ 27.248646][ T3312] debugfs: 'hsr0' already exists in 'hsr' [ 27.254373][ T3312] Cannot create hsr debugfs directory [ 27.260023][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.267032][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.293439][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.325678][ T3309] team0: Port device team_slave_0 added [ 27.344152][ T3309] team0: Port device team_slave_1 added [ 27.385641][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.392715][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.418617][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.435749][ T3310] hsr_slave_0: entered promiscuous mode [ 27.441627][ T3310] hsr_slave_1: entered promiscuous mode [ 27.447362][ T3310] debugfs: 'hsr0' already exists in 'hsr' [ 27.453081][ T3310] Cannot create hsr debugfs directory [ 27.461239][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.468166][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.494100][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.571804][ T3309] hsr_slave_0: entered promiscuous mode [ 27.577891][ T3309] hsr_slave_1: entered promiscuous mode [ 27.583702][ T3309] debugfs: 'hsr0' already exists in 'hsr' [ 27.589411][ T3309] Cannot create hsr debugfs directory [ 27.646242][ T3311] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 27.662352][ T3311] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 27.675125][ T3311] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 27.690057][ T3311] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 27.726432][ T3312] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 27.735336][ T3312] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 27.748360][ T3312] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 27.762928][ T3312] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 27.791246][ T3310] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 27.801540][ T3310] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 27.809753][ T3310] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 27.823544][ T3310] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 27.849618][ T3308] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 27.859646][ T3308] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 27.872894][ T3308] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 27.884240][ T3308] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 27.913975][ T3309] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 27.926687][ T3309] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 27.935843][ T3309] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 27.945491][ T3309] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 27.964943][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.988487][ T3311] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.007181][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.014249][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.023698][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.040509][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.047596][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.063369][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.083516][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.098128][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.105187][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.118409][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.125489][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.158992][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.168136][ T3308] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.187673][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.194867][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.204017][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.211102][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.239781][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.248864][ T3310] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.263014][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.270066][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.281999][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.291903][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.299013][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.347341][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.378356][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.385639][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.403352][ T3430] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.410438][ T3430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.423270][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.458829][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.539021][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.571084][ T3311] veth0_vlan: entered promiscuous mode [ 28.587885][ T3311] veth1_vlan: entered promiscuous mode [ 28.600752][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 28.631317][ T3311] veth0_macvtap: entered promiscuous mode [ 28.646861][ T3311] veth1_macvtap: entered promiscuous mode [ 28.667609][ T3308] veth0_vlan: entered promiscuous mode [ 28.673772][ T3312] veth0_vlan: entered promiscuous mode [ 28.685435][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.700372][ T3308] veth1_vlan: entered promiscuous mode [ 28.711600][ T3312] veth1_vlan: entered promiscuous mode [ 28.728332][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.744711][ T52] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.754512][ T3310] veth0_vlan: entered promiscuous mode [ 28.767146][ T52] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.779799][ T52] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.792175][ T3308] veth0_macvtap: entered promiscuous mode [ 28.798954][ T52] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 28.812521][ T3308] veth1_macvtap: entered promiscuous mode [ 28.819163][ T3310] veth1_vlan: entered promiscuous mode [ 28.841569][ T3312] veth0_macvtap: entered promiscuous mode [ 28.847966][ T3309] veth0_vlan: entered promiscuous mode [ 28.856995][ T29] kauditd_printk_skb: 12 callbacks suppressed [ 28.857009][ T29] audit: type=1400 audit(1765210794.358:92): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/root/syzkaller.D9EXqX/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 28.872320][ T3312] veth1_macvtap: entered promiscuous mode [ 28.893198][ T29] audit: type=1400 audit(1765210794.358:93): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.915315][ T29] audit: type=1400 audit(1765210794.358:94): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/root/syzkaller.D9EXqX/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 28.926916][ T3310] veth0_macvtap: entered promiscuous mode [ 28.940557][ T29] audit: type=1400 audit(1765210794.358:95): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 28.949856][ T3309] veth1_vlan: entered promiscuous mode [ 28.967949][ T29] audit: type=1400 audit(1765210794.358:96): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/root/syzkaller.D9EXqX/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 28.980158][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 28.999957][ T29] audit: type=1400 audit(1765210794.358:97): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/root/syzkaller.D9EXqX/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4842 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 29.009612][ T3310] veth1_macvtap: entered promiscuous mode [ 29.034535][ T29] audit: type=1400 audit(1765210794.358:98): avc: denied { unmount } for pid=3311 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 29.046547][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.066917][ T29] audit: type=1400 audit(1765210794.398:99): avc: denied { mounton } for pid=3311 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 29.089707][ T29] audit: type=1400 audit(1765210794.398:100): avc: denied { mount } for pid=3311 comm="syz-executor" name="/" dev="gadgetfs" ino=4846 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 29.118079][ T3311] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.124480][ T3309] veth0_macvtap: entered promiscuous mode [ 29.146143][ T3430] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.158460][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.162945][ T29] audit: type=1400 audit(1765210794.668:101): avc: denied { read write } for pid=3311 comm="syz-executor" name="loop4" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 29.171047][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.207396][ T3309] veth1_macvtap: entered promiscuous mode [ 29.213970][ T3430] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.224560][ T3430] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.237677][ T3430] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.255494][ T3430] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.264358][ T3430] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.274065][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.284323][ T3430] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.293487][ T3430] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.304075][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.314774][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.327581][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.347392][ T61] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.369073][ T61] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.401046][ T61] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.431680][ T61] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.440396][ T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.500950][ T61] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.517027][ T61] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.522745][ T3498] loop4: detected capacity change from 0 to 2048 [ 29.541513][ T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.717601][ T3524] Zero length message leads to an empty skb [ 29.717940][ T3525] loop2: detected capacity change from 0 to 1024 [ 29.750185][ T3525] ======================================================= [ 29.750185][ T3525] WARNING: The mand mount option has been deprecated and [ 29.750185][ T3525] and is ignored by this kernel. Remove the mand [ 29.750185][ T3525] option from the mount to silence this warning. [ 29.750185][ T3525] ======================================================= [ 29.799101][ T3529] veth2: entered promiscuous mode [ 29.804400][ T3529] veth2: entered allmulticast mode [ 29.810739][ T3525] EXT4-fs: inline encryption not supported [ 29.837728][ T3525] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 29.892388][ T3541] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.899630][ T3541] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.902417][ T3529] syz.0.19 (3529) used greatest stack depth: 10400 bytes left [ 29.925574][ T3542] loop4: detected capacity change from 0 to 164 [ 29.947304][ T3310] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 29.951880][ T3541] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 29.967540][ T3541] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 30.016209][ T415] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.031459][ T415] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.048665][ T415] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.068204][ T415] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 30.147042][ T3556] loop0: detected capacity change from 0 to 1024 [ 30.158667][ T3556] EXT4-fs (loop0): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 30.178071][ T3558] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3558 comm=syz.3.30 [ 30.190408][ T3558] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3558 comm=syz.3.30 [ 30.203736][ T3556] EXT4-fs error (device loop0): ext4_map_blocks:825: inode #3: block 1: comm syz.0.29: lblock 1 mapped to illegal pblock 1 (length 1) [ 30.219780][ T3556] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.29: Failed to acquire dquot type 0 [ 30.234190][ T3564] loop4: detected capacity change from 0 to 512 [ 30.241238][ T3564] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 30.245373][ T3556] EXT4-fs error (device loop0): ext4_free_blocks:6728: comm syz.0.29: Freeing blocks not in datazone - block = 0, count = 4096 [ 30.265476][ T3556] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.29: Invalid inode bitmap blk 0 in block_group 0 [ 30.284082][ T52] EXT4-fs error (device loop0): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 30.305608][ T3556] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem [ 30.315724][ T3564] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.324504][ T3570] xt_connbytes: Forcing CT accounting to be enabled [ 30.331217][ T52] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:3: Failed to release dquot type 0 [ 30.335102][ T3570] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not filter [ 30.357007][ T3556] EXT4-fs (loop0): 1 orphan inode deleted [ 30.363789][ T3556] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.391050][ T3564] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.408789][ T3564] SELinux: Context @ is not valid (left unmapped). [ 30.422135][ T3556] EXT4-fs error (device loop0): ext4_map_blocks:783: inode #3: block 1: comm syz.0.29: lblock 1 mapped to illegal pblock 1 (length 1) [ 30.436131][ T3556] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.29: Failed to acquire dquot type 0 [ 30.476670][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.492878][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.502006][ T52] EXT4-fs error (device loop0): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 30.516450][ T52] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:3: Failed to release dquot type 0 [ 30.671361][ T3594] netlink: 48 bytes leftover after parsing attributes in process `syz.2.44'. [ 30.693295][ T3599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.46'. [ 30.717973][ T3599] netlink: 12 bytes leftover after parsing attributes in process `syz.4.46'. [ 30.744345][ T3599] netlink: 12 bytes leftover after parsing attributes in process `syz.4.46'. [ 30.744649][ T3605] netlink: 'syz.1.48': attribute type 1 has an invalid length. [ 30.812462][ T3610] loop3: detected capacity change from 0 to 2048 [ 30.840259][ T3614] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 30.850591][ T3610] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.866263][ T3610] netlink: 28 bytes leftover after parsing attributes in process `syz.3.51'. [ 30.875163][ T3610] netlink: 28 bytes leftover after parsing attributes in process `syz.3.51'. [ 30.885173][ T3610] netlink: 28 bytes leftover after parsing attributes in process `syz.3.51'. [ 30.893997][ T3610] netlink: 28 bytes leftover after parsing attributes in process `syz.3.51'. [ 30.899877][ T3620] netlink: 'syz.4.53': attribute type 1 has an invalid length. [ 30.910356][ T3620] netlink: 'syz.4.53': attribute type 4 has an invalid length. [ 30.917964][ T3620] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.53'. [ 30.954636][ T3620] netlink: 'syz.4.53': attribute type 1 has an invalid length. [ 30.962387][ T3620] netlink: 'syz.4.53': attribute type 4 has an invalid length. [ 30.969973][ T3620] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.53'. [ 30.980770][ T3626] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.994855][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.228093][ T3642] syz.2.63 uses obsolete (PF_INET,SOCK_PACKET) [ 31.408304][ T3633] Set syz1 is full, maxelem 65536 reached [ 32.080226][ T3693] SELinux: Context system_u:object_r:var_lib_t:s0 is not valid (left unmapped). [ 32.125358][ T3696] atomic_op ffff88811b603d28 conn xmit_atomic 0000000000000000 [ 32.140500][ T3698] loop1: detected capacity change from 0 to 512 [ 32.151068][ T3698] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 32.185587][ T3698] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.205532][ T3698] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.421497][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.518621][ T3731] loop3: detected capacity change from 0 to 512 [ 32.545019][ T3731] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 32.567457][ T3731] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.594968][ T3731] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 32.773465][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.822135][ T3752] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 32.918792][ T3759] process 'syz.3.110' launched '/dev/fd/3' with NULL argv: empty string added [ 33.539649][ T3794] loop0: detected capacity change from 0 to 128 [ 33.668833][ T3802] vlan2: entered allmulticast mode [ 33.856983][ T3811] netlink: zone id is out of range [ 33.862174][ T3811] netlink: zone id is out of range [ 33.867722][ T3811] netlink: zone id is out of range [ 33.873342][ T3811] netlink: del zone limit has 8 unknown bytes [ 33.884723][ T29] kauditd_printk_skb: 138 callbacks suppressed [ 33.884738][ T29] audit: type=1400 audit(1765210799.388:234): avc: denied { wake_alarm } for pid=3812 comm="syz.3.134" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 33.929811][ T29] audit: type=1400 audit(1765210799.418:235): avc: denied { create } for pid=3815 comm="syz.2.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 33.949114][ T29] audit: type=1400 audit(1765210799.418:236): avc: denied { write } for pid=3815 comm="syz.2.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 33.974650][ T29] audit: type=1326 audit(1765210799.478:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3818 comm="syz.2.136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 34.036697][ T29] audit: type=1326 audit(1765210799.508:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3818 comm="syz.2.136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 34.060386][ T29] audit: type=1326 audit(1765210799.508:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3818 comm="syz.2.136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 34.083768][ T29] audit: type=1400 audit(1765210799.508:240): avc: denied { bpf } for pid=3818 comm="syz.2.136" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 34.104177][ T29] audit: type=1326 audit(1765210799.508:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3818 comm="syz.2.136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 34.127422][ T29] audit: type=1326 audit(1765210799.508:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3818 comm="syz.2.136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 34.150728][ T29] audit: type=1326 audit(1765210799.508:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3818 comm="syz.2.136" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 34.266982][ C1] hrtimer: interrupt took 28135 ns [ 34.453035][ T3847] loop3: detected capacity change from 0 to 128 [ 34.557030][ T3857] loop1: detected capacity change from 0 to 512 [ 34.569536][ T3857] EXT4-fs: Ignoring removed i_version option [ 34.575699][ T3857] EXT4-fs: Ignoring removed bh option [ 34.604178][ T3857] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 34.632853][ T3857] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 34.672420][ T3869] mmap: syz.2.157 (3869) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 34.763258][ T3312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.375409][ T3938] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.411870][ T3945] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 35.434494][ T3938] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.497502][ T3938] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.521917][ T3953] bridge0: port 3(batadv1) entered blocking state [ 35.528450][ T3953] bridge0: port 3(batadv1) entered disabled state [ 35.535360][ T3953] batadv1: entered allmulticast mode [ 35.541208][ T3953] batadv1: entered promiscuous mode [ 35.549935][ T3938] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 35.650343][ T3452] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.669126][ T3452] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.677563][ T3452] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.686113][ T3452] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.020953][ T415] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 36.030202][ T415] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 36.040300][ T3993] loop3: detected capacity change from 0 to 128 [ 36.064391][ T3996] __nla_validate_parse: 8 callbacks suppressed [ 36.064407][ T3996] netlink: 28 bytes leftover after parsing attributes in process `syz.2.213'. [ 36.081547][ T3993] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 36.089358][ T3993] FAT-fs (loop3): Filesystem has been set read-only [ 36.096362][ T3993] syz.3.212: attempt to access beyond end of device [ 36.096362][ T3993] loop3: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 36.110471][ T3993] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 36.118333][ T3993] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 36.127647][ T3993] syz.3.212: attempt to access beyond end of device [ 36.127647][ T3993] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 36.142045][ T3999] syz.3.212: attempt to access beyond end of device [ 36.142045][ T3999] loop3: rw=0, sector=2065, nr_sectors = 1 limit=128 [ 36.155221][ T3999] Buffer I/O error on dev loop3, logical block 2065, async page read [ 36.163757][ T3999] syz.3.212: attempt to access beyond end of device [ 36.163757][ T3999] loop3: rw=0, sector=2066, nr_sectors = 1 limit=128 [ 36.176957][ T3999] Buffer I/O error on dev loop3, logical block 2066, async page read [ 36.186576][ T3999] syz.3.212: attempt to access beyond end of device [ 36.186576][ T3999] loop3: rw=0, sector=2067, nr_sectors = 1 limit=128 [ 36.199789][ T3999] Buffer I/O error on dev loop3, logical block 2067, async page read [ 36.208499][ T3999] syz.3.212: attempt to access beyond end of device [ 36.208499][ T3999] loop3: rw=0, sector=2068, nr_sectors = 1 limit=128 [ 36.221729][ T3999] Buffer I/O error on dev loop3, logical block 2068, async page read [ 36.242846][ T3999] syz.3.212: attempt to access beyond end of device [ 36.242846][ T3999] loop3: rw=0, sector=2069, nr_sectors = 1 limit=128 [ 36.256055][ T3999] Buffer I/O error on dev loop3, logical block 2069, async page read [ 36.264775][ T3999] syz.3.212: attempt to access beyond end of device [ 36.264775][ T3999] loop3: rw=0, sector=2070, nr_sectors = 1 limit=128 [ 36.278050][ T3999] Buffer I/O error on dev loop3, logical block 2070, async page read [ 36.296470][ T3999] syz.3.212: attempt to access beyond end of device [ 36.296470][ T3999] loop3: rw=0, sector=2071, nr_sectors = 1 limit=128 [ 36.309691][ T3999] Buffer I/O error on dev loop3, logical block 2071, async page read [ 36.320922][ T3999] syz.3.212: attempt to access beyond end of device [ 36.320922][ T3999] loop3: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 36.334116][ T3999] Buffer I/O error on dev loop3, logical block 2072, async page read [ 36.350981][ T3993] Buffer I/O error on dev loop3, logical block 2065, async page read [ 36.359215][ T3993] Buffer I/O error on dev loop3, logical block 2066, async page read [ 37.058078][ T4052] infiniband syz!: set down [ 37.062701][ T4052] infiniband syz!: added team_slave_0 [ 37.091377][ T4061] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'. [ 37.102760][ T4052] RDS/IB: syz!: added [ 37.119845][ T4052] smc: adding ib device syz! with port count 1 [ 37.139139][ T4052] smc: ib device syz! port 1 has no pnetid [ 37.188456][ T4070] netlink: 12 bytes leftover after parsing attributes in process `syz.4.242'. [ 37.242457][ T4070] netlink: 92 bytes leftover after parsing attributes in process `syz.4.242'. [ 37.798671][ T4109] netlink: 8 bytes leftover after parsing attributes in process `syz.1.258'. [ 37.807683][ T4109] netlink: 32 bytes leftover after parsing attributes in process `syz.1.258'. [ 37.810204][ T4111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.259'. [ 37.833934][ T4111] netlink: 12 bytes leftover after parsing attributes in process `syz.4.259'. [ 37.901467][ T4117] netlink: 4 bytes leftover after parsing attributes in process `syz.4.260'. [ 37.918027][ T4117] netlink: 12 bytes leftover after parsing attributes in process `syz.4.260'. [ 38.195343][ T4132] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 38.769895][ T4169] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 38.903365][ T29] kauditd_printk_skb: 100 callbacks suppressed [ 38.903380][ T29] audit: type=1326 audit(1765210804.398:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.0.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 38.932849][ T29] audit: type=1326 audit(1765210804.398:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.0.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 38.956230][ T29] audit: type=1326 audit(1765210804.398:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.0.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 38.979567][ T29] audit: type=1326 audit(1765210804.398:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.0.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 39.005261][ T29] audit: type=1326 audit(1765210804.508:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.0.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 39.028642][ T29] audit: type=1326 audit(1765210804.508:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4183 comm="syz.0.290" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 39.131908][ T29] audit: type=1400 audit(1765210804.618:350): avc: denied { getopt } for pid=4205 comm="syz.1.297" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 39.187068][ T29] audit: type=1326 audit(1765210804.678:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 39.210349][ T29] audit: type=1326 audit(1765210804.678:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 39.233603][ T29] audit: type=1326 audit(1765210804.678:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4214 comm="syz.1.300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 39.283026][ T4220] bond0: entered promiscuous mode [ 39.288082][ T4220] bond_slave_0: entered promiscuous mode [ 39.293917][ T4220] bond_slave_1: entered promiscuous mode [ 39.301174][ T4220] batadv0: entered promiscuous mode [ 39.307624][ T4220] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 39.423724][ T4235] 9p: Unknown uid 00000000004294967295 [ 39.856562][ T4285] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.916190][ T4285] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.998952][ T4290] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 40.014257][ T4285] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.074605][ T4285] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.130141][ T52] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.151080][ T52] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.168688][ T52] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.182393][ T52] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.192489][ T4300] capability: warning: `syz.1.340' uses 32-bit capabilities (legacy support in use) [ 40.895178][ T4346] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.983344][ T4346] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.043798][ T4346] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.119159][ T4346] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.172231][ T52] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.199310][ T52] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.212172][ T52] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.220607][ T52] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.278719][ T4356] __nla_validate_parse: 10 callbacks suppressed [ 41.278733][ T4356] netlink: 8 bytes leftover after parsing attributes in process `syz.4.366'. [ 41.304148][ T4360] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4360 comm=syz.0.368 [ 41.316595][ T4360] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=4360 comm=syz.0.368 [ 41.357230][ T4356] syz.4.366 (4356) used greatest stack depth: 10192 bytes left [ 41.449542][ T4372] bridge_slave_0: left allmulticast mode [ 41.455376][ T4372] bridge_slave_0: left promiscuous mode [ 41.461286][ T4372] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.474662][ T4372] bridge_slave_1: left allmulticast mode [ 41.480342][ T4372] bridge_slave_1: left promiscuous mode [ 41.485889][ T4375] netlink: 'syz.4.373': attribute type 10 has an invalid length. [ 41.493977][ T4372] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.505303][ T4372] bond0: (slave bond_slave_0): Releasing backup interface [ 41.525267][ T4372] bond0: (slave bond_slave_1): Releasing backup interface [ 41.536877][ T4378] netlink: 4 bytes leftover after parsing attributes in process `syz.4.373'. [ 41.547476][ T4372] team0: Port device team_slave_0 removed [ 41.566145][ T4372] team0: Port device team_slave_1 removed [ 41.573876][ T4372] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 41.581308][ T4372] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 41.591708][ T4372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 41.599091][ T4372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 41.611646][ T4372] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 41.631182][ T4375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.639445][ T4375] team0: Port device bond0 added [ 41.662168][ T4378] team0 (unregistering): Port device bond0 removed [ 41.680845][ T4393] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 41.705782][ T4393] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 41.747759][ T4399] netlink: 4 bytes leftover after parsing attributes in process `syz.2.386'. [ 41.776585][ T4399] team1: entered promiscuous mode [ 41.781753][ T4399] team1: entered allmulticast mode [ 41.793754][ T4407] netlink: 3 bytes leftover after parsing attributes in process `{/}\'. [ 41.813158][ T4399] 8021q: adding VLAN 0 to HW filter on device team1 [ 41.841393][ T4407] 0ªX¹¦À: renamed from caif0 [ 41.853240][ T4411] netlink: 'syz.4.391': attribute type 10 has an invalid length. [ 41.861018][ T4411] netlink: 32 bytes leftover after parsing attributes in process `syz.4.391'. [ 41.873180][ T4407] 0ªX¹¦À: entered allmulticast mode [ 41.878430][ T4407] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 41.898050][ T4411] ipvlan2: entered promiscuous mode [ 41.909720][ T4411] bridge0: port 1(ipvlan2) entered blocking state [ 41.916234][ T4411] bridge0: port 1(ipvlan2) entered disabled state [ 41.939621][ T4411] ipvlan2: entered allmulticast mode [ 41.944988][ T4411] bridge0: entered allmulticast mode [ 41.951360][ T4411] ipvlan2: left allmulticast mode [ 41.956524][ T4411] bridge0: left allmulticast mode [ 42.118881][ T4436] netlink: 96 bytes leftover after parsing attributes in process `syz.0.402'. [ 42.173061][ T4443] netlink: 204 bytes leftover after parsing attributes in process `syz.0.405'. [ 42.189952][ T4438] netlink: 96 bytes leftover after parsing attributes in process `syz.4.403'. [ 42.238647][ T4447] netlink: 20 bytes leftover after parsing attributes in process `syz.3.406'. [ 42.249889][ T4449] loop4: detected capacity change from 0 to 256 [ 42.300741][ T4449] FAT-fs (loop4): Directory bread(block 64) failed [ 42.316296][ T4449] FAT-fs (loop4): Directory bread(block 65) failed [ 42.321034][ T4455] netlink: 16 bytes leftover after parsing attributes in process `syz.0.410'. [ 42.322992][ T4449] FAT-fs (loop4): Directory bread(block 66) failed [ 42.338217][ T4449] FAT-fs (loop4): Directory bread(block 67) failed [ 42.356503][ T4449] FAT-fs (loop4): Directory bread(block 68) failed [ 42.371006][ T4449] FAT-fs (loop4): Directory bread(block 69) failed [ 42.379777][ T4449] FAT-fs (loop4): Directory bread(block 70) failed [ 42.387364][ T4449] FAT-fs (loop4): Directory bread(block 71) failed [ 42.394049][ T4449] FAT-fs (loop4): Directory bread(block 72) failed [ 42.400847][ T4449] FAT-fs (loop4): Directory bread(block 73) failed [ 42.464331][ T4449] bio_check_eod: 36968 callbacks suppressed [ 42.464347][ T4449] syz.4.407: attempt to access beyond end of device [ 42.464347][ T4449] loop4: rw=0, sector=1736, nr_sectors = 8 limit=256 [ 42.754687][ T4478] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.238015][ T4510] @: renamed from vlan0 (while UP) [ 43.422229][ T4521] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.429758][ T4521] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.468988][ T4521] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.476498][ T4521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 43.516770][ T4521] batadv0 (unregistering): left promiscuous mode [ 43.525828][ T4523] netlink: 'syz.1.440': attribute type 14 has an invalid length. [ 43.545270][ T4523] netlink: 'syz.1.440': attribute type 14 has an invalid length. [ 43.553421][ T415] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 43.566438][ T415] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 43.575971][ T415] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 43.615414][ T415] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 43.707212][ T4545] loop3: detected capacity change from 0 to 256 [ 43.757382][ T4545] FAT-fs (loop3): Directory bread(block 64) failed [ 43.783313][ T4545] FAT-fs (loop3): Directory bread(block 65) failed [ 43.804294][ T4545] FAT-fs (loop3): Directory bread(block 66) failed [ 43.870931][ T4545] FAT-fs (loop3): Directory bread(block 67) failed [ 43.889066][ T4545] FAT-fs (loop3): Directory bread(block 68) failed [ 43.899162][ T4545] FAT-fs (loop3): Directory bread(block 69) failed [ 43.921071][ T4545] FAT-fs (loop3): Directory bread(block 70) failed [ 43.935509][ T4545] FAT-fs (loop3): Directory bread(block 71) failed [ 43.951084][ T4545] FAT-fs (loop3): Directory bread(block 72) failed [ 43.961340][ T4545] FAT-fs (loop3): Directory bread(block 73) failed [ 44.004967][ T4545] syz.3.450: attempt to access beyond end of device [ 44.004967][ T4545] loop3: rw=0, sector=1736, nr_sectors = 8 limit=256 [ 44.284505][ T29] kauditd_printk_skb: 95 callbacks suppressed [ 44.284521][ T29] audit: type=1400 audit(1765210809.768:449): avc: denied { create } for pid=4562 comm="syz.3.458" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 44.395361][ T29] audit: type=1400 audit(1765210809.818:450): avc: denied { write } for pid=4564 comm="syz.2.460" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 44.804597][ T29] audit: type=1400 audit(1765210810.308:451): avc: denied { write } for pid=4593 comm="syz.2.473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 45.072165][ T29] audit: type=1400 audit(1765210810.578:452): avc: denied { create } for pid=4628 comm="syz.2.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 45.094575][ T29] audit: type=1400 audit(1765210810.598:453): avc: denied { sys_admin } for pid=4628 comm="syz.2.488" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 45.115492][ T29] audit: type=1400 audit(1765210810.598:454): avc: denied { checkpoint_restore } for pid=4628 comm="syz.2.488" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 45.217406][ T4639] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 45.809736][ T29] audit: type=1400 audit(1765210811.308:455): avc: denied { create } for pid=4690 comm="syz.3.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.829628][ T29] audit: type=1400 audit(1765210811.308:456): avc: denied { ioctl } for pid=4690 comm="syz.3.512" path="socket:[10475]" dev="sockfs" ino=10475 ioctlcmd=0x8910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.978641][ T4700] loop4: detected capacity change from 0 to 128 [ 46.063006][ T29] audit: type=1326 audit(1765210811.568:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4705 comm="syz.0.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 46.093346][ T4700] syz.4.516: attempt to access beyond end of device [ 46.093346][ T4700] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 46.107067][ T29] audit: type=1326 audit(1765210811.588:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4705 comm="syz.0.517" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 46.132562][ T4700] syz.4.516: attempt to access beyond end of device [ 46.132562][ T4700] loop4: rw=2049, sector=185, nr_sectors = 16 limit=128 [ 46.152727][ T4700] syz.4.516: attempt to access beyond end of device [ 46.152727][ T4700] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 46.166917][ T4700] syz.4.516: attempt to access beyond end of device [ 46.166917][ T4700] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 46.192641][ T4700] syz.4.516: attempt to access beyond end of device [ 46.192641][ T4700] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 46.236885][ T4700] syz.4.516: attempt to access beyond end of device [ 46.236885][ T4700] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 46.263455][ T4700] syz.4.516: attempt to access beyond end of device [ 46.263455][ T4700] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 46.297109][ T4700] syz.4.516: attempt to access beyond end of device [ 46.297109][ T4700] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 46.351592][ T4716] __nla_validate_parse: 12 callbacks suppressed [ 46.351610][ T4716] netlink: 204 bytes leftover after parsing attributes in process `syz.0.520'. [ 46.479846][ T4725] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 46.589586][ T4733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.527'. [ 46.602267][ T4733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.527'. [ 46.656944][ T4738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.532'. [ 46.667434][ T4738] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.674961][ T4738] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.683457][ T4738] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.690963][ T4738] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.752881][ T4747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.535'. [ 46.863235][ T4757] bridge0: port 3(vlan2) entered blocking state [ 46.869537][ T4757] bridge0: port 3(vlan2) entered disabled state [ 46.887967][ T4757] vlan2: entered allmulticast mode [ 46.893143][ T4757] bridge0: entered allmulticast mode [ 46.961602][ T4757] vlan2: left allmulticast mode [ 46.966575][ T4757] bridge0: left allmulticast mode [ 47.068872][ T4766] netlink: 64 bytes leftover after parsing attributes in process `syz.1.543'. [ 47.123324][ T4769] Illegal XDP return value 4294967274 on prog (id 437) dev syz_tun, expect packet loss! [ 47.179799][ T4776] 9p: Bad value for 'rfdno' [ 47.211012][ T4778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.549'. [ 47.220136][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.227605][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 47.261715][ T4778] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.269146][ T4778] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 47.340448][ T4780] netlink: 96 bytes leftover after parsing attributes in process `syz.4.550'. [ 47.472288][ T4793] batadv_slave_0: entered promiscuous mode [ 47.649435][ T4800] loop4: detected capacity change from 0 to 2048 [ 47.714456][ T4800] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.794485][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.062086][ T4759] syz.2.538 (4759) used greatest stack depth: 10136 bytes left [ 48.071802][ T4754] syz.2.538 (4754) used greatest stack depth: 7240 bytes left [ 48.187810][ T4843] netlink: 'syz.3.573': attribute type 2 has an invalid length. [ 48.239197][ T4835] SELinux: failed to load policy [ 48.305056][ T4852] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.343079][ T4852] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.371834][ T4859] netlink: 4 bytes leftover after parsing attributes in process `syz.4.578'. [ 48.403535][ T4852] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.461538][ T4866] netlink: 28 bytes leftover after parsing attributes in process `syz.1.580'. [ 48.470541][ T4866] unsupported nla_type 24929 [ 48.484777][ T4852] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.502041][ T4868] loop3: detected capacity change from 0 to 128 [ 48.559282][ T55] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.579014][ T55] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.630970][ T55] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.639428][ T55] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.753955][ T4872] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 48.775801][ T4868] bio_check_eod: 100 callbacks suppressed [ 48.775815][ T4868] syz.3.581: attempt to access beyond end of device [ 48.775815][ T4868] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 48.795721][ T4868] syz.3.581: attempt to access beyond end of device [ 48.795721][ T4868] loop3: rw=2049, sector=185, nr_sectors = 16 limit=128 [ 48.830930][ T4868] syz.3.581: attempt to access beyond end of device [ 48.830930][ T4868] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 48.846858][ T4868] syz.3.581: attempt to access beyond end of device [ 48.846858][ T4868] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 48.862978][ T4868] syz.3.581: attempt to access beyond end of device [ 48.862978][ T4868] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 48.876963][ T4868] syz.3.581: attempt to access beyond end of device [ 48.876963][ T4868] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 48.894690][ T4868] syz.3.581: attempt to access beyond end of device [ 48.894690][ T4868] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 48.908707][ T4868] syz.3.581: attempt to access beyond end of device [ 48.908707][ T4868] loop3: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 48.925327][ T4868] syz.3.581: attempt to access beyond end of device [ 48.925327][ T4868] loop3: rw=2049, sector=305, nr_sectors = 8 limit=128 [ 48.949859][ T4868] syz.3.581: attempt to access beyond end of device [ 48.949859][ T4868] loop3: rw=2049, sector=321, nr_sectors = 8 limit=128 [ 49.122550][ T4927] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 49.132851][ T4927] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 49.344331][ T29] kauditd_printk_skb: 104 callbacks suppressed [ 49.344348][ T29] audit: type=1326 audit(1765210814.838:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4938 comm="syz.3.611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 49.374003][ T29] audit: type=1326 audit(1765210814.838:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4938 comm="syz.3.611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 49.397379][ T29] audit: type=1326 audit(1765210814.838:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4938 comm="syz.3.611" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 49.502920][ T29] audit: type=1400 audit(1765210815.008:566): avc: denied { read write } for pid=4950 comm="syz.3.618" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.526417][ T29] audit: type=1400 audit(1765210815.008:567): avc: denied { open } for pid=4950 comm="syz.3.618" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.578806][ T29] audit: type=1400 audit(1765210815.078:568): avc: denied { mount } for pid=4958 comm="syz.1.619" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 49.804080][ T29] audit: type=1326 audit(1765210815.308:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4982 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbed711f749 code=0x7ffc0000 [ 49.828348][ T4981] batadv_slave_0: entered promiscuous mode [ 49.893488][ T29] audit: type=1326 audit(1765210815.328:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4982 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbed711f749 code=0x7ffc0000 [ 49.916678][ T29] audit: type=1326 audit(1765210815.328:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4982 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbed711f749 code=0x7ffc0000 [ 49.940041][ T29] audit: type=1326 audit(1765210815.328:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4982 comm="syz.4.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbed711f749 code=0x7ffc0000 [ 50.286132][ T5028] loop4: detected capacity change from 0 to 128 [ 50.302064][ T5028] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 50.318495][ T5028] ext4 filesystem being mounted at /130/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 50.368384][ T3311] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 50.918246][ T5062] netlink: 'syz.2.663': attribute type 2 has an invalid length. [ 50.995316][ T5065] macsec1: entered promiscuous mode [ 51.000573][ T5065] dummy0: entered promiscuous mode [ 51.005853][ T5065] macsec1: entered allmulticast mode [ 51.011472][ T5065] dummy0: entered allmulticast mode [ 51.017923][ T5065] dummy0: left allmulticast mode [ 51.022990][ T5065] dummy0: left promiscuous mode [ 51.318923][ T5098] netlink: 'syz.4.679': attribute type 2 has an invalid length. [ 51.478678][ T5124] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5124 comm=syz.1.690 [ 51.491176][ T5124] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5124 comm=syz.1.690 [ 51.510685][ T5127] __nla_validate_parse: 14 callbacks suppressed [ 51.510700][ T5127] netlink: 4 bytes leftover after parsing attributes in process `syz.4.691'. [ 51.544056][ T5127] netlink: 12 bytes leftover after parsing attributes in process `syz.4.691'. [ 51.579312][ T5131] ip6gre1: entered allmulticast mode [ 51.606062][ T5135] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.756932][ T5146] netlink: 'syz.1.700': attribute type 2 has an invalid length. [ 51.767113][ T5135] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.885828][ T5135] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.973260][ T5135] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.132445][ T415] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.146711][ T415] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.162327][ T415] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.257446][ T415] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 52.289141][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 52.298015][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 52.393794][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 52.402658][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 52.477009][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 52.485881][ T5166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'. [ 52.910276][ T5192] netlink: 'syz.3.716': attribute type 4 has an invalid length. [ 52.918021][ T5192] netlink: 152 bytes leftover after parsing attributes in process `syz.3.716'. [ 52.979679][ T5192] .`: renamed from bond0 [ 53.107658][ T5198] netlink: 4 bytes leftover after parsing attributes in process `syz.3.719'. [ 53.177650][ T5200] loop3: detected capacity change from 0 to 512 [ 53.201818][ T5200] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 53.210538][ T5200] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 53.293261][ T5200] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.721: Allocating blocks 41-42 which overlap fs metadata [ 53.321693][ T5200] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.721: Allocating blocks 41-42 which overlap fs metadata [ 53.341491][ T5200] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.721: Failed to acquire dquot type 1 [ 53.361487][ T5200] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 53.381065][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.721: corrupted inode contents [ 53.401577][ T5200] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #12: comm syz.3.721: mark_inode_dirty error [ 53.413408][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.721: corrupted inode contents [ 53.442093][ T5200] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.721: mark_inode_dirty error [ 53.456977][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.721: corrupted inode contents [ 53.475867][ T5200] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 53.521202][ T5200] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.721: corrupted inode contents [ 53.541207][ T5200] EXT4-fs error (device loop3): ext4_truncate:4635: inode #12: comm syz.3.721: mark_inode_dirty error [ 53.564317][ T5200] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 53.583047][ T5200] EXT4-fs (loop3): 1 truncate cleaned up [ 53.595010][ T5200] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.688788][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.714811][ T29] kauditd_printk_skb: 99 callbacks suppressed [ 54.714836][ T29] audit: type=1326 audit(1765210820.218:668): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.745066][ T5249] capability: warning: `syz.1.740' uses deprecated v2 capabilities in a way that may be insecure [ 54.764634][ T29] audit: type=1326 audit(1765210820.218:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.787923][ T29] audit: type=1326 audit(1765210820.218:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.811269][ T29] audit: type=1326 audit(1765210820.218:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.834501][ T29] audit: type=1326 audit(1765210820.228:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.857894][ T29] audit: type=1326 audit(1765210820.248:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.881062][ T29] audit: type=1326 audit(1765210820.248:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.904458][ T29] audit: type=1326 audit(1765210820.248:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.927732][ T29] audit: type=1326 audit(1765210820.248:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 54.951055][ T29] audit: type=1326 audit(1765210820.258:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5248 comm="syz.1.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 55.325797][ T5303] netlink: 'syz.2.763': attribute type 12 has an invalid length. [ 55.447753][ T5314] atomic_op ffff8881373d4d28 conn xmit_atomic 0000000000000000 [ 55.841306][ T5362] netlink: 'syz.1.789': attribute type 1 has an invalid length. [ 55.867306][ T5362] 8021q: adding VLAN 0 to HW filter on device bond1 [ 55.902782][ T5362] bond1: (slave ip6gretap1): making interface the new active one [ 56.033236][ T5362] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 56.145706][ T5373] netlink: 'syz.1.794': attribute type 3 has an invalid length. [ 56.181837][ T5377] veth0_vlan: entered allmulticast mode [ 56.308227][ T5353] syz.0.786 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 56.318912][ T5353] CPU: 1 UID: 0 PID: 5353 Comm: syz.0.786 Not tainted syzkaller #0 PREEMPT(voluntary) [ 56.318989][ T5353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.319002][ T5353] Call Trace: [ 56.319014][ T5353] [ 56.319023][ T5353] __dump_stack+0x1d/0x30 [ 56.319047][ T5353] dump_stack_lvl+0xe8/0x140 [ 56.319069][ T5353] dump_stack+0x15/0x1b [ 56.319090][ T5353] dump_header+0x81/0x240 [ 56.319109][ T5353] oom_kill_process+0x295/0x350 [ 56.319163][ T5353] out_of_memory+0x97b/0xb80 [ 56.319263][ T5353] try_charge_memcg+0x610/0xa10 [ 56.319286][ T5353] charge_memcg+0x51/0xc0 [ 56.319310][ T5353] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 56.319476][ T5353] __read_swap_cache_async+0x17b/0x2d0 [ 56.319655][ T5353] swap_cluster_readahead+0x262/0x3c0 [ 56.319688][ T5353] swapin_readahead+0xde/0x820 [ 56.319712][ T5353] ? update_load_avg+0x1da/0x820 [ 56.319781][ T5353] ? __list_add_valid_or_report+0x38/0xe0 [ 56.319813][ T5353] ? __rcu_read_unlock+0x4f/0x70 [ 56.319835][ T5353] ? swap_cache_get_folio+0x277/0x280 [ 56.319967][ T5353] do_swap_page+0x2b4/0x21e0 [ 56.319994][ T5353] ? _raw_spin_unlock+0x26/0x50 [ 56.320017][ T5353] ? __schedule+0x85f/0xcd0 [ 56.320036][ T5353] ? __pfx_default_wake_function+0x10/0x10 [ 56.320146][ T5353] handle_mm_fault+0x9d8/0x2c60 [ 56.320180][ T5353] do_user_addr_fault+0x630/0x1080 [ 56.320268][ T5353] exc_page_fault+0x62/0xa0 [ 56.320294][ T5353] asm_exc_page_fault+0x26/0x30 [ 56.320324][ T5353] RIP: 0033:0x7fd6f5102008 [ 56.320344][ T5353] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f [ 56.320359][ T5353] RSP: 002b:00007ffcd9b42de0 EFLAGS: 00010293 [ 56.320377][ T5353] RAX: 0000000000000000 RBX: 00007fd6f5325fa0 RCX: 00007fd6f5102005 [ 56.320390][ T5353] RDX: 00007ffcd9b42e20 RSI: 0000000000000000 RDI: 0000000000000000 [ 56.320404][ T5353] RBP: 00007fd6f5327da0 R08: 0000000000000000 R09: 7fffffffffffffff [ 56.320417][ T5353] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000dce7 [ 56.320436][ T5353] R13: 00007ffcd9b42f40 R14: ffffffffffffffff R15: 00007ffcd9b42f60 [ 56.320452][ T5353] [ 56.320457][ T5353] memory: usage 307200kB, limit 307200kB, failcnt 839 [ 56.544072][ T5353] memory+swap: usage 323928kB, limit 9007199254740988kB, failcnt 0 [ 56.551974][ T5353] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 56.559238][ T5353] Memory cgroup stats for /syz0: [ 56.651173][ T5353] cache 0 [ 56.659110][ T5353] rss 0 [ 56.661909][ T5353] shmem 0 [ 56.664859][ T5353] mapped_file 0 [ 56.668431][ T5353] dirty 0 [ 56.671430][ T5353] writeback 0 [ 56.674701][ T5353] workingset_refault_anon 47 [ 56.679309][ T5353] workingset_refault_file 264 [ 56.684090][ T5353] swap 17129472 [ 56.687538][ T5353] swapcached 0 [ 56.690953][ T5353] pgpgin 71410 [ 56.694317][ T5353] pgpgout 71410 [ 56.697760][ T5353] pgfault 48587 [ 56.701278][ T5353] pgmajfault 30 [ 56.704738][ T5353] inactive_anon 0 [ 56.708358][ T5353] active_anon 0 [ 56.711846][ T5353] inactive_file 0 [ 56.715529][ T5353] active_file 0 [ 56.718979][ T5353] unevictable 0 [ 56.722458][ T5353] hierarchical_memory_limit 314572800 [ 56.727823][ T5353] hierarchical_memsw_limit 9223372036854771712 [ 56.733993][ T5353] total_cache 0 [ 56.737466][ T5353] total_rss 0 [ 56.740737][ T5353] total_shmem 0 [ 56.744225][ T5353] total_mapped_file 0 [ 56.748206][ T5353] total_dirty 0 [ 56.751687][ T5353] total_writeback 0 [ 56.755478][ T5353] total_workingset_refault_anon 47 [ 56.760580][ T5353] total_workingset_refault_file 264 [ 56.765789][ T5353] total_swap 17129472 [ 56.769762][ T5353] total_swapcached 0 [ 56.773763][ T5353] total_pgpgin 71410 [ 56.777642][ T5353] total_pgpgout 71410 [ 56.782065][ T5353] total_pgfault 48587 [ 56.786041][ T5353] total_pgmajfault 30 [ 56.790060][ T5353] total_inactive_anon 0 [ 56.794248][ T5353] total_active_anon 0 [ 56.798215][ T5353] total_inactive_file 0 [ 56.802399][ T5353] total_active_file 0 [ 56.806366][ T5353] total_unevictable 0 [ 56.810335][ T5353] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.99,pid=3729,uid=0 [ 56.824784][ T5353] Memory cgroup out of memory: Killed process 3729 (syz.0.99) total-vm:95884kB, anon-rss:1144kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:84kB oom_score_adj:1000 [ 57.120780][ T5416] __nla_validate_parse: 13 callbacks suppressed [ 57.120796][ T5416] netlink: 204 bytes leftover after parsing attributes in process `syz.2.813'. [ 57.150814][ T5417] netlink: 'syz.0.809': attribute type 1 has an invalid length. [ 57.176579][ T5417] 8021q: adding VLAN 0 to HW filter on device bond1 [ 57.208673][ T5424] ipip0: entered promiscuous mode [ 57.272270][ T5438] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.823'. [ 57.277671][ T5417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.342575][ T5440] loop4: detected capacity change from 0 to 1024 [ 57.349246][ T5440] EXT4-fs: inline encryption not supported [ 57.356152][ T5443] netlink: 'syz.0.809': attribute type 13 has an invalid length. [ 57.357764][ T5417] bond1: (slave batadv0): making interface the new active one [ 57.420593][ T5417] bond1: (slave batadv0): Enslaving as an active interface with an up link [ 57.451887][ T5440] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.539012][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.615806][ T5443] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.623004][ T5443] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.816063][ T52] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.824922][ T52] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.842305][ T52] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.857306][ T52] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.958463][ T5475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.833'. [ 57.989973][ T5475] netlink: 4 bytes leftover after parsing attributes in process `syz.0.833'. [ 58.861032][ T5573] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5573 comm=syz.2.874 [ 58.953081][ T5590] loop4: detected capacity change from 0 to 512 [ 58.973746][ T5590] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 58.998875][ T5590] EXT4-fs (loop4): mount failed [ 59.198557][ T5627] netlink: 24 bytes leftover after parsing attributes in process `syz.0.898'. [ 59.325430][ T5632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.900'. [ 59.547220][ T5642] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 59.652319][ T5644] syz.1.903 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 59.797312][ T5668] netlink: 12 bytes leftover after parsing attributes in process `syz.0.914'. [ 59.828583][ T5668] bond2: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 59.846030][ T5668] bond2: (slave ip6tnl1): Error -95 calling set_mac_address [ 59.885153][ T5677] netlink: 4 bytes leftover after parsing attributes in process `syz.4.918'. [ 59.895330][ T5677] netlink: 12 bytes leftover after parsing attributes in process `syz.4.918'. [ 59.944894][ T29] kauditd_printk_skb: 248 callbacks suppressed [ 59.944932][ T29] audit: type=1326 audit(1765210825.448:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5682 comm="syz.0.920" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd6f50cf749 code=0x0 [ 59.999174][ T5691] loop3: detected capacity change from 0 to 512 [ 60.014594][ T5691] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.027249][ T5691] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.083620][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.156606][ T5703] loop4: detected capacity change from 0 to 512 [ 60.172980][ T5703] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.186176][ T5703] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 60.198009][ T29] audit: type=1400 audit(1765210825.698:926): avc: denied { setattr } for pid=5702 comm="syz.4.928" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 60.198148][ T5703] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.928: corrupted inode contents [ 60.233012][ T5703] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #2: comm syz.4.928: mark_inode_dirty error [ 60.244642][ T5703] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #2: comm syz.4.928: corrupted inode contents [ 60.272949][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.356647][ T5715] netlink: 'syz.3.932': attribute type 6 has an invalid length. [ 60.433471][ T5725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.937'. [ 60.566143][ T5735] loop3: detected capacity change from 0 to 512 [ 60.593184][ T5735] Quota error (device loop3): v2_read_file_info: Free block number 1 out of range (1, 6). [ 60.605453][ T5735] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 60.633572][ T5735] EXT4-fs (loop3): mount failed [ 60.740579][ T5752] loop3: detected capacity change from 0 to 1024 [ 60.749219][ T5752] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 60.760205][ T5752] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 60.773503][ T5752] JBD2: no valid journal superblock found [ 60.779250][ T5752] EXT4-fs (loop3): Could not load journal inode [ 60.796331][ T5752] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 60.806217][ T29] audit: type=1326 audit(1765210826.298:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 60.829475][ T29] audit: type=1326 audit(1765210826.298:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 60.852743][ T29] audit: type=1326 audit(1765210826.308:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 60.876013][ T29] audit: type=1326 audit(1765210826.308:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 60.899275][ T29] audit: type=1326 audit(1765210826.308:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 60.938059][ T29] audit: type=1326 audit(1765210826.308:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 60.961412][ T29] audit: type=1326 audit(1765210826.308:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5755 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 61.031884][ T5765] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.042381][ T5765] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.103020][ T5765] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.113431][ T5765] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.195681][ T5765] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.206075][ T5765] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.303968][ T5765] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 61.314360][ T5765] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.357640][ T31] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 61.365870][ T31] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.377821][ T31] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 61.386097][ T31] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.401872][ T31] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 61.410078][ T31] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.418651][ T31] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 61.426925][ T31] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.917782][ T5817] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.952843][ T5817] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.993064][ T5817] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.053975][ T5817] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 62.143083][ T31] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.173183][ T31] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.197873][ T31] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.209815][ T31] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.310736][ T5863] __nla_validate_parse: 3 callbacks suppressed [ 62.310751][ T5863] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1000'. [ 62.331787][ T5863] ip6gre1: entered promiscuous mode [ 62.337102][ T5863] ip6gre1: entered allmulticast mode [ 62.469691][ T5886] loop4: detected capacity change from 0 to 1024 [ 62.491292][ T5886] EXT4-fs: Ignoring removed mblk_io_submit option [ 62.499932][ T5886] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 62.515324][ T5886] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.629508][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.656957][ T5974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1022'. [ 63.791147][ T5990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1028'. [ 64.037334][ T6033] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1049'. [ 64.289539][ T6053] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1056'. [ 64.300802][ T6053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1056'. [ 64.518833][ T6075] loop3: detected capacity change from 0 to 8192 [ 64.881956][ T6116] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1084'. [ 64.915343][ T6118] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1085'. [ 65.020937][ T29] kauditd_printk_skb: 102 callbacks suppressed [ 65.020954][ T29] audit: type=1326 audit(1765210830.498:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.050618][ T29] audit: type=1326 audit(1765210830.498:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.074106][ T29] audit: type=1326 audit(1765210830.498:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.097524][ T29] audit: type=1326 audit(1765210830.498:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.121027][ T29] audit: type=1326 audit(1765210830.498:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.144411][ T29] audit: type=1326 audit(1765210830.498:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.167936][ T29] audit: type=1326 audit(1765210830.498:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.191467][ T29] audit: type=1326 audit(1765210830.498:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.214977][ T29] audit: type=1326 audit(1765210830.498:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6121 comm="syz.1.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 65.289113][ T29] audit: type=1326 audit(1765210830.788:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6134 comm="syz.0.1092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd6f50c65e7 code=0x7ffc0000 [ 65.297226][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1094'. [ 65.530624][ T6153] loop4: detected capacity change from 0 to 136 [ 65.563057][ T6155] netlink: 'syz.2.1101': attribute type 4 has an invalid length. [ 65.574394][ T6155] netlink: 'syz.2.1101': attribute type 4 has an invalid length. [ 65.585225][ T6155] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1101'. [ 65.623278][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.630469][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.724123][ T3451] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.735864][ T3451] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.758833][ T3451] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.767722][ T3451] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 67.586993][ T6285] __nla_validate_parse: 8 callbacks suppressed [ 67.587015][ T6285] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1154'. [ 68.478931][ T6312] netlink: 131740 bytes leftover after parsing attributes in process `syz.2.1163'. [ 68.517704][ T6312] netlink: zone id is out of range [ 68.522910][ T6312] netlink: zone id is out of range [ 68.538561][ T6312] netlink: zone id is out of range [ 68.548677][ T6312] netlink: zone id is out of range [ 68.569859][ T6312] netlink: del zone limit has 8 unknown bytes [ 68.687344][ T6333] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1172'. [ 68.833568][ T6347] smc: net device bond0 applied user defined pnetid SYZ0 [ 68.845681][ T6347] smc: net device bond0 erased user defined pnetid SYZ0 [ 68.888961][ T6349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1178'. [ 68.922284][ T6349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1178'. [ 69.219630][ T6375] netlink: 'syz.3.1189': attribute type 4 has an invalid length. [ 69.228782][ T6375] netlink: 'syz.3.1189': attribute type 4 has an invalid length. [ 69.440667][ T6387] tipc: Started in network mode [ 69.445579][ T6387] tipc: Node identity 84e, cluster identity 4711 [ 69.451963][ T6387] tipc: Node number set to 2126 [ 69.505844][ T6395] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1199'. [ 69.514869][ T6395] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1199'. [ 69.524116][ T6395] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1199'. [ 69.533139][ T6395] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1199'. [ 69.542241][ T6395] netlink: 84 bytes leftover after parsing attributes in process `syz.2.1199'. [ 69.694014][ T6411] loop4: detected capacity change from 0 to 1024 [ 69.701861][ T6411] EXT4-fs: Ignoring removed oldalloc option [ 69.709083][ T6411] EXT4-fs: Ignoring removed bh option [ 69.734034][ T6411] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.753963][ T6411] EXT4-fs error (device loop4): mb_free_blocks:2037: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 69.802955][ T6424] rdma_op ffff88811cfb6980 conn xmit_rdma 0000000000000000 [ 69.836669][ T6427] netlink: 'syz.0.1212': attribute type 4 has an invalid length. [ 69.855417][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.237063][ T6473] loop3: detected capacity change from 0 to 2048 [ 70.286834][ T3293] Alternate GPT is invalid, using primary GPT. [ 70.293326][ T3293] loop3: p2 p3 p7 [ 70.308552][ T6473] Alternate GPT is invalid, using primary GPT. [ 70.315032][ T6473] loop3: p2 p3 p7 [ 70.408823][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 70.422537][ T4064] udevd[4064]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 70.433149][ T3497] udevd[3497]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 70.452128][ T4064] udevd[4064]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 70.463790][ T3497] udevd[3497]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 70.474972][ T3293] udevd[3293]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 70.517086][ T29] kauditd_printk_skb: 292 callbacks suppressed [ 70.517100][ T29] audit: type=1400 audit(1765210836.018:1338): avc: denied { mac_admin } for pid=6489 comm="syz.3.1239" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 70.524444][ T6490] SELinux: Context system_u:object_r:logrotate_exec_t:s0 is not valid (left unmapped). [ 70.554764][ T29] audit: type=1400 audit(1765210836.058:1339): avc: denied { relabelto } for pid=6489 comm="syz.3.1239" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:logrotate_exec_t:s0" [ 70.581166][ T29] audit: type=1400 audit(1765210836.058:1340): avc: denied { associate } for pid=6489 comm="syz.3.1239" name="/" dev="cgroup2" ino=1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:logrotate_exec_t:s0" [ 71.105941][ T29] audit: type=1326 audit(1765210836.608:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6540 comm="syz.1.1262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 71.153927][ T29] audit: type=1326 audit(1765210836.608:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6540 comm="syz.1.1262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 71.177544][ T29] audit: type=1326 audit(1765210836.608:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6540 comm="syz.1.1262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 71.201087][ T29] audit: type=1326 audit(1765210836.608:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6540 comm="syz.1.1262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 71.224619][ T29] audit: type=1326 audit(1765210836.608:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6540 comm="syz.1.1262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 71.423147][ T6563] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 71.491300][ T6573] netlink: 'syz.4.1273': attribute type 4 has an invalid length. [ 71.502574][ T6570] netlink: 'syz.3.1271': attribute type 1 has an invalid length. [ 71.519400][ T6573] netlink: 'syz.4.1273': attribute type 4 has an invalid length. [ 71.552566][ T6570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.664752][ T6583] bond0: entered allmulticast mode [ 71.671320][ T5929] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.688708][ T5929] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.734243][ T5921] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.743108][ T5921] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.845947][ T29] audit: type=1326 audit(1765210837.348:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6592 comm="syz.3.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 71.906392][ T29] audit: type=1326 audit(1765210837.378:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6592 comm="syz.3.1281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 72.133391][ T6606] loop3: detected capacity change from 0 to 1024 [ 72.151161][ T6616] loop4: detected capacity change from 0 to 256 [ 72.162516][ T6616] FAT-fs (loop4): error, clusters badly computed (0 != 128) [ 72.169860][ T6616] FAT-fs (loop4): Filesystem has been set read-only [ 72.241500][ T6606] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (58532!=20869) [ 72.330968][ T6606] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a040e11d, mo2=0002] [ 72.341109][ T6606] EXT4-fs (loop3): failed to initialize system zone (-117) [ 72.372821][ T6606] EXT4-fs (loop3): mount failed [ 72.589348][ T6642] netlink: 'syz.3.1301': attribute type 6 has an invalid length. [ 72.608638][ T6644] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 72.650359][ T6648] tmpfs: Turning off swap in unprivileged tmpfs mounts unsupported [ 72.789856][ T6658] can0: slcan on ptm0. [ 72.833162][ T6658] can0 (unregistered): slcan off ptm0. [ 72.838731][ T6658] Falling back ldisc for ptm0. [ 72.902807][ T6667] loop3: detected capacity change from 0 to 256 [ 73.098563][ T6686] hub 9-0:1.0: USB hub found [ 73.116837][ T6686] hub 9-0:1.0: 8 ports detected [ 73.167508][ T6695] __nla_validate_parse: 14 callbacks suppressed [ 73.167527][ T6695] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1318'. [ 73.194207][ T6701] syzkaller0: entered promiscuous mode [ 73.237347][ T6701] syzkaller0 (unregistering): left promiscuous mode [ 73.287026][ T6717] netlink: 'syz.2.1324': attribute type 1 has an invalid length. [ 73.377009][ T6726] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1327'. [ 74.325846][ T6778] loop3: detected capacity change from 0 to 512 [ 74.338485][ T6778] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 74.351574][ T6778] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 74.364420][ T6778] EXT4-fs error (device loop3): ext4_orphan_get:1391: inode #15: comm syz.3.1348: inode has both inline data and extents flags [ 74.377963][ T6778] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.1348: couldn't read orphan inode 15 (err -117) [ 74.391291][ T6778] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.416971][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.558881][ T6795] loop3: detected capacity change from 0 to 1024 [ 74.637527][ T6795] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.724549][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.793113][ T6814] loop3: detected capacity change from 0 to 128 [ 74.894097][ T6822] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1366'. [ 74.913648][ T6824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1367'. [ 74.922962][ T6824] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1367'. [ 75.200738][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1389'. [ 75.210625][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1389'. [ 75.220127][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1389'. [ 75.229616][ T6873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1389'. [ 75.266403][ T6878] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1391'. [ 75.278835][ T6878] bridge0: port 3(vlan3) entered blocking state [ 75.285269][ T6878] bridge0: port 3(vlan3) entered disabled state [ 75.291981][ T6878] vlan3: entered allmulticast mode [ 75.297130][ T6878] bridge0: entered allmulticast mode [ 75.303087][ T6878] vlan3: left allmulticast mode [ 75.307928][ T6878] bridge0: left allmulticast mode [ 75.533835][ T29] kauditd_printk_skb: 532 callbacks suppressed [ 75.533850][ T29] audit: type=1326 audit(1765210841.038:1880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.563595][ T29] audit: type=1326 audit(1765210841.038:1881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.587153][ T29] audit: type=1326 audit(1765210841.038:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.610806][ T29] audit: type=1326 audit(1765210841.038:1883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.634301][ T29] audit: type=1326 audit(1765210841.038:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.657720][ T29] audit: type=1326 audit(1765210841.038:1885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.681254][ T29] audit: type=1326 audit(1765210841.038:1886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.704719][ T29] audit: type=1326 audit(1765210841.038:1887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.728153][ T29] audit: type=1326 audit(1765210841.038:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 75.751628][ T29] audit: type=1326 audit(1765210841.038:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6896 comm="syz.2.1399" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f14b49af749 code=0x7ffc0000 [ 76.083207][ T6919] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.090533][ T6919] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.447219][ T3451] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.455669][ T3451] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.532982][ T3451] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.541640][ T3451] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.568343][ T3451] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.576854][ T3451] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.692953][ T3451] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 76.701491][ T3451] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.139388][ T6997] syzkaller0: entered allmulticast mode [ 77.160527][ T6997] syzkaller0 (unregistering): left allmulticast mode [ 77.413050][ T7032] netlink: 'syz.2.1456': attribute type 25 has an invalid length. [ 77.424875][ T7032] netlink: 'syz.2.1456': attribute type 25 has an invalid length. [ 77.427657][ T5933] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.454437][ T5933] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.490128][ T5933] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.502933][ T5933] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 77.526075][ T7040] loop4: detected capacity change from 0 to 2048 [ 77.573031][ T7040] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.622137][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.663608][ T5942] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.691302][ T5942] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.703034][ T5942] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.723746][ T5942] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 78.491833][ T7098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 78.511118][ T7098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 78.619267][ T7121] __nla_validate_parse: 14 callbacks suppressed [ 78.619284][ T7121] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1491'. [ 78.699673][ T7135] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1500'. [ 78.949068][ T7151] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1508'. [ 79.193477][ T7162] sch_fq: defrate 0 ignored. [ 79.420298][ T7176] loop4: detected capacity change from 0 to 512 [ 79.428739][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1519'. [ 79.440668][ T7176] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 79.466928][ T7176] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.484052][ T7176] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #2: block 18: comm syz.4.1518: lblock 23 mapped to illegal pblock 18 (length 1) [ 79.515380][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.985809][ T7213] netlink: 131740 bytes leftover after parsing attributes in process `syz.3.1531'. [ 79.993793][ T7216] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 80.030355][ T7213] netlink: zone id is out of range [ 80.035582][ T7213] netlink: zone id is out of range [ 80.047421][ T7213] netlink: zone id is out of range [ 80.052678][ T7213] netlink: zone id is out of range [ 80.058191][ T7213] netlink: del zone limit has 8 unknown bytes [ 80.296409][ T7243] smc: net device ip6gretap0 applied user defined pnetid SYZ2 [ 80.304644][ T7243] smc: net device ip6gretap0 erased user defined pnetid SYZ2 [ 80.330630][ T7246] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 80.714678][ T29] kauditd_printk_skb: 102 callbacks suppressed [ 80.714694][ T29] audit: type=1326 audit(1765210846.218:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.717079][ T7250] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1547'. [ 80.721478][ T29] audit: type=1326 audit(1765210846.228:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.799813][ T29] audit: type=1326 audit(1765210846.288:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.823523][ T29] audit: type=1326 audit(1765210846.288:1995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.847557][ T29] audit: type=1326 audit(1765210846.288:1996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.871027][ T29] audit: type=1326 audit(1765210846.288:1997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.894855][ T29] audit: type=1326 audit(1765210846.288:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.918531][ T29] audit: type=1326 audit(1765210846.288:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.941927][ T29] audit: type=1326 audit(1765210846.288:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 80.965498][ T29] audit: type=1326 audit(1765210846.288:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7249 comm="syz.0.1548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6f50cf749 code=0x7ffc0000 [ 81.004563][ T7256] netlink: 131740 bytes leftover after parsing attributes in process `syz.0.1549'. [ 81.014495][ T7255] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1550'. [ 81.028504][ T7256] netlink: zone id is out of range [ 81.033814][ T7256] netlink: zone id is out of range [ 81.056610][ T7256] netlink: zone id is out of range [ 81.065163][ T7256] netlink: zone id is out of range [ 81.070494][ T7256] netlink: del zone limit has 8 unknown bytes [ 81.128350][ T7272] smc: net device ip6gretap0 applied user defined pnetid SYZ2 [ 81.179508][ T7276] smc: net device ip6gretap0 erased user defined pnetid SYZ2 [ 81.254217][ T7280] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1561'. [ 81.305571][ T7285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1561'. [ 81.785340][ T7307] netlink: 'syz.3.1567': attribute type 4 has an invalid length. [ 81.815014][ T7307] netlink: 'syz.3.1567': attribute type 4 has an invalid length. [ 82.631166][ T7330] loop4: detected capacity change from 0 to 512 [ 82.665763][ T7330] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.678593][ T7330] ext4 filesystem being mounted at /266/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.743471][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.176293][ T7393] loop4: detected capacity change from 0 to 512 [ 83.219140][ T7393] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 4294967295)! [ 83.230103][ T7393] EXT4-fs (loop4): group descriptors corrupted! [ 83.295850][ T7403] syzkaller0: entered promiscuous mode [ 83.304205][ T7406] bond2: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 83.315157][ T7406] bond2: (slave ip6tnl1): Error -95 calling set_mac_address [ 83.325560][ T7403] syzkaller0 (unregistering): left promiscuous mode [ 83.336221][ T7408] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 83.343835][ T7408] vhci_hcd vhci_hcd.2: invalid port number 96 [ 83.350012][ T7408] vhci_hcd vhci_hcd.2: default hub control req: 0300 vfffa i0060 l0 [ 83.551427][ T7432] netlink: 'syz.4.1635': attribute type 4 has an invalid length. [ 83.729855][ T7457] netlink: 'syz.4.1633': attribute type 4 has an invalid length. [ 83.738149][ T7457] netlink: 'syz.4.1633': attribute type 4 has an invalid length. [ 83.878356][ T7475] __nla_validate_parse: 13 callbacks suppressed [ 83.878372][ T7475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1643'. [ 83.923187][ T7475] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1643'. [ 84.441377][ T7484] netlink: 'syz.2.1647': attribute type 4 has an invalid length. [ 84.451271][ T7484] netlink: 'syz.2.1647': attribute type 4 has an invalid length. [ 84.651475][ T7493] netlink: 'syz.4.1650': attribute type 25 has an invalid length. [ 84.659337][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1650'. [ 84.690141][ T7493] netlink: 'syz.4.1650': attribute type 25 has an invalid length. [ 84.698320][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1650'. [ 84.771913][ T7500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1653'. [ 84.780934][ T7500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1653'. [ 84.812172][ T7500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1653'. [ 84.821235][ T7500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1653'. [ 84.877731][ T7505] loop4: detected capacity change from 0 to 164 [ 84.886760][ T7509] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1655'. [ 84.906375][ T7505] bio_check_eod: 98 callbacks suppressed [ 84.906426][ T7505] syz.4.1656: attempt to access beyond end of device [ 84.906426][ T7505] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 84.926802][ T7509] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1655'. [ 84.940939][ T7505] syz.4.1656: attempt to access beyond end of device [ 84.940939][ T7505] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 84.975515][ T7514] netlink: 'syz.1.1658': attribute type 4 has an invalid length. [ 85.019210][ T7519] netlink: 'syz.1.1661': attribute type 4 has an invalid length. [ 85.047825][ T7519] netlink: 'syz.1.1661': attribute type 4 has an invalid length. [ 85.099886][ T7528] loop3: detected capacity change from 0 to 512 [ 85.120014][ T7528] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 85.183124][ T7528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.247533][ T7528] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #2: block 18: comm syz.3.1665: lblock 23 mapped to illegal pblock 18 (length 1) [ 85.312610][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.811862][ T29] kauditd_printk_skb: 91 callbacks suppressed [ 85.811875][ T29] audit: type=1326 audit(1765210851.318:2093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7510 comm="syz.2.1657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f14b49a65e7 code=0x7fc00000 [ 85.926187][ T7561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.941492][ T7561] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.403370][ T29] audit: type=1400 audit(1765210851.908:2094): avc: denied { create } for pid=7596 comm="syz.4.1695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 86.438786][ T29] audit: type=1400 audit(1765210851.928:2095): avc: denied { connect } for pid=7596 comm="syz.4.1695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 88.221355][ T7641] 8021q: adding VLAN 0 to HW filter on device bond3 [ 88.283378][ T7636] bond3: entered allmulticast mode [ 88.490822][ T29] audit: type=1400 audit(1765210853.988:2096): avc: denied { unmount } for pid=3308 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 88.585411][ T7659] loop3: detected capacity change from 0 to 128 [ 88.656257][ T7659] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 88.856295][ T7675] validate_nla: 1 callbacks suppressed [ 88.856312][ T7675] netlink: 'syz.2.1720': attribute type 1 has an invalid length. [ 88.926620][ T7684] __nla_validate_parse: 9 callbacks suppressed [ 88.926638][ T7684] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1723'. [ 88.933062][ T7675] 8021q: adding VLAN 0 to HW filter on device bond1 [ 88.949752][ T7681] bond1: entered allmulticast mode [ 89.138266][ T7685] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1723'. [ 89.181225][ T7680] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1722'. [ 90.012993][ T7711] loop4: detected capacity change from 0 to 128 [ 90.030352][ T7711] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 90.124142][ T7720] netlink: 'syz.0.1736': attribute type 298 has an invalid length. [ 90.255932][ T7737] netlink: 'syz.1.1745': attribute type 4 has an invalid length. [ 90.279501][ T7737] netlink: 'syz.1.1745': attribute type 4 has an invalid length. [ 90.279881][ T29] audit: type=1326 audit(1765210855.778:2097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7735 comm="syz.3.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 90.350608][ T29] audit: type=1326 audit(1765210855.788:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7735 comm="syz.3.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 90.374399][ T29] audit: type=1326 audit(1765210855.788:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7735 comm="syz.3.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 90.398948][ T29] audit: type=1326 audit(1765210855.818:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7735 comm="syz.3.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 90.422445][ T29] audit: type=1326 audit(1765210855.818:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7735 comm="syz.3.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 90.445920][ T29] audit: type=1326 audit(1765210855.818:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7735 comm="syz.3.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f84351ff749 code=0x7ffc0000 [ 90.646086][ T7764] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1754'. [ 90.860805][ T7781] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1763'. [ 90.873929][ T7783] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1764'. [ 91.449732][ T7814] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1777'. [ 91.458813][ T7814] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1777'. [ 91.488249][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 91.488265][ T29] audit: type=1326 audit(1765210856.988:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.523787][ T29] audit: type=1326 audit(1765210856.988:2127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.547292][ T29] audit: type=1326 audit(1765210856.988:2128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.570751][ T29] audit: type=1326 audit(1765210856.988:2129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.594187][ T29] audit: type=1326 audit(1765210856.988:2130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.617822][ T29] audit: type=1326 audit(1765210856.988:2131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.641467][ T29] audit: type=1326 audit(1765210856.988:2132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.665109][ T29] audit: type=1326 audit(1765210856.988:2133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.688609][ T29] audit: type=1326 audit(1765210856.988:2134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.711980][ T29] audit: type=1326 audit(1765210856.988:2135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7817 comm="syz.1.1779" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6d9af749 code=0x7ffc0000 [ 91.762921][ T7825] tipc: Started in network mode [ 91.767857][ T7825] tipc: Node identity ac14140f, cluster identity 4711 [ 91.805934][ T7825] tipc: New replicast peer: 255.255.255.255 [ 91.812321][ T7825] tipc: Enabled bearer , priority 10 [ 91.823006][ T7828] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1782'. [ 91.832108][ T7828] tipc: Disabling bearer [ 91.893067][ T7830] netlink: 105116 bytes leftover after parsing attributes in process `syz.4.1785'. [ 92.530356][ T7874] netlink: 'syz.4.1805': attribute type 1 has an invalid length. [ 92.542752][ T7875] pimreg: entered allmulticast mode [ 92.557510][ T7874] bond1: entered promiscuous mode [ 92.563283][ T7874] 8021q: adding VLAN 0 to HW filter on device bond1 [ 92.570813][ T7875] pimreg: left allmulticast mode [ 92.592513][ T7874] bond1: (slave bridge8): making interface the new active one [ 92.600136][ T7874] bridge8: entered promiscuous mode [ 92.607772][ T7874] bridge8: left promiscuous mode [ 93.845467][ T7894] ================================================================== [ 93.853605][ T7894] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 93.862247][ T7894] [ 93.864570][ T7894] write to 0xffff88811b3ba528 of 8 bytes by task 7899 on cpu 0: [ 93.872189][ T7894] shmem_file_splice_read+0x470/0x600 [ 93.877581][ T7894] splice_direct_to_actor+0x26f/0x680 [ 93.882960][ T7894] do_splice_direct+0xda/0x150 [ 93.887722][ T7894] do_sendfile+0x380/0x650 [ 93.892138][ T7894] __x64_sys_sendfile64+0x105/0x150 [ 93.897341][ T7894] x64_sys_call+0x2db1/0x3000 [ 93.902013][ T7894] do_syscall_64+0xd8/0x2a0 [ 93.906524][ T7894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.912423][ T7894] [ 93.914732][ T7894] write to 0xffff88811b3ba528 of 8 bytes by task 7894 on cpu 1: [ 93.922352][ T7894] shmem_file_splice_read+0x470/0x600 [ 93.927735][ T7894] splice_direct_to_actor+0x26f/0x680 [ 93.933095][ T7894] do_splice_direct+0xda/0x150 [ 93.937854][ T7894] do_sendfile+0x380/0x650 [ 93.942278][ T7894] __x64_sys_sendfile64+0x105/0x150 [ 93.947472][ T7894] x64_sys_call+0x2db1/0x3000 [ 93.952141][ T7894] do_syscall_64+0xd8/0x2a0 [ 93.956649][ T7894] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.962541][ T7894] [ 93.964850][ T7894] value changed: 0x000000000000785e -> 0x000000000000785f [ 93.971943][ T7894] [ 93.974249][ T7894] Reported by Kernel Concurrency Sanitizer on: [ 93.980402][ T7894] CPU: 1 UID: 0 PID: 7894 Comm: syz.4.1813 Not tainted syzkaller #0 PREEMPT(voluntary) [ 93.990109][ T7894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 94.000158][ T7894] ==================================================================