last executing test programs: 3.708158971s ago: executing program 0 (id=2021): bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={&(0x7f0000000c00)=""/4096, 0x1000, 0x0, &(0x7f0000000080)=""/241, 0xf1}}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000540)={0x1, &(0x7f0000000300)=[{0x200000000006, 0x3, 0x2, 0x7ffc0002}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf}, 0x94) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000080)={[{@quota}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") llistxattr(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0) 3.647512056s ago: executing program 0 (id=2022): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 3.647389296s ago: executing program 0 (id=2023): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 1.139459501s ago: executing program 1 (id=2158): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0x3}, 0x18) syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x1b1, &(0x7f0000000280)="$eJzs2zFrE2EYB/DnahrTOiSDkzjc6BSafoIGqSAGBCWDgqDYBqQnBQsBHWw3B7+EH8bBVT+JYwfhpLk0aUKEGpocJL/fkodc/rnnfcMleQJ5ff/90cHxSe9V70fUkiQ29iKN8yQasRGXzgIAWCXneR6/8zzPb5/F1rfI87zsjgCARfP5DwDr5/mLl0/anc7+szStRWRf+t1+t7gtjrd78S6yOIydqMefuPiCMFTUjx539nfSgUZ8zU6H+dN+99ZkvhX1aMzOt4p8OpnfjO2r+d2ox93Z+d2Z+Wo8qI7ymxFRj19v4ziyOIiL7Dj/uZWmD592pvJ3Bo8DAACAVdBMRwbzezUm5/dmc/L4eD4u8u3k2r8PTM3XlbhXKXftALCuTj5+OnqTZYcf5ihqw+eYM3694ud2cZIFnuKGisstHd2zt4z9+d+ierXDqWJrwa1Wlr7kJCLK2vDvEVH6yz3XRT0oSngzApZqfPWX3QkAAAAAAAAAAAAAAPAvy/hfUdlrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD9/A0AAP//W1+CbQ==") r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_load(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815"], 0x65) 1.126310782s ago: executing program 1 (id=2160): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000240)={@empty}, 0x14) 1.107315053s ago: executing program 1 (id=2161): r0 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[]) 1.001232442s ago: executing program 0 (id=2162): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 901.547719ms ago: executing program 0 (id=2163): r0 = gettid() socket(0x10, 0x3, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f00000009c0)=[{&(0x7f0000000200)=""/33, 0x21}], 0x1) 896.86523ms ago: executing program 1 (id=2165): sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, 0x4, 0x8, 0x801, 0x0, 0x0, {0x1, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24044005}, 0x4c810) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 876.018401ms ago: executing program 1 (id=2166): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x14, r3, 0xc4fc9e906872338b, 0x70fd2a, 0xfffffffe, {{0x15}, {@void, @void}}}, 0x14}}, 0x40084) 852.488914ms ago: executing program 1 (id=2167): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000003400)={0x10, 0x2, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES16=r1, @ANYRES64=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$binfmt_misc(r4, &(0x7f0000000240), 0xfffffecc) ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000000)={0x2006, 0x1, 0x403, 0x2}) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) openat(r6, &(0x7f00000000c0)='./file0\x00', 0x6a1c2, 0x50) faccessat(r6, &(0x7f0000000000)='./file0\x00', 0x5) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) bind$unix(r8, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) listen(r8, 0x10000) shutdown(r7, 0x0) connect$unix(r7, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r9 = accept(r8, 0x0, 0x0) sendto$inet6(r9, &(0x7f0000000280)="a5", 0x1, 0x11, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%-5lx \x00'}, 0x20) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400020000007468305f746f5f68737200000000080002"], 0xe8}}, 0x0) 578.245425ms ago: executing program 3 (id=2173): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c) sendto$inet6(r0, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendto$inet6(r0, &(0x7f0000000580)="9b", 0x29fff, 0x0, 0x0, 0x0) shutdown(r0, 0x1) shutdown(r0, 0x1) 578.030695ms ago: executing program 2 (id=2175): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) waitid(0x3, 0x0, 0x0, 0x8, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) lchown(0x0, 0x0, 0x0) 464.684294ms ago: executing program 2 (id=2176): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x7b) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kfree\x00', r2, 0x0, 0x2}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x78, 0x30, 0x871a15abc695fb3d, 0x0, 0x400000, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xfffffffd}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x17}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @local}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 421.645137ms ago: executing program 2 (id=2178): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000100)='a', 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000080)='a', 0x4101}], 0x1, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) 371.315131ms ago: executing program 2 (id=2180): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x0, 0xe0, 0x101, 0x0}) 358.317572ms ago: executing program 3 (id=2181): mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rf']) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffff0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000300)=ANY=[], 0x0) 285.373568ms ago: executing program 4 (id=2183): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x4}, 0x18) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, 0x0) 239.512121ms ago: executing program 3 (id=2184): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x6}, 0x18) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r2, 0x1, &(0x7f00000001c0)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)='\x00\x00\x00\x00\x00\x00', 0x6, 0x0, 0x0, 0x2}]) 239.324541ms ago: executing program 4 (id=2185): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b0000000700000008000000a6ad6a1a05"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000ebff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x3, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @local}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000c80)={'syztnl2\x00', r3, 0x40, 0x7800, 0x8, 0xb, {{0x5, 0x4, 0x1, 0x39, 0x14, 0x65, 0x1, 0x0, 0x4, 0x0, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) 202.088494ms ago: executing program 3 (id=2186): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000800)=@can_newroute={0x14, 0x18, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}}, 0x40000) 150.650178ms ago: executing program 4 (id=2187): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000640)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000d40)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = inotify_init1(0x80000) inotify_add_watch(r2, &(0x7f0000000240)='.\x00', 0x60000726) 91.411143ms ago: executing program 3 (id=2188): bpf$OBJ_GET_MAP(0x7, &(0x7f0000000380)=@generic={&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'}, 0x18) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580), 0x1, 0x0) symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x0, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr=0x64010102, @empty, 0xff, 0x100000100, 'team0\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x29, 0x2, 0x40}, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xc0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@set2={{0x28}, {{0x2, 0x1, 0x3}}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x4f, 0x7, "72f6daeff0a9c6294e211d2d88fe6dcff5d0e552201da3b7a1fdb30dcb59"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21c91c, &(0x7f0000000440)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@jqfmt_vfsold}, {@noinit_itable}, {@quota}, {@noauto_da_alloc}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN") 91.160513ms ago: executing program 4 (id=2189): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 75.147384ms ago: executing program 4 (id=2190): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) 65.635915ms ago: executing program 2 (id=2191): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x3, 0x3, @dev={0xfe, 0x80, '\x00', 0xd}, 0x9}, 0x1c) sendmsg(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001600)="c9fbe0378bef0a6749d715b5c3e27d03e68c83579553d3bd9cc08edbae86d2f95e95a3fa8ab031e21b5a47e4205c87eefc819e6ea7bd0f6772e957f739339398cd07aeb0522339dde07af5b6ee6b94221ca3494c29be340810d421808f27877885583a2c80d4331aca54533ad84a0ccc5fa28956504f2eafc0f098f878ae3caf30b7981d5e778aaa197d235aa31c4c77fdf0e1c0d31fc7c43969830f82c4b5631e47df6b9a9f59a57e0e7bd1f9e4fcdb4150f713fb9e3530650b43a92853d1e3334fe72113d518a558343615ba8d3412bda82b725855e14c29f7ed81e1cbb76f9684cc6b7fcdc2808119a0f8328b0c5d0e996e50e95605724abb1c635b0bf633f4bcca6213fef03260e56321e3270f322eb13b8ab70c726cbce78c93e4c87d7d7b363542b1b4eb90242ae9459775aa7c045233df9912fc47d6793f40bb5543b537ed6b79e0091e3c069644ce8d6ea00125815fae3c25f4d5c847e76c0c697d7df260ba36e6917f75ccd289070477665e64ac3e00c93228b72763f28104defab475f03841980110b23d02a3d1b74d25c8f2e1c8dfd9243e0bb7a583f091f829329f045f2fc0c40bb4a5205b071d4b6959663c6bfc1f04b23db627ac9fc792cd3355dbbc031d56107ea3379209a49abf03a8347fce6d48cf1968b64558e30210b02214cd0728c6743b89bd4cc2f1d1424fcedd95fa700751a4ff438469fd9e6f3a47200f3fbbde74bdbbeabfb6f96e32366d85a8e6bb6d576687634daac56c9619e4bbeea7606f223d3976c4bea9a07406b037cef4d06cc9e447dc06901c91145aeb9b9726cbf808d253cb01e0806f21d82b928173be2f5bbed1a97e725b17d1d1bd19c14935abd242ca6501c4282f5f1a3e813c68bdb88add0b6fcc14b8355a81b9ac915e5d51212438c5d2993f26456c9ecde871752c99ddbaecb3f6f5f02a0542e898b64a6d475aae01f2aca6c6013907c085ef56483c910cdf4cdcdb516533aeb97644462cd012e0407dfdeff5428e23edd335b1590641353c54f0802f45d880cb8f22ebbac0cc094a771877aac6491aa62350ccde2993826928e6614b76c15e4aae8ede6de392f4f6567f0833ced4458bca37928cc2a70ca20cd38c11138b6ba39a6374ef7f150eb2d5a500a6b9c010d13dcf7318deb8c106e2448c6b21f62051300080dcc9d87db52cefe722035f1508fff231c22bfc8f1d2e14de70a281be8eb3649ace61896f0c33357fcd838db94aaca611b228f76cb4ab983ad3ab636c7260d57bba0061574bb0876afbeb916e252572687b8d28ba7c945f07e0286bedfd7c259769016225a158bf607dd62e11c83bc686a7ab2903ddd64d4e2c44f39ac1f76b80d6be086396e7515441afcadfecb940776ee4f776d3c294dce9aab77e5c2f6c36c20b4343d80d0c3da5f838b948aa684729c578718d3a0811a1dd654e7ad5e414d892ceb3dd704632caa4dcfdc947ce9391ab9abaa0951d12d56623b0028fe78da20a65df9eabb16e4b14bbbfea7108ab4308e7cb540ab8a810cebbf0d3b64ba108d281c91b011f2a8e565c4b802448bad1a57fe6e74fd3278211a70f0767746ed1f234e8edbcb6f8a215e66849a7f10d1533ef626e31725439afd95c9b3a673041459e473d5ddbcc187f55d72d054bf16a714ee0f4bb5d14cf29b853fd6f703b54f227d20ca414b3d6314e9448d211707158ea758e04a2fe7dad468374d62ab4240bb3c9782faa9f87aec26876714b169198931cbd486c01bb2156488467cda498d0a0c62ff6cf03fc68aa3b8051fff5d68e8374796439e9cf12dae426d3692c2d50699eae00ba4b9797fe5295740d8efb64a48bda389e841254638a118337404194e440a2338e2ce0b32395874e0d5cc36c0f1231426d82636e5a7182f82ea545bf7cd5d19ff42a1e8b90193a82452a0eec6575bf7181275d5c2ba2d74a5bda47934d8c89f3225f38959c12b3a2cae85e5108439bc262b69f5bd5f73a867765", 0x585}], 0x1, 0x0, 0x0, 0x2c}, 0x40440c4) 42.943656ms ago: executing program 3 (id=2192): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000008"], 0x48) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x18000000000002a0, 0x5ee, 0x0, &(0x7f0000000580)="b9ff03076804268c989e14f088a8", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 42.619996ms ago: executing program 0 (id=2193): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0xf132, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) 198.07µs ago: executing program 4 (id=2194): r0 = socket$kcm(0x29, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000080)="da", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}], 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000e1010000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='kmem_cache_free\x00', r2}, 0x18) close(r0) 0s ago: executing program 2 (id=2195): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount_setattr(0xffffffffffffff9c, 0x0, 0x1100, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc", @ANYBLOB], 0x50) kernel console output (not intermixed with test programs): 0000 r/w without journal. Quota mode: writeback. [ 39.963485][ T3584] netlink: 424 bytes leftover after parsing attributes in process `syz.0.38'. [ 39.972731][ T3566] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.000446][ T3589] tipc: Invalid UDP bearer configuration [ 40.000456][ T3589] tipc: Enabling of bearer rejected, failed to enable media [ 40.028596][ T3566] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #15: comm syz.1.33: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 40.032743][ T3591] loop2: detected capacity change from 0 to 764 [ 40.052861][ T3588] vhci_hcd vhci_hcd.2: invalid port number 96 [ 40.059028][ T3588] vhci_hcd vhci_hcd.2: default hub control req: 0300 vfffa i0060 l0 [ 40.068043][ T3566] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 40.077821][ T3566] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #15: comm syz.1.33: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 40.094602][ T3566] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #15: comm syz.1.33: corrupted xattr block 19: ea_inode specified without ea_inode feature enabled [ 40.124756][ T3596] netlink: 8 bytes leftover after parsing attributes in process `syz.4.43'. [ 40.167011][ T3566] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop1 ino=15 [ 40.209699][ T3566] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.33: bg 0: block 18: invalid block bitmap [ 40.230434][ T3566] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.33: Failed to acquire dquot type 1 [ 40.258026][ T3605] netlink: 'syz.4.46': attribute type 1 has an invalid length. [ 40.265703][ T3605] netlink: 224 bytes leftover after parsing attributes in process `syz.4.46'. [ 40.275224][ T3566] syz.1.33 (3566) used greatest stack depth: 9664 bytes left [ 40.299354][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.371964][ T3609] netlink: 80 bytes leftover after parsing attributes in process `syz.1.49'. [ 40.380890][ T3609] netlink: 80 bytes leftover after parsing attributes in process `syz.1.49'. [ 40.456525][ T3428] IPVS: starting estimator thread 0... [ 40.509843][ T3623] netlink: 12 bytes leftover after parsing attributes in process `syz.4.55'. [ 40.518631][ T3623] netlink: 8 bytes leftover after parsing attributes in process `syz.4.55'. [ 40.536091][ T3629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.58'. [ 40.548802][ T3621] IPVS: using max 1968 ests per chain, 98400 per kthread [ 40.629662][ T3639] netlink: 36 bytes leftover after parsing attributes in process `syz.3.63'. [ 40.767329][ T3658] loop2: detected capacity change from 0 to 512 [ 40.772233][ T3660] loop4: detected capacity change from 0 to 512 [ 40.784606][ T3660] EXT4-fs: Ignoring removed bh option [ 40.803251][ T3658] EXT4-fs (loop2): 1 orphan inode deleted [ 40.811025][ T3660] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 40.812811][ T3658] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.831611][ T3658] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.845879][ T3660] EXT4-fs (loop4): 1 truncate cleaned up [ 40.854040][ T3660] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.893070][ T3665] loop3: detected capacity change from 0 to 1024 [ 40.900901][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.921570][ T3665] EXT4-fs: Ignoring removed nobh option [ 40.927256][ T3665] EXT4-fs: Ignoring removed bh option [ 40.944913][ T3669] netlink: 28 bytes leftover after parsing attributes in process `syz.1.77'. [ 40.964395][ T3665] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.030351][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.058184][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.058926][ T3678] program syz.0.79 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 41.153204][ T3690] loop3: detected capacity change from 0 to 1024 [ 41.181347][ T3690] EXT4-fs: Ignoring removed nomblk_io_submit option [ 41.203219][ T3696] loop1: detected capacity change from 0 to 512 [ 41.214396][ T3690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.233591][ T3696] EXT4-fs (loop1): 1 truncate cleaned up [ 41.254112][ T3696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.267660][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.298045][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.308510][ T3704] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 41.339496][ T3704] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.361616][ T3709] program syz.2.93 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 41.367427][ T3704] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 41.382744][ T3711] netlink: 'syz.3.91': attribute type 322 has an invalid length. [ 41.439228][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.481746][ T3726] Unable to read rock-ridge attributes [ 41.491507][ T3726] Unable to read rock-ridge attributes [ 41.517580][ T3730] capability: warning: `syz.4.103' uses deprecated v2 capabilities in a way that may be insecure [ 41.716818][ T3752] EXT4-fs: inline encryption not supported [ 41.743721][ T3752] EXT4-fs: Ignoring removed orlov option [ 41.785011][ T3752] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.829804][ T3752] EXT4-fs error (device loop1): mb_free_blocks:2037: group 0, inode 15: block 385:freeing already freed block (bit 24); block bitmap corrupt. [ 41.845830][ T3764] netlink: 'syz.0.118': attribute type 2 has an invalid length. [ 41.853953][ T3763] capability: warning: `syz.4.117' uses 32-bit capabilities (legacy support in use) [ 41.857411][ T3752] EXT4-fs (loop1): Remounting filesystem read-only [ 41.905854][ T3763] program syz.4.117 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 41.951934][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.980637][ T3773] nftables ruleset with unbound set [ 42.043521][ T3783] syz.4.125 uses obsolete (PF_INET,SOCK_PACKET) [ 42.080846][ T3786] tipc: Started in network mode [ 42.085772][ T3786] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 42.115168][ T3786] tipc: Enabled bearer , priority 10 [ 42.139264][ T3581] loop0: p2 < > p4 [ 42.156437][ T3581] loop0: p4 size 262144 extends beyond EOD, truncated [ 42.181028][ T3784] loop0: p2 < > p4 [ 42.195197][ T3784] loop0: p4 size 262144 extends beyond EOD, truncated [ 42.246075][ T3006] loop0: p2 < > p4 [ 42.259475][ T3794] loop1: p2 < > p4 [ 42.264256][ T3794] loop1: p4 size 262144 extends beyond EOD, truncated [ 42.320628][ T3006] loop0: p4 size 262144 extends beyond EOD, truncated [ 42.339218][ T3796] loop1: p2 < > p4 [ 42.354683][ T3796] loop1: p4 size 262144 extends beyond EOD, truncated [ 42.390184][ T3006] loop1: p2 < > p4 [ 42.394545][ T3006] loop1: p4 size 262144 extends beyond EOD, truncated [ 42.417081][ T3808] Driver unsupported XDP return value 0 on prog (id 16) dev N/A, expect packet loss! [ 42.480789][ T3814] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c01c, mo2=0082] [ 42.492274][ T3816] EXT4-fs: inline encryption not supported [ 42.520083][ T3310] loop0: p2 p3 p7 [ 42.526447][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 42.537360][ T3814] System zones: 1-3, 19-19, 35-38 [ 42.559920][ T3816] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.582878][ T3814] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.603578][ T3806] loop0: p2 p3 p7 [ 42.642566][ T3814] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.650850][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.666689][ T3814] EXT4-fs warning (device loop4): ext4_empty_dir:3097: inode #12: comm syz.4.142: directory missing '..' [ 42.678769][ T3006] loop0: p2 p3 p7 [ 42.694168][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 42.725388][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 42.747709][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.757454][ T3581] udevd[3581]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 42.808551][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 42.825539][ T3581] udevd[3581]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 42.829346][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 42.856286][ T3831] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.898087][ T3581] udevd[3581]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 42.914290][ T3581] udevd[3581]: inotify_add_watch(7, /dev/loop0p7, 10) failed: No such file or directory [ 42.928520][ T3522] udevd[3522]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 42.929249][ T3844] IPVS: Error connecting to the multicast addr [ 42.957727][ T3839] Alternate GPT is invalid, using primary GPT. [ 42.964125][ T3839] loop2: p1 p2 p3 [ 42.997489][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.228780][ T9] tipc: Node number set to 4269801488 [ 43.459304][ T3899] loop1: p2 < > p4 [ 43.463670][ T3899] loop1: p4 size 262144 extends beyond EOD, truncated [ 43.480663][ T3581] loop2: p2 p3 p7 [ 43.543778][ T3903] loop2: p2 p3 p7 [ 43.762163][ T3940] netlink: zone id is out of range [ 43.767317][ T3940] netlink: zone id is out of range [ 43.788387][ T3940] netlink: set zone limit has 8 unknown bytes [ 43.869628][ T3957] team_slave_0: entered promiscuous mode [ 43.875329][ T3957] team_slave_1: entered promiscuous mode [ 43.898915][ T3957] macsec1: entered promiscuous mode [ 43.904165][ T3957] team0: entered promiscuous mode [ 43.914948][ T3960] set_capacity_and_notify: 16 callbacks suppressed [ 43.914967][ T3960] loop2: detected capacity change from 0 to 512 [ 43.966583][ T3960] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.998847][ T3960] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.110563][ T29] kauditd_printk_skb: 166 callbacks suppressed [ 44.110651][ T29] audit: type=1326 audit(1765954461.333:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.140256][ T29] audit: type=1326 audit(1765954461.333:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.168815][ T29] audit: type=1326 audit(1765954461.333:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.206397][ T29] audit: type=1326 audit(1765954461.333:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.229658][ T29] audit: type=1326 audit(1765954461.333:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.252966][ T29] audit: type=1326 audit(1765954461.333:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.253003][ T29] audit: type=1326 audit(1765954461.333:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.253040][ T29] audit: type=1326 audit(1765954461.333:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.323165][ T29] audit: type=1326 audit(1765954461.333:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.346405][ T29] audit: type=1326 audit(1765954461.333:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3981 comm="syz.1.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 44.384296][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.441705][ T4001] netlink: zone id is out of range [ 44.446950][ T4001] netlink: zone id is out of range [ 44.534378][ T4001] netlink: set zone limit has 8 unknown bytes [ 44.621499][ T4030] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.870532][ T3308] printk: udevd: 17 output lines suppressed due to ratelimiting [ 44.874377][ T4064] team_slave_0: entered promiscuous mode [ 44.883972][ T4064] team_slave_1: entered promiscuous mode [ 44.908977][ T4064] macsec1: entered promiscuous mode [ 44.914221][ T4064] team0: entered promiscuous mode [ 44.961840][ T4074] loop3: detected capacity change from 0 to 256 [ 44.968656][ T4074] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 45.002422][ T4078] xt_CT: You must specify a L4 protocol and not use inversions on it [ 45.030856][ T4074] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.044605][ T4085] __nla_validate_parse: 8 callbacks suppressed [ 45.044621][ T4085] netlink: 424 bytes leftover after parsing attributes in process `syz.1.272'. [ 45.085662][ T4088] loop2: detected capacity change from 0 to 512 [ 45.102179][ T4088] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.128793][ T4088] ext4 filesystem being mounted at /48/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 45.218639][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.301721][ T4116] loop4: detected capacity change from 0 to 764 [ 45.383785][ T4126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.281'. [ 45.417104][ T4122] loop2: detected capacity change from 0 to 8192 [ 45.652026][ T4146] loop4: detected capacity change from 0 to 512 [ 45.804740][ T4159] netlink: 204 bytes leftover after parsing attributes in process `syz.0.296'. [ 45.804764][ T4159] netlink: 72 bytes leftover after parsing attributes in process `syz.0.296'. [ 45.804782][ T4159] netlink: 'syz.0.296': attribute type 5 has an invalid length. [ 45.824804][ T4146] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.888687][ T4146] ext4 filesystem being mounted at /63/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 45.926789][ T4146] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 3: comm syz.4.290: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1 [ 45.927399][ T4146] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 12: comm syz.4.290: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=5066064, rec_len=65536, size=2048 fake=0 [ 45.927723][ T4146] EXT4-fs error (device loop4): ext4_readdir:264: inode #2: block 13: comm syz.4.290: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=3653246737, rec_len=65536, size=2048 fake=0 [ 45.958203][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.982678][ T4176] Zero length message leads to an empty skb [ 46.044063][ T4181] netlink: 64 bytes leftover after parsing attributes in process `syz.1.307'. [ 46.078243][ T4183] netlink: 36 bytes leftover after parsing attributes in process `syz.4.306'. [ 46.095399][ T4188] loop0: detected capacity change from 0 to 512 [ 46.095942][ T4188] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 46.108350][ T4188] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.108431][ T4188] ext4 filesystem being mounted at /56/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.137987][ T4193] loop1: detected capacity change from 0 to 512 [ 46.152774][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.180041][ T4193] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.216083][ T4193] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.232402][ T4193] EXT4-fs: Cannot specify journal on remount [ 46.272213][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.283686][ T4217] loop3: detected capacity change from 0 to 512 [ 46.291609][ T4217] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 46.310483][ T4217] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 46.322227][ T4222] xt_connbytes: Forcing CT accounting to be enabled [ 46.324233][ T4217] EXT4-fs (loop3): 1 truncate cleaned up [ 46.336634][ T4217] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.384889][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.436617][ T4237] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 46.444503][ T4237] SELinux: failure in selinux_parse_skb(), unable to parse packet [ 46.492370][ T4247] loop3: detected capacity change from 0 to 764 [ 46.537297][ T4255] SELinux: Context system_u:object_r:pam_console_exec_t:s0 is not valid (left unmapped). [ 46.590170][ T4264] netlink: 28 bytes leftover after parsing attributes in process `syz.4.344'. [ 46.599177][ T4264] netlink: 108 bytes leftover after parsing attributes in process `syz.4.344'. [ 46.608859][ T4264] netlink: 28 bytes leftover after parsing attributes in process `syz.4.344'. [ 46.617844][ T4264] netlink: 108 bytes leftover after parsing attributes in process `syz.4.344'. [ 46.646898][ T4269] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 46.668583][ T4269] EXT4-fs (loop0): 1 truncate cleaned up [ 46.675640][ T4269] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.716388][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.726393][ T4271] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 46.749369][ T4271] EXT4-fs (loop4): mount failed [ 46.938154][ T4314] syz_tun: refused to change device tx_queue_len [ 46.989815][ T4321] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 46.999025][ T4318] IPVS: stopping master sync thread 4321 ... [ 47.290458][ T4347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.319060][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.389063][ T4361] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.402024][ T4361] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.430158][ T4371] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.488458][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.523098][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.583797][ T4401] netlink: 'syz.2.398': attribute type 4 has an invalid length. [ 47.705788][ T4421] futex_wake_op: wg1 tries to shift op by -1; fix this program [ 47.831558][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.831558][ T53] loop2: rw=1, sector=145, nr_sectors = 16 limit=128 [ 47.856660][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.856660][ T53] loop2: rw=1, sector=169, nr_sectors = 8 limit=128 [ 47.888928][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.888928][ T53] loop2: rw=1, sector=185, nr_sectors = 8 limit=128 [ 47.904348][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.904348][ T53] loop2: rw=1, sector=201, nr_sectors = 8 limit=128 [ 47.918557][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.918557][ T53] loop2: rw=1, sector=217, nr_sectors = 8 limit=128 [ 47.932698][ T4448] Set syz1 is full, maxelem 5 reached [ 47.949175][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.949175][ T53] loop2: rw=1, sector=233, nr_sectors = 8 limit=128 [ 47.963008][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.963008][ T53] loop2: rw=1, sector=249, nr_sectors = 8 limit=128 [ 47.978806][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.978806][ T53] loop2: rw=1, sector=265, nr_sectors = 8 limit=128 [ 47.992244][ T53] kworker/u8:4: attempt to access beyond end of device [ 47.992244][ T53] loop2: rw=1, sector=281, nr_sectors = 8 limit=128 [ 48.005923][ T4450] loop1: p1 < > p2 p3 < p5 p6 > p4 [ 48.011182][ T4450] loop1: partition table partially beyond EOD, truncated [ 48.019049][ T4450] loop1: p1 start 100663296 is beyond EOD, truncated [ 48.020170][ T53] kworker/u8:4: attempt to access beyond end of device [ 48.020170][ T53] loop2: rw=1, sector=297, nr_sectors = 8 limit=128 [ 48.025792][ T4450] loop1: p2 size 134217732 extends beyond EOD, truncated [ 48.071300][ T4450] loop1: p4 size 14876672 extends beyond EOD, truncated [ 48.079634][ T4450] loop1: p5 size 134217732 extends beyond EOD, truncated [ 48.093523][ T4450] loop1: p6 size 14876672 extends beyond EOD, truncated [ 48.436126][ T4512] EXT4-fs (loop0): 1 truncate cleaned up [ 48.442399][ T4512] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.455854][ T4512] EXT4-fs error (device loop0): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.0.453: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 48.490006][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.684009][ T4549] EXT4-fs (loop2): 1 truncate cleaned up [ 48.690876][ T4549] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.704827][ T4549] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.2.465: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 48.747200][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.768441][ T4559] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 48.769834][ T4563] futex_wake_op: wg1 tries to shift op by -1; fix this program [ 48.788024][ T4559] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 48.796382][ T4559] EXT4-fs (loop1): orphan cleanup on readonly fs [ 48.803185][ T4559] EXT4-fs error (device loop1): __ext4_get_inode_loc:4830: comm syz.1.474: Invalid inode table block 0 in block_group 0 [ 48.816143][ T4559] EXT4-fs (loop1): Remounting filesystem read-only [ 48.822782][ T4559] EXT4-fs (loop1): 1 truncate cleaned up [ 48.829686][ T4559] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 48.851203][ T4559] EXT4-fs (loop1): shut down requested (1) [ 48.868169][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.881989][ T4569] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.896258][ T4569] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.908568][ T4569] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.477: corrupted xattr block 6: invalid header [ 48.922068][ T4569] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=12 [ 48.932355][ T4569] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.477: corrupted xattr block 6: invalid header [ 48.945853][ T4569] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=12 [ 48.955691][ T4569] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.477: corrupted xattr block 6: invalid header [ 49.003770][ T4569] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=12 [ 49.016885][ T4569] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.477: corrupted xattr block 6: invalid header [ 49.039114][ T4569] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=12 [ 49.048395][ T4569] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.477: corrupted xattr block 6: invalid header [ 49.084632][ T4569] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=12 [ 49.095588][ T4569] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #12: comm syz.4.477: corrupted xattr block 6: invalid header [ 49.099632][ T4591] hub 1-0:1.0: USB hub found [ 49.124288][ T4591] hub 1-0:1.0: 8 ports detected [ 49.164623][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.198189][ T29] kauditd_printk_skb: 328 callbacks suppressed [ 49.198204][ T29] audit: type=1326 audit(1765954466.413:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.198379][ T29] audit: type=1326 audit(1765954466.413:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.254710][ T29] audit: type=1326 audit(1765954466.483:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.254752][ T29] audit: type=1326 audit(1765954466.483:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.254780][ T29] audit: type=1326 audit(1765954466.483:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.254886][ T29] audit: type=1326 audit(1765954466.483:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.280519][ T29] audit: type=1326 audit(1765954466.503:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.280568][ T29] audit: type=1326 audit(1765954466.503:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.301824][ T29] audit: type=1326 audit(1765954466.523:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.423601][ T29] audit: type=1326 audit(1765954466.563:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4606 comm="syz.3.494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b43af749 code=0x7ffc0000 [ 49.613616][ T4624] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.685391][ T4646] set_capacity_and_notify: 15 callbacks suppressed [ 49.685410][ T4646] loop4: detected capacity change from 0 to 512 [ 49.685704][ T4646] EXT4-fs: inline encryption not supported [ 49.723207][ T4646] EXT4-fs: Ignoring removed i_version option [ 49.725195][ T4646] EXT4-fs (loop4): 1 orphan inode deleted [ 49.733047][ T4653] loop2: detected capacity change from 0 to 164 [ 49.742129][ T4646] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.800017][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.818422][ T4656] loop0: detected capacity change from 0 to 8192 [ 49.866888][ T4661] loop3: detected capacity change from 0 to 512 [ 49.894215][ T4661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.894280][ T4661] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.909535][ T4671] loop0: detected capacity change from 0 to 512 [ 49.928974][ T4672] loop2: detected capacity change from 0 to 512 [ 49.942143][ T4672] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.005884][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.046734][ T4680] hub 1-0:1.0: USB hub found [ 50.051473][ T4680] hub 1-0:1.0: 8 ports detected [ 50.060996][ T4684] program syz.1.520 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 50.120230][ T4694] random: crng reseeded on system resumption [ 50.275222][ T4714] loop2: detected capacity change from 0 to 1024 [ 50.307412][ T4714] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.320566][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.345297][ T4726] __nla_validate_parse: 7 callbacks suppressed [ 50.345314][ T4726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.540'. [ 50.381984][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.411597][ T4733] netlink: 'syz.4.542': attribute type 10 has an invalid length. [ 50.416954][ T4733] team0: Port device dummy0 added [ 50.484491][ T4742] loop4: detected capacity change from 0 to 512 [ 50.494872][ T4743] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 50.502333][ T4743] vhci_hcd vhci_hcd.0: default hub control req: 2314 v0008 i0002 l0 [ 50.504632][ T4742] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 50.532316][ T4742] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 50.532429][ T4742] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.546: bg 0: block 248: padding at end of block bitmap is not set [ 50.532654][ T4742] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.546: Failed to acquire dquot type 1 [ 50.533191][ T4742] EXT4-fs (loop4): 1 truncate cleaned up [ 50.533580][ T4742] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 50.584395][ T4742] syz.4.546 (4742) used greatest stack depth: 9440 bytes left [ 50.592085][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 50.620281][ T53] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:4: Failed to release dquot type 1 [ 50.633705][ T4749] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 50.633705][ T4749] program syz.2.549 not setting count and/or reply_len properly [ 50.735860][ T2812] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.789719][ T2812] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.862762][ T2812] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.926145][ T2812] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.952517][ T4784] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 50.952549][ T4784] vhci_hcd vhci_hcd.0: default hub control req: 2314 v0008 i0002 l0 [ 50.978129][ T4788] openvswitch: netlink: Missing key (keys=40, expected=80) [ 50.982198][ T4786] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 50.982198][ T4786] program syz.0.564 not setting count and/or reply_len properly [ 51.024791][ T2812] bridge_slave_1: left allmulticast mode [ 51.024809][ T2812] bridge_slave_1: left promiscuous mode [ 51.024906][ T2812] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.025769][ T2812] bridge_slave_0: left allmulticast mode [ 51.025784][ T2812] bridge_slave_0: left promiscuous mode [ 51.025920][ T2812] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.145602][ T4803] loop0: detected capacity change from 0 to 1024 [ 51.157142][ T4805] syz.2.572: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 51.171766][ T4805] CPU: 1 UID: 0 PID: 4805 Comm: syz.2.572 Not tainted syzkaller #0 PREEMPT(voluntary) [ 51.171797][ T4805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 51.171814][ T4805] Call Trace: [ 51.171825][ T4805] [ 51.171833][ T4805] __dump_stack+0x1d/0x30 [ 51.171857][ T4805] dump_stack_lvl+0xe8/0x140 [ 51.171923][ T4805] dump_stack+0x15/0x1b [ 51.171943][ T4805] warn_alloc+0x12b/0x1a0 [ 51.171967][ T4805] ? _raw_spin_lock_irqsave+0x75/0xd0 [ 51.171995][ T4805] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 51.172137][ T4805] __vmalloc_node_range_noprof+0xa0/0x1310 [ 51.172167][ T4805] ? common_lsm_audit+0x1ca/0x230 [ 51.172252][ T4805] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 51.172297][ T4805] ? slow_avc_audit+0x104/0x140 [ 51.172352][ T4805] ? should_fail_ex+0x30/0x280 [ 51.172447][ T4805] ? should_failslab+0x8c/0xb0 [ 51.172474][ T4805] vmalloc_user_noprof+0x7d/0xb0 [ 51.172509][ T4805] ? xskq_create+0x80/0xe0 [ 51.172634][ T4805] xskq_create+0x80/0xe0 [ 51.172672][ T4805] xsk_init_queue+0x95/0xf0 [ 51.172768][ T4805] xsk_setsockopt+0x3f5/0x640 [ 51.172839][ T4805] ? __pfx_xsk_setsockopt+0x10/0x10 [ 51.172881][ T4805] __sys_setsockopt+0x184/0x200 [ 51.173004][ T4805] __x64_sys_setsockopt+0x64/0x80 [ 51.173031][ T4805] x64_sys_call+0x21d5/0x3000 [ 51.173080][ T4805] do_syscall_64+0xd8/0x2c0 [ 51.173127][ T4805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.173152][ T4805] RIP: 0033:0x7fed92f5f749 [ 51.173167][ T4805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.173184][ T4805] RSP: 002b:00007fed919c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 51.173209][ T4805] RAX: ffffffffffffffda RBX: 00007fed931b5fa0 RCX: 00007fed92f5f749 [ 51.173226][ T4805] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 51.173243][ T4805] RBP: 00007fed92fe3f91 R08: 0000000000000052 R09: 0000000000000000 [ 51.173259][ T4805] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 51.173275][ T4805] R13: 00007fed931b6038 R14: 00007fed931b5fa0 R15: 00007fff3a5ebdd8 [ 51.173364][ T4805] [ 51.173375][ T4805] Mem-Info: [ 51.179305][ T4803] EXT4-fs: Ignoring removed bh option [ 51.183062][ T4805] active_anon:7121 inactive_anon:0 isolated_anon:0 [ 51.183062][ T4805] active_file:8718 inactive_file:2399 isolated_file:0 [ 51.183062][ T4805] unevictable:0 dirty:1403 writeback:0 [ 51.183062][ T4805] slab_reclaimable:3155 slab_unreclaimable:14374 [ 51.183062][ T4805] mapped:28810 shmem:3168 pagetables:1127 [ 51.183062][ T4805] sec_pagetables:0 bounce:0 [ 51.183062][ T4805] kernel_misc_reclaimable:0 [ 51.183062][ T4805] free:1891807 free_pcp:14631 free_cma:0 [ 51.205522][ T4807] loop4: detected capacity change from 0 to 1024 [ 51.208363][ T4805] Node 0 active_anon:29180kB inactive_anon:0kB active_file:34872kB inactive_file:9596kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:115240kB dirty:5612kB writeback:0kB shmem:13136kB kernel_stack:3552kB pagetables:4276kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 51.240751][ T4807] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 51.245159][ T4805] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 51.250148][ T4807] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 51.254875][ T4805] lowmem_reserve[]: 0 [ 51.263135][ T4807] JBD2: no valid journal superblock found [ 51.264625][ T4805] 2880 7859 7859 [ 51.269083][ T4807] EXT4-fs (loop4): Could not load journal inode [ 51.273315][ T4805] [ 51.273323][ T4805] Node 0 DMA32 free:2945864kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949496kB mlocked:0kB bounce:0kB free_pcp:3632kB local_pcp:3528kB free_cma:0kB [ 51.307807][ T4803] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.312654][ T4805] lowmem_reserve[]: 0 0 4978 4978 [ 51.312691][ T4805] Node 0 [ 51.450109][ T4816] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 51.475285][ T4805] Normal free:4606004kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29064kB inactive_anon:0kB active_file:34872kB inactive_file:9596kB unevictable:0kB writepending:5612kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:54400kB local_pcp:12088kB free_cma:0kB [ 51.488491][ T4816] vhci_hcd vhci_hcd.0: default hub control req: 2314 v0008 i0002 l0 [ 51.515797][ T4805] lowmem_reserve[]: [ 51.603984][ T4818] netlink: 12 bytes leftover after parsing attributes in process `syz.1.577'. [ 51.607361][ T4805] 0 0 [ 51.643295][ T4818] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 51.647712][ T4805] 0 0 [ 51.647735][ T4805] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 51.686307][ T4805] Node 0 DMA32: 4*4kB (M) 3*8kB (M) 2*16kB (M) 2*32kB (M) 3*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945864kB [ 51.702649][ T4805] Node 0 Normal: 1169*4kB (UME) 433*8kB (UM) 158*16kB (UME) 57*32kB (UM) 25*64kB (UME) 19*128kB (UME) 10*256kB (UM) 3*512kB (U) 6*1024kB (UM) 8*2048kB (UME) 1114*4096kB (UM) = 4606092kB [ 51.721215][ T4805] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 51.730587][ T4805] 14435 total pagecache pages [ 51.735267][ T4805] 0 pages in swap cache [ 51.739438][ T4805] Free swap = 124996kB [ 51.743649][ T4805] Total swap = 124996kB [ 51.747787][ T4805] 2097051 pages RAM [ 51.751674][ T4805] 0 pages HighMem/MovableOnly [ 51.756348][ T4805] 81277 pages reserved [ 51.761628][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.789231][ T2812] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 51.813529][ T2812] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 51.832066][ T2812] bond0 (unregistering): Released all slaves [ 51.871533][ T2812] tipc: Disabling bearer [ 51.871645][ T2812] tipc: Left network mode [ 51.896889][ T2812] hsr_slave_0: left promiscuous mode [ 51.897259][ T2812] hsr_slave_1: left promiscuous mode [ 51.897541][ T2812] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 51.897554][ T2812] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 51.898045][ T2812] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 51.898060][ T2812] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 51.904157][ T2812] team0: left promiscuous mode [ 51.904559][ T2812] team_slave_0: left promiscuous mode [ 51.954250][ T2812] team_slave_1: left promiscuous mode [ 51.996267][ T2812] veth1_macvtap: left promiscuous mode [ 51.996345][ T2812] veth0_macvtap: left promiscuous mode [ 51.996399][ T2812] veth1_vlan: left promiscuous mode [ 51.996473][ T2812] veth0_vlan: left promiscuous mode [ 52.062973][ T4843] loop0: unable to read partition table [ 52.062997][ T4843] loop0: partition table beyond EOD, truncated [ 52.063063][ T4843] loop_reread_partitions: partition scan of loop0 () failed (rc=-5) [ 52.187511][ T2812] team0 (unregistering): Port device team_slave_1 removed [ 52.197926][ T2812] team0 (unregistering): Port device team_slave_0 removed [ 52.319407][ T4870] loop0: p1 < > p4 [ 52.328069][ T4870] loop0: p4 size 8388608 extends beyond EOD, truncated [ 52.393833][ T4773] chnl_net:caif_netlink_parms(): no params data found [ 52.503574][ T9] kernel read not supported for file /vcsu (pid: 9 comm: kworker/0:0) [ 52.512259][ T4887] Invalid logical block size (1) [ 52.581685][ T4773] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.588894][ T4773] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.614961][ T4773] bridge_slave_0: entered allmulticast mode [ 52.645445][ T4773] bridge_slave_0: entered promiscuous mode [ 52.679245][ T4773] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.686582][ T4773] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.706559][ T4907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.615'. [ 52.715596][ T4907] netlink: 348 bytes leftover after parsing attributes in process `syz.0.615'. [ 52.724749][ T4907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.615'. [ 52.733727][ T4907] netlink: 348 bytes leftover after parsing attributes in process `syz.0.615'. [ 52.761471][ T4773] bridge_slave_1: entered allmulticast mode [ 52.780870][ T4773] bridge_slave_1: entered promiscuous mode [ 52.795098][ T2812] IPVS: stop unused estimator thread 0... [ 52.802897][ T4911] netlink: 60 bytes leftover after parsing attributes in process `syz.1.617'. [ 52.812123][ T4911] unsupported nlmsg_type 40 [ 52.857880][ T4773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.877613][ T4907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.615'. [ 52.934610][ T4773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.050390][ T4773] team0: Port device team_slave_0 added [ 53.080436][ T4925] xt_CT: You must specify a L4 protocol and not use inversions on it [ 53.091462][ T4773] team0: Port device team_slave_1 added [ 53.165082][ T4773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.172114][ T4773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.198096][ T4773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.248890][ T4773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.255858][ T4773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.281842][ T4773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.310472][ T4932] sctp: [Deprecated]: syz.1.637 (pid 4932) Use of struct sctp_assoc_value in delayed_ack socket option. [ 53.310472][ T4932] Use struct sctp_sack_info instead [ 53.330492][ T4773] hsr_slave_0: entered promiscuous mode [ 53.336548][ T4773] hsr_slave_1: entered promiscuous mode [ 53.347462][ T4773] debugfs: 'hsr0' already exists in 'hsr' [ 53.352353][ T4932] syz.1.637 (4932) used greatest stack depth: 9432 bytes left [ 53.353254][ T4773] Cannot create hsr debugfs directory [ 53.367994][ T4935] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.482107][ T4949] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 53.516139][ T4949] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 53.559350][ T31] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 53.727656][ T4773] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 53.737092][ T4773] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 53.741146][ T4773] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 53.743558][ T4773] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 53.816432][ T4773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.828079][ T4773] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.836970][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.837005][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.842813][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.859028][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.944899][ T4773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.018005][ T4773] veth0_vlan: entered promiscuous mode [ 54.028559][ T4773] veth1_vlan: entered promiscuous mode [ 54.042679][ T4773] veth0_macvtap: entered promiscuous mode [ 54.051028][ T4773] veth1_macvtap: entered promiscuous mode [ 54.057705][ T4773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.070203][ T4773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.075043][ T2812] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.087657][ T2812] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.087700][ T2812] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.087801][ T2812] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.152913][ T4989] EXT4-fs: Ignoring removed nomblk_io_submit option [ 54.152962][ T4989] EXT4-fs: Ignoring removed nobh option [ 54.178519][ T4989] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #15: comm syz.3.554: corrupted in-inode xattr: invalid ea_ino [ 54.178641][ T4989] EXT4-fs (loop3): Remounting filesystem read-only [ 54.179691][ T4989] EXT4-fs (loop3): shut down requested (0) [ 54.230766][ T29] kauditd_printk_skb: 230 callbacks suppressed [ 54.230781][ T29] audit: type=1400 audit(1765954471.453:851): avc: denied { ioctl } for pid=4996 comm="syz.4.647" path="socket:[10313]" dev="sockfs" ino=10313 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 54.320719][ T5003] netlink: 64 bytes leftover after parsing attributes in process `syz.3.648'. [ 54.392050][ T29] audit: type=1400 audit(1765954471.613:852): avc: denied { create } for pid=5011 comm="syz.4.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 54.392763][ T29] audit: type=1400 audit(1765954471.613:853): avc: denied { connect } for pid=5011 comm="syz.4.654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 54.415811][ T29] audit: type=1400 audit(1765954471.633:854): avc: denied { write } for pid=5014 comm="syz.1.655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.448404][ T29] audit: type=1400 audit(1765954471.663:855): avc: denied { mount } for pid=5016 comm="syz.0.656" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 54.451654][ T29] audit: type=1400 audit(1765954471.673:856): avc: denied { name_bind } for pid=5018 comm="syz.1.665" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 54.484837][ T29] audit: type=1400 audit(1765954471.703:857): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 54.485709][ T5023] IPv6: Can't replace route, no match found [ 54.521644][ T5027] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.660: corrupted in-inode xattr: invalid ea_ino [ 54.521831][ T5027] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.660: couldn't read orphan inode 15 (err -117) [ 54.524546][ T29] audit: type=1400 audit(1765954471.753:858): avc: denied { setattr } for pid=5026 comm="syz.0.660" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 54.524936][ T5027] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #2: block 13: comm syz.0.660: bad entry in directory: directory entry overrun - offset=76, inode=0, rec_len=1024, size=1024 fake=0 [ 54.597368][ T29] audit: type=1400 audit(1765954471.813:859): avc: denied { ioctl } for pid=5033 comm="syz.0.662" path="socket:[9921]" dev="sockfs" ino=9921 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 54.650925][ T5038] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 54.652776][ T5038] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 54.700597][ T29] audit: type=1400 audit(1765954471.923:860): avc: denied { validate_trans } for pid=5041 comm="syz.1.668" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 54.856037][ T5056] set_capacity_and_notify: 8 callbacks suppressed [ 54.856055][ T5056] loop0: detected capacity change from 0 to 512 [ 54.884890][ T5056] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 54.897569][ T5058] loop1: detected capacity change from 0 to 1024 [ 54.905036][ T5058] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 54.916122][ T5058] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 54.927269][ T5056] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4215: comm syz.0.675: Allocating blocks 41-42 which overlap fs metadata [ 54.945700][ T5058] JBD2: no valid journal superblock found [ 54.951522][ T5058] EXT4-fs (loop1): Could not load journal inode [ 54.958700][ T5056] EXT4-fs (loop0): Remounting filesystem read-only [ 54.965429][ T5056] EXT4-fs (loop0): 1 truncate cleaned up [ 55.139776][ T5091] loop0: detected capacity change from 0 to 512 [ 55.150016][ T5091] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 55.162130][ T5091] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.690: invalid indirect mapped block 2683928664 (level 1) [ 55.162320][ T5091] EXT4-fs (loop0): Remounting filesystem read-only [ 55.162412][ T5091] EXT4-fs (loop0): 1 truncate cleaned up [ 55.506556][ T5118] loop0: detected capacity change from 0 to 512 [ 55.536040][ T5118] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #3: comm syz.0.700: corrupted inode contents [ 55.549285][ T5125] netlink: 'syz.1.702': attribute type 1 has an invalid length. [ 55.572053][ T5118] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #3: comm syz.0.700: mark_inode_dirty error [ 55.572456][ T5118] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #3: comm syz.0.700: corrupted inode contents [ 55.572650][ T5118] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.700: mark_inode_dirty error [ 55.573075][ T5118] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.700: Failed to acquire dquot type 0 [ 55.573546][ T5118] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.700: corrupted inode contents [ 55.573741][ T5118] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #16: comm syz.0.700: mark_inode_dirty error [ 55.573866][ T5118] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.700: corrupted inode contents [ 55.574035][ T5118] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.700: mark_inode_dirty error [ 55.574207][ T5118] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.700: corrupted inode contents [ 55.574385][ T5118] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem [ 55.574624][ T5118] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.700: corrupted inode contents [ 55.574762][ T5118] EXT4-fs error (device loop0): ext4_truncate:4635: inode #16: comm syz.0.700: mark_inode_dirty error [ 55.574863][ T5118] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem [ 55.575327][ T5118] EXT4-fs (loop0): 1 truncate cleaned up [ 55.575785][ T5118] ext4 filesystem being mounted at /156/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.727323][ T5131] netlink: 300 bytes leftover after parsing attributes in process `syz.3.707'. [ 55.813242][ T5143] loop0: detected capacity change from 0 to 512 [ 55.813606][ T5143] EXT4-fs: inline encryption not supported [ 55.880997][ T5151] loop1: detected capacity change from 0 to 128 [ 55.911838][ T5148] program syz.3.713 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 55.945966][ T5153] loop4: detected capacity change from 0 to 512 [ 55.957904][ T5157] xt_CT: You must specify a L4 protocol and not use inversions on it [ 55.967960][ T5153] ------------[ cut here ]------------ [ 55.973725][ T5153] EA inode 11 i_nlink=2 [ 55.973749][ T5153] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x2e6/0x320, CPU#0: syz.4.715/5153 [ 55.988730][ T5153] Modules linked in: [ 55.992659][ T5153] CPU: 0 UID: 0 PID: 5153 Comm: syz.4.715 Not tainted syzkaller #0 PREEMPT(voluntary) [ 56.002426][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.012625][ T5153] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320 [ 56.019250][ T5153] Code: 31 ce 9c ff 4c 8d 2d ea ba 20 05 49 8d 7e 40 e8 91 63 b8 ff 49 8b 6e 40 4c 89 e7 e8 a5 5e b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 2c f9 ba 03 66 66 66 2e 0f 1f 84 [ 56.039035][ T5153] RSP: 0018:ffffc9000189f5a0 EFLAGS: 00010246 [ 56.045132][ T5153] RAX: ffff88811a975d10 RBX: ffff88811a466080 RCX: ffffffff81bb526b [ 56.048468][ T5160] loop1: detected capacity change from 0 to 128 [ 56.053244][ T5153] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0d40 [ 56.067788][ T5153] RBP: 000000000000000b R08: 000188811a466033 R09: 0000000000000000 [ 56.075913][ T5153] R10: ffffc9000189f4d0 R11: 0001c9000189f4d0 R12: ffff88811a466030 [ 56.084044][ T5153] R13: ffffffff86dc0d40 R14: ffff88811a465fe8 R15: 0000000000000001 [ 56.088886][ T5160] ext4 filesystem being mounted at /153/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 56.092151][ T5153] FS: 00007f8113f4f6c0(0000) GS:ffff8882aedc2000(0000) knlGS:0000000000000000 [ 56.111651][ T5153] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.118270][ T5153] CR2: 00007f67a2dd2a60 CR3: 000000011bd5a000 CR4: 00000000003506f0 [ 56.126292][ T5153] DR0: 0000000000007fff DR1: 0000000000000000 DR2: 0000000000000000 [ 56.134415][ T5153] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 56.142636][ T5153] Call Trace: [ 56.146034][ T5153] [ 56.149020][ T5153] ext4_xattr_set_entry+0x77f/0x1020 [ 56.154377][ T5153] ext4_xattr_ibody_set+0x184/0x3c0 [ 56.159678][ T5153] ext4_expand_extra_isize_ea+0xcbb/0x11f0 [ 56.165750][ T5153] __ext4_expand_extra_isize+0x246/0x280 [ 56.171453][ T5153] __ext4_mark_inode_dirty+0x29d/0x3f0 [ 56.177015][ T5153] ext4_evict_inode+0x7c4/0xd40 [ 56.182015][ T5153] ? __pfx_ext4_evict_inode+0x10/0x10 [ 56.187505][ T5153] evict+0x2af/0x510 [ 56.191468][ T5153] ? __dquot_initialize+0x146/0x7c0 [ 56.196858][ T5153] iput+0x4bd/0x650 [ 56.200712][ T5153] ext4_process_orphan+0x1a9/0x1c0 [ 56.205837][ T5153] ext4_orphan_cleanup+0x6a8/0xa00 [ 56.211061][ T5153] ext4_fill_super+0x3411/0x37a0 [ 56.216026][ T5153] ? set_blocksize+0x1a8/0x310 [ 56.220823][ T5153] ? sb_set_blocksize+0xfc/0x170 [ 56.225809][ T5153] ? setup_bdev_super+0x30e/0x370 [ 56.230905][ T5153] ? __pfx_ext4_fill_super+0x10/0x10 [ 56.236218][ T5153] get_tree_bdev_flags+0x291/0x300 [ 56.241352][ T5153] ? __pfx_ext4_fill_super+0x10/0x10 [ 56.246675][ T5153] get_tree_bdev+0x1f/0x30 [ 56.251150][ T5153] ext4_get_tree+0x1c/0x30 [ 56.255731][ T5153] vfs_get_tree+0x57/0x1d0 [ 56.260228][ T5153] do_new_mount+0x24d/0x6a0 [ 56.264734][ T5153] path_mount+0x4ab/0xb80 [ 56.269173][ T5153] ? user_path_at+0xbf/0x130 [ 56.273829][ T5153] __se_sys_mount+0x28c/0x2e0 [ 56.278520][ T5153] __x64_sys_mount+0x67/0x80 [ 56.283169][ T5153] x64_sys_call+0x2cca/0x3000 [ 56.287865][ T5153] do_syscall_64+0xd8/0x2c0 [ 56.292620][ T5153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.298601][ T5153] RIP: 0033:0x7f81154f0eea [ 56.303203][ T5153] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.322872][ T5153] RSP: 002b:00007f8113f4ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 56.331306][ T5153] RAX: ffffffffffffffda RBX: 00007f8113f4eef0 RCX: 00007f81154f0eea [ 56.339303][ T5153] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f8113f4eeb0 [ 56.347311][ T5153] RBP: 0000200000000180 R08: 00007f8113f4eef0 R09: 0000000000800700 [ 56.355364][ T5153] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 56.363352][ T5153] R13: 00007f8113f4eeb0 R14: 000000000000046f R15: 000000000000002c [ 56.371419][ T5153] [ 56.374459][ T5153] ---[ end trace 0000000000000000 ]--- [ 56.380177][ T5153] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #18: comm syz.4.715: iget: bad extra_isize 90 (inode size 256) [ 56.398890][ T5167] loop3: detected capacity change from 0 to 512 [ 56.414568][ T5153] EXT4-fs (loop4): Remounting filesystem read-only [ 56.421731][ T5153] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30) [ 56.431385][ T5167] EXT4-fs (loop3): too many log groups per flexible block group [ 56.435899][ T5153] EXT4-fs (loop4): 1 orphan inode deleted [ 56.456763][ T5167] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 56.477783][ T5167] EXT4-fs (loop3): mount failed [ 56.552192][ T5183] loop0: detected capacity change from 0 to 512 [ 56.561190][ T5185] Buffer I/O error on dev loop7, logical block 0, async page read [ 56.574799][ T5183] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 56.591248][ T5183] EXT4-fs (loop0): mount failed [ 56.591603][ T5185] Buffer I/O error on dev loop7, logical block 0, async page read [ 56.591627][ T5185] loop7: unable to read partition table [ 56.591873][ T5185] loop_reread_partitions: partition scan of loop7 (7x~Sj̖P) failed (rc=-5) [ 56.593431][ T5185] Buffer I/O error on dev loop7, logical block 0, async page read [ 56.593463][ T5185] Buffer I/O error on dev loop7, logical block 0, async page read [ 56.593512][ T5185] loop7: unable to read partition table [ 56.624744][ T5188] xt_CT: You must specify a L4 protocol and not use inversions on it [ 56.763231][ T5204] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #18: comm syz.0.735: iget: bad extra_isize 90 (inode size 256) [ 56.788969][ T5204] EXT4-fs (loop0): Remounting filesystem read-only [ 56.795647][ T5204] EXT4-fs warning (device loop0): ext4_evict_inode:273: xattr delete (err -30) [ 56.825113][ T5204] EXT4-fs (loop0): 1 orphan inode deleted [ 56.888163][ T5217] EXT4-fs: Ignoring removed oldalloc option [ 56.896207][ T5217] EXT4-fs (loop4): 1 truncate cleaned up [ 56.922617][ T5217] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.740: invalid indirect mapped block 234881024 (level 0) [ 56.922775][ T5217] EXT4-fs (loop4): Remounting filesystem read-only [ 57.401434][ T5263] GPT:first_usable_lbas don't match. [ 57.406785][ T5263] GPT:34 != 290 [ 57.410321][ T5263] GPT: Use GNU Parted to correct GPT errors. [ 57.416501][ T5263] loop2: p1 p2 p3 [ 57.632703][ T5278] netlink: 'syz.3.770': attribute type 11 has an invalid length. [ 57.705352][ T5288] netlink: 256 bytes leftover after parsing attributes in process `syz.0.775'. [ 57.726414][ T5294] TCP: TCP_TX_DELAY enabled [ 57.740968][ T5293] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 57.749616][ T5275] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.762521][ T5275] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.763799][ T5293] EXT4-fs (loop4): 1 truncate cleaned up [ 57.904201][ T5321] sctp: [Deprecated]: syz.3.789 (pid 5321) Use of int in max_burst socket option deprecated. [ 57.904201][ T5321] Use struct sctp_assoc_value instead [ 57.948834][ T5327] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #15: comm syz.4.793: corrupted inode contents [ 57.962403][ T5327] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 57.971368][ T5327] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #15: comm syz.4.793: corrupted inode contents [ 57.984165][ T5327] EXT4-fs error (device loop4): ext4_evict_inode:301: inode #15: comm syz.4.793: mark_inode_dirty error [ 57.996815][ T5327] EXT4-fs (loop4): 1 orphan inode deleted [ 58.073496][ T5342] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 58.115023][ T5342] EXT4-fs (loop0): 1 truncate cleaned up [ 58.257792][ T5344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.266344][ T5344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.359578][ T5379] netlink: 20 bytes leftover after parsing attributes in process `syz.2.816'. [ 58.403654][ T5385] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5385 comm=syz.2.819 [ 58.421940][ T5387] netlink: 5 bytes leftover after parsing attributes in process `syz.1.820'. [ 58.431090][ T5387] 0{X: renamed from gretap0 (while UP) [ 58.439001][ T5387] 0{X: entered allmulticast mode [ 58.449703][ T5387] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 58.533993][ T5401] EXT4-fs: Ignoring removed orlov option [ 58.660922][ T5414] netlink: 12 bytes leftover after parsing attributes in process `syz.0.831'. [ 58.660952][ T5414] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 58.812371][ T5418] bridge1: entered promiscuous mode [ 58.953003][ T5430] netlink: 12 bytes leftover after parsing attributes in process `syz.3.839'. [ 58.953046][ T5430] netlink: 12 bytes leftover after parsing attributes in process `syz.3.839'. [ 59.111484][ T5444] syz.3.846 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 59.312414][ T3428] IPVS: starting estimator thread 0... [ 59.370724][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 59.370741][ T29] audit: type=1400 audit(1765954476.593:998): avc: denied { write } for pid=5468 comm="syz.3.856" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 59.409891][ T5467] IPVS: using max 2208 ests per chain, 110400 per kthread [ 59.413532][ T5476] netlink: 'syz.0.859': attribute type 3 has an invalid length. [ 59.428230][ T5476] netlink: 'syz.0.859': attribute type 3 has an invalid length. [ 59.497298][ T5488] netlink: 8 bytes leftover after parsing attributes in process `syz.2.865'. [ 59.539636][ T5494] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 59.768927][ T29] audit: type=1400 audit(1765954476.973:999): avc: denied { firmware_load } for pid=5497 comm="syz.0.870" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 59.890372][ T29] audit: type=1400 audit(1765954477.093:1000): avc: denied { write } for pid=5513 comm="syz.2.877" name="usbmon5" dev="devtmpfs" ino=157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 60.001321][ T5521] openvswitch: netlink: Missing key (keys=40, expected=80) [ 60.053076][ T29] audit: type=1400 audit(1765954477.263:1001): avc: denied { relabelfrom } for pid=5522 comm="syz.4.881" name="NETLINK" dev="sockfs" ino=11970 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 60.077492][ T29] audit: type=1400 audit(1765954477.273:1002): avc: denied { relabelto } for pid=5522 comm="syz.4.881" name="NETLINK" dev="sockfs" ino=11970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 60.225092][ T29] audit: type=1326 audit(1765954477.433:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81154ef749 code=0x7ffc0000 [ 60.248555][ T29] audit: type=1326 audit(1765954477.433:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81154ef749 code=0x7ffc0000 [ 60.271901][ T29] audit: type=1326 audit(1765954477.433:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81154ef749 code=0x7ffc0000 [ 60.295337][ T29] audit: type=1326 audit(1765954477.433:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81154ef749 code=0x7ffc0000 [ 60.318802][ T29] audit: type=1326 audit(1765954477.443:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81154ef749 code=0x7ffc0000 [ 60.410009][ T5549] netlink: 8 bytes leftover after parsing attributes in process `syz.2.895'. [ 60.535730][ T5566] netlink: 48 bytes leftover after parsing attributes in process `syz.1.900'. [ 60.616100][ T5578] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 60.667507][ T5584] set_capacity_and_notify: 12 callbacks suppressed [ 60.667526][ T5584] loop1: detected capacity change from 0 to 164 [ 60.683643][ T5584] ISOFS: unable to read i-node block [ 60.689269][ T5584] isofs_fill_super: get root inode failed [ 60.774406][ T5601] loop2: detected capacity change from 0 to 1024 [ 60.784528][ T5601] EXT4-fs: inline encryption not supported [ 60.791479][ T5603] netlink: 60 bytes leftover after parsing attributes in process `syz.4.919'. [ 60.800413][ T5603] netlink: 60 bytes leftover after parsing attributes in process `syz.4.919'. [ 60.827464][ T5603] netlink: 60 bytes leftover after parsing attributes in process `syz.4.919'. [ 60.836406][ T5603] netlink: 60 bytes leftover after parsing attributes in process `syz.4.919'. [ 60.897959][ T5603] netlink: 60 bytes leftover after parsing attributes in process `syz.4.919'. [ 60.906917][ T5603] netlink: 60 bytes leftover after parsing attributes in process `syz.4.919'. [ 60.931401][ T5615] loop1: detected capacity change from 0 to 2048 [ 61.001477][ T5615] Alternate GPT is invalid, using primary GPT. [ 61.007901][ T5615] loop1: p2 p3 p7 [ 61.169084][ T5639] netlink: 24 bytes leftover after parsing attributes in process `syz.1.934'. [ 61.198995][ T5639] netlink: 52 bytes leftover after parsing attributes in process `syz.1.934'. [ 61.500470][ T5664] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5664 comm=syz.1.947 [ 61.512875][ T5664] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5664 comm=syz.1.947 [ 61.582538][ T5672] loop4: detected capacity change from 0 to 512 [ 61.601111][ T5672] EXT4-fs (loop4): 1 orphan inode deleted [ 61.618624][ T5672] ext4 filesystem being mounted at /191/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.751061][ T5692] netlink: 2 bytes leftover after parsing attributes in process `syz.0.959'. [ 61.817254][ T5697] IPv6: Can't replace route, no match found [ 62.152119][ T5741] loop3: detected capacity change from 0 to 128 [ 62.376964][ T5774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.999'. [ 62.391346][ T5778] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5778 comm=syz.2.1001 [ 62.391381][ T5778] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5778 comm=syz.2.1001 [ 62.468321][ T5784] syz_tun: refused to change device tx_queue_len [ 62.606051][ T5811] process 'syz.3.1017' launched './file1' with NULL argv: empty string added [ 62.870807][ T5860] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5860 comm=syz.0.1040 [ 62.935299][ T5868] 9p: Bad value for 'source' [ 63.427686][ C0] hrtimer: interrupt took 24923 ns [ 63.751131][ T5998] tipc: Started in network mode [ 63.756151][ T5998] tipc: Node identity aaaaaaaaaa33, cluster identity 4711 [ 63.763454][ T5998] tipc: Enabled bearer , priority 2 [ 63.855144][ T6007] block device autoloading is deprecated and will be removed. [ 64.215102][ T6050] loop9: detected capacity change from 0 to 7 [ 64.287702][ T5960] loop4: detected capacity change from 0 to 1024 [ 64.357322][ T5960] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.382337][ T6071] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 64.398175][ T29] kauditd_printk_skb: 192 callbacks suppressed [ 64.398192][ T29] audit: type=1326 audit(1765954481.619:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.0.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 64.447983][ T29] audit: type=1326 audit(1765954481.619:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.0.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 64.471502][ T29] audit: type=1326 audit(1765954481.639:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.0.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 64.494974][ T29] audit: type=1326 audit(1765954481.639:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.0.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 64.518518][ T29] audit: type=1326 audit(1765954481.639:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6072 comm="syz.0.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 64.544257][ T6078] IPv6: Can't replace route, no match found [ 64.600014][ T6092] loop0: detected capacity change from 0 to 512 [ 64.628751][ T29] audit: type=1400 audit(1765954481.799:1205): avc: denied { associate } for pid=6088 comm="syz.0.1150" name="current" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 64.649975][ T29] audit: type=1326 audit(1765954481.839:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6090 comm="syz.3.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 64.673698][ T29] audit: type=1326 audit(1765954481.839:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6090 comm="syz.3.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 64.697167][ T29] audit: type=1326 audit(1765954481.849:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6090 comm="syz.3.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 64.720631][ T29] audit: type=1326 audit(1765954481.849:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6090 comm="syz.3.1151" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 64.746534][ T6092] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 64.767370][ T3499] tipc: Node number set to 10070698 [ 64.796085][ T6092] ext4 filesystem being mounted at /273/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 64.811930][ T6109] loop1: detected capacity change from 0 to 128 [ 64.818736][ T6109] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 64.830910][ T6109] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 64.843630][ T6107] loop3: detected capacity change from 0 to 2048 [ 64.853456][ T6092] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 64.903005][ T53] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 65.409898][ T6201] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1200' sets config #0 [ 65.843387][ T3507] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 65.843734][ T3507] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 65.871833][ T6265] set_capacity_and_notify: 2 callbacks suppressed [ 65.871982][ T6265] loop3: detected capacity change from 0 to 512 [ 65.886393][ T6265] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #18: comm syz.3.1231: iget: bad extra_isize 90 (inode size 256) [ 65.886629][ T6265] EXT4-fs (loop3): Remounting filesystem read-only [ 65.886753][ T6265] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -30) [ 65.886793][ T6265] EXT4-fs (loop3): 1 orphan inode deleted [ 66.306892][ T6336] loop4: detected capacity change from 0 to 128 [ 66.331750][ T6336] ext4 filesystem being mounted at /236/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 66.449296][ T6355] loop3: detected capacity change from 0 to 1024 [ 66.457419][ T6354] loop2: detected capacity change from 0 to 512 [ 66.469986][ T6354] EXT4-fs: Ignoring removed nobh option [ 66.471262][ T6354] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e118, mo2=0002] [ 66.471300][ T6354] System zones: 1-12 [ 66.471385][ T6354] EXT4-fs (loop2): orphan cleanup on readonly fs [ 66.471780][ T6354] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 66.471928][ T6354] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #15: comm syz.2.1273: corrupted inode contents [ 66.472131][ T6354] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #15: comm syz.2.1273: mark_inode_dirty error [ 66.472375][ T6354] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #15: comm syz.2.1273: corrupted inode contents [ 66.472595][ T6354] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3000: inode #15: comm syz.2.1273: mark_inode_dirty error [ 66.472750][ T6354] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3003: inode #15: comm syz.2.1273: mark inode dirty (error -117) [ 66.472900][ T6354] EXT4-fs warning (device loop2): ext4_evict_inode:273: xattr delete (err -117) [ 66.472940][ T6354] EXT4-fs (loop2): 1 orphan inode deleted [ 66.516845][ T6355] ext4 filesystem being mounted at /129/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.698096][ T874] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: comm kworker/u8:7: lblock 0 mapped to illegal pblock 0 (length 1) [ 66.698301][ T874] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 66.724076][ T874] EXT4-fs (loop3): This should not happen!! Data will be lost [ 66.724076][ T874] [ 66.928060][ T6397] netlink: 'syz.0.1290': attribute type 13 has an invalid length. [ 66.940693][ T6397] gretap0: refused to change device tx_queue_len [ 66.940708][ T6397] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 67.306938][ T6416] __nla_validate_parse: 13 callbacks suppressed [ 67.306952][ T6416] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1299'. [ 67.463724][ T6432] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 67.572868][ T6455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1316'. [ 67.581930][ T6455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1316'. [ 67.606749][ T6455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1316'. [ 67.615796][ T6455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1316'. [ 67.687247][ T6455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1316'. [ 67.696346][ T6455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1316'. [ 67.713144][ T6471] loop4: detected capacity change from 0 to 256 [ 67.761491][ T6471] FAT-fs (loop4): Directory bread(block 64) failed [ 67.768064][ T6471] FAT-fs (loop4): Directory bread(block 65) failed [ 67.788775][ T6471] FAT-fs (loop4): Directory bread(block 66) failed [ 67.795692][ T6471] FAT-fs (loop4): Directory bread(block 67) failed [ 67.816780][ T6471] FAT-fs (loop4): Directory bread(block 68) failed [ 67.823413][ T6471] FAT-fs (loop4): Directory bread(block 69) failed [ 67.830052][ T6471] FAT-fs (loop4): Directory bread(block 70) failed [ 67.836617][ T6471] FAT-fs (loop4): Directory bread(block 71) failed [ 67.845303][ T6471] FAT-fs (loop4): Directory bread(block 72) failed [ 67.851946][ T6471] FAT-fs (loop4): Directory bread(block 73) failed [ 68.055697][ T6513] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 68.069230][ T6514] loop3: detected capacity change from 0 to 128 [ 68.076363][ T6513] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 68.133768][ T6516] netlink: 'syz.4.1345': attribute type 12 has an invalid length. [ 68.141675][ T6516] netlink: 'syz.4.1345': attribute type 29 has an invalid length. [ 68.149544][ T6516] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1345'. [ 68.208976][ T6524] SELinux: Context is not valid (left unmapped). [ 68.369197][ T6544] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1359'. [ 68.461014][ T6554] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1364'. [ 68.513609][ T6557] loop3: detected capacity change from 0 to 2048 [ 68.551703][ T6557] EXT4-fs (loop3): failed to initialize system zone (-117) [ 68.581125][ T6557] EXT4-fs (loop3): mount failed [ 68.808809][ T6592] netlink: 'syz.0.1379': attribute type 12 has an invalid length. [ 68.816666][ T6592] netlink: 'syz.0.1379': attribute type 29 has an invalid length. [ 68.966450][ T6597] infiniband syz!: set active [ 68.971186][ T6597] infiniband syz!: added team_slave_0 [ 68.987112][ T6597] RDS/IB: syz!: added [ 68.991908][ T6597] smc: adding ib device syz! with port count 1 [ 68.998100][ T6597] smc: ib device syz! port 1 has no pnetid [ 69.456904][ T6670] loop4: detected capacity change from 0 to 2048 [ 69.481036][ T6670] EXT4-fs (loop4): failed to initialize system zone (-117) [ 69.492880][ T6670] EXT4-fs (loop4): mount failed [ 69.502882][ T29] kauditd_printk_skb: 465 callbacks suppressed [ 69.502954][ T29] audit: type=1326 audit(1765954486.729:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6678 comm="syz.1.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 69.532557][ T29] audit: type=1326 audit(1765954486.729:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6678 comm="syz.1.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 69.555974][ T29] audit: type=1326 audit(1765954486.729:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6678 comm="syz.1.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 69.599899][ T6683] loop1: detected capacity change from 0 to 1164 [ 69.648260][ T29] audit: type=1326 audit(1765954486.739:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6678 comm="syz.1.1418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 69.774328][ T6701] loop4: detected capacity change from 0 to 2048 [ 69.792214][ T29] audit: type=1326 audit(1765954487.019:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6706 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 69.821821][ T29] audit: type=1326 audit(1765954487.019:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6706 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 69.845331][ T29] audit: type=1326 audit(1765954487.019:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6706 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 69.865768][ T6701] EXT4-fs (loop4): failed to initialize system zone (-117) [ 69.868799][ T29] audit: type=1326 audit(1765954487.019:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6706 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 69.868834][ T29] audit: type=1326 audit(1765954487.019:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6706 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 69.876067][ T6701] EXT4-fs (loop4): mount failed [ 69.899569][ T29] audit: type=1326 audit(1765954487.019:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6706 comm="syz.3.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f288f94f749 code=0x7ffc0000 [ 70.084207][ T6734] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 70.267072][ T6768] IPv6: Can't replace route, no match found [ 70.593368][ T6817] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 70.614854][ T6817] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 70.628458][ T6817] EXT4-fs (loop1): 1 truncate cleaned up [ 70.650050][ T6817] EXT4-fs mount: 50 callbacks suppressed [ 70.650068][ T6817] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.687371][ T6825] syz_tun: refused to change device tx_queue_len [ 70.720893][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.737543][ T6831] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 70.870946][ T6855] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 70.892278][ T6855] ext4 filesystem being mounted at /294/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.908682][ T6855] EXT4-fs error (device loop4): ext4_map_blocks:825: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 3) [ 70.923056][ T6855] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 70.935439][ T6855] EXT4-fs (loop4): This should not happen!! Data will be lost [ 70.935439][ T6855] [ 70.946137][ T6855] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 70.963413][ T6867] set_capacity_and_notify: 2 callbacks suppressed [ 70.963429][ T6867] loop3: detected capacity change from 0 to 1764 [ 70.977783][ T6855] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 70.993084][ T6855] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.059048][ T6851] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.109338][ T6855] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.139192][ T6851] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.153395][ T6883] loop2: detected capacity change from 0 to 2048 [ 71.169390][ T6855] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.183904][ T6851] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.203014][ T6851] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #15: block 3: comm syz.4.1502: lblock 3 mapped to illegal pblock 3 (length 1) [ 71.218269][ T6883] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.304132][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.498102][ T6911] loop2: detected capacity change from 0 to 164 [ 71.518849][ T6913] netlink: 'syz.1.1524': attribute type 3 has an invalid length. [ 71.726611][ T1017] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 71.739082][ T1017] EXT4-fs (loop4): This should not happen!! Data will be lost [ 71.739082][ T1017] [ 71.773344][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 71.905072][ T6938] loop4: detected capacity change from 0 to 512 [ 71.927713][ T6938] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 71.927784][ T6938] ext4 filesystem being mounted at /298/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.061931][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.304128][ T6989] loop3: detected capacity change from 0 to 128 [ 72.368096][ T7001] __nla_validate_parse: 15 callbacks suppressed [ 72.368112][ T7001] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1569'. [ 72.823982][ T7028] loop3: detected capacity change from 0 to 1024 [ 72.853734][ T7028] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 72.853858][ T7028] ext4 filesystem being mounted at /187/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.859679][ T7028] EXT4-fs error (device loop3): ext4_map_blocks:825: inode #15: block 3: comm syz.3.1580: lblock 3 mapped to illegal pblock 3 (length 1) [ 72.896533][ T7028] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 72.896613][ T7028] EXT4-fs (loop3): This should not happen!! Data will be lost [ 72.896613][ T7028] [ 72.956526][ T4773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 73.012030][ T7051] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 73.051826][ T7054] netlink: 'syz.1.1591': attribute type 1 has an invalid length. [ 73.075347][ T7058] --map-set only usable from mangle table [ 73.141569][ T7066] loop1: detected capacity change from 0 to 1024 [ 73.141961][ T7066] EXT4-fs: Ignoring removed orlov option [ 73.152736][ T7066] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.199811][ T7071] loop2: detected capacity change from 0 to 1024 [ 73.208397][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.229160][ T7071] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 73.242726][ T7071] ext4 filesystem being mounted at /301/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.277695][ T7085] netlink: 'syz.3.1605': attribute type 21 has an invalid length. [ 73.283492][ T7084] loop1: detected capacity change from 0 to 2048 [ 73.299690][ T7071] EXT4-fs error (device loop2): ext4_map_blocks:825: inode #15: block 3: comm syz.2.1598: lblock 3 mapped to illegal pblock 3 (length 1) [ 73.319971][ T7089] --map-set only usable from mangle table [ 73.321040][ T7084] EXT4-fs: Ignoring removed mblk_io_submit option [ 73.332880][ T7071] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 73.345189][ T7071] EXT4-fs (loop2): This should not happen!! Data will be lost [ 73.345189][ T7071] [ 73.371504][ T7084] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 73.392416][ T7084] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1603: bg 0: block 234: padding at end of block bitmap is not set [ 73.422604][ T7084] EXT4-fs (loop1): Remounting filesystem read-only [ 73.432171][ T7099] loop3: detected capacity change from 0 to 1024 [ 73.438947][ T7099] EXT4-fs: Ignoring removed orlov option [ 73.445902][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.456365][ T7099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.496690][ T4773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.512365][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 73.650364][ T7127] EXT4-fs: Ignoring removed orlov option [ 73.669587][ T7127] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.722484][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.867754][ T7165] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1636'. [ 73.878819][ T7165] bond0: Unable to set up delay as MII monitoring is disabled [ 73.996018][ T7187] netlink: 204 bytes leftover after parsing attributes in process `syz.0.1647'. [ 74.009325][ T7191] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1649'. [ 74.018385][ T7191] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1649'. [ 74.108951][ T7203] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 74.121185][ T7203] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.138631][ T7203] EXT4-fs error (device loop4): ext4_map_blocks:825: inode #15: block 3: comm syz.4.1654: lblock 3 mapped to illegal pblock 3 (length 1) [ 74.153051][ T7203] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 74.165399][ T7203] EXT4-fs (loop4): This should not happen!! Data will be lost [ 74.165399][ T7203] [ 74.215465][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.222964][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.230546][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.237944][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.245435][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.253014][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.260570][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.268148][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.275621][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.283142][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 74.291475][ T23] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [sy] on syz0 [ 74.318256][ T7224] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1664'. [ 74.338957][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 74.420695][ T7240] GUP no longer grows the stack in syz.4.1672 (7240): 200000004000-20000000a000 (200000002000) [ 74.431104][ T7240] CPU: 1 UID: 0 PID: 7240 Comm: syz.4.1672 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 74.431191][ T7240] Tainted: [W]=WARN [ 74.431235][ T7240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 74.431253][ T7240] Call Trace: [ 74.431261][ T7240] [ 74.431271][ T7240] __dump_stack+0x1d/0x30 [ 74.431303][ T7240] dump_stack_lvl+0xe8/0x140 [ 74.431328][ T7240] dump_stack+0x15/0x1b [ 74.431424][ T7240] __get_user_pages+0x1979/0x1ed0 [ 74.431467][ T7240] ? __rcu_read_unlock+0x4f/0x70 [ 74.431555][ T7240] get_user_pages_remote+0x1d5/0x6c0 [ 74.431594][ T7240] __access_remote_vm+0x15c/0x590 [ 74.431633][ T7240] access_remote_vm+0x32/0x40 [ 74.431706][ T7240] proc_pid_cmdline_read+0x32b/0x6c0 [ 74.431736][ T7240] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 74.431764][ T7240] vfs_readv+0x3fb/0x690 [ 74.431844][ T7240] __x64_sys_preadv+0xfd/0x1c0 [ 74.431869][ T7240] x64_sys_call+0x2805/0x3000 [ 74.431968][ T7240] do_syscall_64+0xd8/0x2c0 [ 74.432076][ T7240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.432099][ T7240] RIP: 0033:0x7f81154ef749 [ 74.432127][ T7240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.432192][ T7240] RSP: 002b:00007f8113f4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 74.432211][ T7240] RAX: ffffffffffffffda RBX: 00007f8115745fa0 RCX: 00007f81154ef749 [ 74.432237][ T7240] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 74.432249][ T7240] RBP: 00007f8115573f91 R08: 0000000000000000 R09: 0000000000000000 [ 74.432261][ T7240] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 74.432273][ T7240] R13: 00007f8115746038 R14: 00007f8115745fa0 R15: 00007ffee5031f18 [ 74.432294][ T7240] [ 74.654198][ T29] kauditd_printk_skb: 339 callbacks suppressed [ 74.654212][ T29] audit: type=1400 audit(1765954491.879:2024): avc: denied { mount } for pid=7249 comm="syz.1.1678" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 74.682779][ T7254] netlink: 'syz.3.1679': attribute type 1 has an invalid length. [ 74.701874][ T29] audit: type=1400 audit(1765954491.929:2025): avc: denied { unmount } for pid=3324 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 74.775008][ T7266] SELinux: Context system_u:object_r:auditd_log_t:s0 is not valid (left unmapped). [ 74.782158][ T29] audit: type=1326 audit(1765954491.999:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7265 comm="syz.2.1685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed92f5f749 code=0x7ffc0000 [ 74.807915][ T29] audit: type=1326 audit(1765954491.999:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7265 comm="syz.2.1685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fed92f5f749 code=0x7ffc0000 [ 74.859662][ T7273] FAT-fs (loop1): Directory bread(block 32) failed [ 74.875218][ T7273] FAT-fs (loop1): Directory bread(block 33) failed [ 74.887732][ T7273] FAT-fs (loop1): Directory bread(block 34) failed [ 74.899642][ T7275] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 74.921207][ T7273] FAT-fs (loop1): Directory bread(block 35) failed [ 74.927942][ T7273] FAT-fs (loop1): Directory bread(block 36) failed [ 74.944528][ T7273] FAT-fs (loop1): Directory bread(block 37) failed [ 74.953398][ T7273] FAT-fs (loop1): Directory bread(block 38) failed [ 74.959993][ T7273] FAT-fs (loop1): Directory bread(block 39) failed [ 74.966557][ T7273] FAT-fs (loop1): Directory bread(block 40) failed [ 74.973327][ T7273] FAT-fs (loop1): Directory bread(block 41) failed [ 74.985823][ T29] audit: type=1400 audit(1765954492.009:2028): avc: denied { relabelto } for pid=7265 comm="syz.2.1685" name="file0" dev="tmpfs" ino=1604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:auditd_log_t:s0" [ 74.987059][ T7275] EXT4-fs (loop2): 1 truncate cleaned up [ 75.012401][ T29] audit: type=1400 audit(1765954492.009:2029): avc: denied { associate } for pid=7265 comm="syz.2.1685" name="file0" dev="tmpfs" ino=1604 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:auditd_log_t:s0" [ 75.012440][ T29] audit: type=1326 audit(1765954492.009:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7265 comm="syz.2.1685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed92f5f749 code=0x7ffc0000 [ 75.068736][ T29] audit: type=1326 audit(1765954492.039:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7265 comm="syz.2.1685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed92f5f749 code=0x7ffc0000 [ 75.079154][ T7275] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.092226][ T29] audit: type=1400 audit(1765954492.109:2032): avc: denied { rmdir } for pid=3320 comm="syz-executor" name="file0" dev="tmpfs" ino=1604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:auditd_log_t:s0" [ 75.131247][ T7278] SELinux: Context system_u:object_r:mouse_device_t:s0 is not valid (left unmapped). [ 75.148055][ T29] audit: type=1400 audit(1765954492.369:2033): avc: denied { relabelto } for pid=7277 comm="syz.4.1691" name="NETLINK" dev="sockfs" ino=17787 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:mouse_device_t:s0" [ 75.158958][ T7273] bio_check_eod: 101 callbacks suppressed [ 75.158975][ T7273] syz.1.1689: attempt to access beyond end of device [ 75.158975][ T7273] loop1: rw=8388608, sector=4108, nr_sectors = 4 limit=128 [ 75.197739][ T7273] syz.1.1689: attempt to access beyond end of device [ 75.197739][ T7273] loop1: rw=8388608, sector=4600, nr_sectors = 4 limit=128 [ 75.217463][ T7275] netlink: 'syz.2.1690': attribute type 1 has an invalid length. [ 75.225427][ T7275] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1690'. [ 75.286312][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.346775][ T7306] openvswitch: netlink: Missing key (keys=40, expected=80) [ 75.392789][ T7312] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 75.406984][ T7312] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1706: invalid indirect mapped block 4294967295 (level 0) [ 75.432746][ T7314] SELinux: Context system_u:object_r:restorecond_exec_t:s0 is not valid (left unmapped). [ 75.449392][ T7312] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #16: comm syz.2.1706: invalid indirect mapped block 4294967295 (level 1) [ 75.466161][ T7319] IPVS: Error connecting to the multicast addr [ 75.488483][ T7312] EXT4-fs (loop2): 1 orphan inode deleted [ 75.494332][ T7312] EXT4-fs (loop2): 1 truncate cleaned up [ 75.529508][ T7312] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.575100][ T7312] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 75.639360][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.653306][ T7341] Alternate GPT is invalid, using primary GPT. [ 75.659790][ T7341] loop3: p2 p3 p7 [ 75.671922][ T7350] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.684757][ T7350] ext4 filesystem being mounted at /337/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.684822][ T7355] random: crng reseeded on system resumption [ 75.703527][ T7351] IPVS: Error connecting to the multicast addr [ 75.803640][ T7360] ISOFS: unable to read i-node block [ 75.814666][ T7360] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 75.826411][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.881695][ T7366] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 75.903620][ T7366] EXT4-fs (loop4): orphan cleanup on readonly fs [ 75.929804][ T7366] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.1730: corrupted inode contents [ 75.945712][ T7381] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1735'. [ 75.954836][ T7381] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1735'. [ 75.969773][ T7366] EXT4-fs (loop4): Remounting filesystem read-only [ 75.977918][ T7381] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1735'. [ 75.983352][ T7366] EXT4-fs (loop4): 1 truncate cleaned up [ 75.993714][ T2812] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 76.004447][ T2812] EXT4-fs (loop4): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 76.015563][ T2812] EXT4-fs (loop4): Quota write (off=8, len=24) cancelled because transaction is not started [ 76.026867][ T7366] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.051822][ T7382] bridge_slave_0: left allmulticast mode [ 76.057493][ T7382] bridge_slave_0: left promiscuous mode [ 76.063544][ T7382] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.073186][ T7382] bridge_slave_1: left allmulticast mode [ 76.079044][ T7382] bridge_slave_1: left promiscuous mode [ 76.084717][ T7382] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.099635][ T7382] bond0: (slave bond_slave_0): Releasing backup interface [ 76.107232][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.123655][ T7382] bond0: (slave bond_slave_1): Releasing backup interface [ 76.149069][ T7382] team0: Port device team_slave_0 removed [ 76.164647][ T7382] team0: Port device team_slave_1 removed [ 76.171879][ T7382] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.179297][ T7382] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.199588][ T7382] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.207046][ T7382] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.284718][ T7382] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 76.480159][ T7432] netlink: 'syz.2.1763': attribute type 7 has an invalid length. [ 76.488205][ T7434] set_capacity_and_notify: 9 callbacks suppressed [ 76.488220][ T7434] loop1: detected capacity change from 0 to 1024 [ 76.503283][ T7434] EXT4-fs: Ignoring removed orlov option [ 76.509389][ T7434] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 76.540372][ T7438] loop2: detected capacity change from 0 to 512 [ 76.547288][ T7434] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.569586][ T7434] EXT4-fs error (device loop1): ext4_find_dest_de:2050: inode #12: block 7: comm syz.1.1762: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 76.590056][ T7438] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 76.598255][ T7438] EXT4-fs (loop2): orphan cleanup on readonly fs [ 76.606104][ T7438] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.1765: corrupted inode contents [ 76.618321][ T7438] EXT4-fs (loop2): Remounting filesystem read-only [ 76.625060][ T7438] EXT4-fs (loop2): 1 truncate cleaned up [ 76.631515][ T2812] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 76.642169][ T2812] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 76.654805][ T2812] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 76.665554][ T7438] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 76.681137][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.694869][ T7449] loop4: detected capacity change from 0 to 1024 [ 76.708127][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.728922][ T7449] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.826903][ T7469] netlink: 'syz.1.1775': attribute type 3 has an invalid length. [ 76.828494][ T7449] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4215: comm syz.4.1769: Allocating blocks 497-513 which overlap fs metadata [ 76.850721][ T7449] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4215: comm syz.4.1769: Allocating blocks 497-513 which overlap fs metadata [ 76.852884][ T7469] netlink: 'syz.1.1775': attribute type 3 has an invalid length. [ 76.877274][ T7448] EXT4-fs (loop4): pa ffff888107ade2a0: logic 128, phys. 385, len 8 [ 76.885403][ T7448] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 1 [ 76.903386][ T7473] loop2: detected capacity change from 0 to 1024 [ 76.910396][ T7473] EXT4-fs: Ignoring removed bh option [ 76.924013][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.945712][ T7473] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.977187][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.001840][ T7486] loop1: detected capacity change from 0 to 256 [ 77.029788][ T7486] FAT-fs (loop1): Directory bread(block 64) failed [ 77.036336][ T7486] FAT-fs (loop1): Directory bread(block 65) failed [ 77.047220][ T7486] FAT-fs (loop1): Directory bread(block 66) failed [ 77.054086][ T7486] FAT-fs (loop1): Directory bread(block 67) failed [ 77.054481][ T7488] team0: Port device team_slave_1 removed [ 77.060793][ T7486] FAT-fs (loop1): Directory bread(block 68) failed [ 77.073069][ T7486] FAT-fs (loop1): Directory bread(block 69) failed [ 77.079636][ T7486] FAT-fs (loop1): Directory bread(block 70) failed [ 77.086236][ T7486] FAT-fs (loop1): Directory bread(block 71) failed [ 77.109130][ T7486] FAT-fs (loop1): Directory bread(block 72) failed [ 77.115842][ T7486] FAT-fs (loop1): Directory bread(block 73) failed [ 77.231906][ T7509] loop2: detected capacity change from 0 to 128 [ 77.240423][ T7509] SELinux: policydb version 949191460 does not match my version range 15-35 [ 77.251521][ T7509] SELinux: failed to load policy [ 77.330586][ T7526] loop2: detected capacity change from 0 to 128 [ 77.498456][ T7558] geneve2: entered promiscuous mode [ 77.503717][ T7558] geneve2: entered allmulticast mode [ 78.117696][ T7569] __nla_validate_parse: 4 callbacks suppressed [ 78.117714][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1819'. [ 78.119809][ T7570] xt_CT: No such helper "pptp" [ 78.177207][ T7579] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1824' sets config #0 [ 78.330191][ T7609] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1842'. [ 78.459899][ T7633] netlink: 'syz.3.1853': attribute type 3 has an invalid length. [ 78.467771][ T7633] netlink: 'syz.3.1853': attribute type 3 has an invalid length. [ 78.499759][ T7635] netlink: 'syz.3.1854': attribute type 4 has an invalid length. [ 78.551003][ T7641] netlink: 'syz.3.1854': attribute type 4 has an invalid length. [ 78.822439][ T7680] 9p: Bad value for 'rfdno' [ 79.118268][ T7711] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1890'. [ 79.141743][ T7715] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7715 comm=syz.3.1891 [ 79.229815][ T7723] bridge0: port 3(batadv1) entered blocking state [ 79.236414][ T7723] bridge0: port 3(batadv1) entered disabled state [ 79.243152][ T7723] batadv1: entered allmulticast mode [ 79.249314][ T7723] batadv1: entered promiscuous mode [ 79.287940][ T7729] loop1: detected capacity change from 0 to 512 [ 79.296416][ T7729] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 79.307961][ T7729] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it [ 79.307983][ T7729] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.1899: Corrupt directory, running e2fsck is recommended [ 79.310457][ T7729] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 79.343591][ T7729] EXT4-fs error (device loop1): ext4_iget_extra_inode:5073: inode #15: comm syz.1.1899: corrupted in-inode xattr: e_name out of bounds [ 79.343806][ T7729] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1899: couldn't read orphan inode 15 (err -117) [ 79.344431][ T7729] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 79.380829][ T7735] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 79.398973][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.630312][ T7755] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 79.728784][ T887] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 79.728801][ T887] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 79.867818][ T29] kauditd_printk_skb: 389 callbacks suppressed [ 79.867832][ T29] audit: type=1326 audit(1765954753.088:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.867970][ T29] audit: type=1326 audit(1765954753.088:2412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.867992][ T29] audit: type=1326 audit(1765954753.088:2413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.868039][ T29] audit: type=1326 audit(1765954753.088:2414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.871296][ T29] audit: type=1326 audit(1765954753.088:2415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.991827][ T29] audit: type=1326 audit(1765954753.088:2416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.991888][ T29] audit: type=1326 audit(1765954753.088:2417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.991921][ T29] audit: type=1326 audit(1765954753.088:2418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.991990][ T29] audit: type=1326 audit(1765954753.088:2419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 79.992080][ T29] audit: type=1326 audit(1765954753.098:2420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7773 comm="syz.0.1918" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c082ff749 code=0x7ffc0000 [ 80.117773][ T7777] wireguard0: entered promiscuous mode [ 80.117816][ T7777] wireguard0: entered allmulticast mode [ 80.255415][ T7802] netlink: 'syz.0.1930': attribute type 7 has an invalid length. [ 80.263312][ T7802] netlink: 140 bytes leftover after parsing attributes in process `syz.0.1930'. [ 80.276435][ T7805] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1931'. [ 80.355515][ T7815] loop3: detected capacity change from 0 to 512 [ 80.362758][ T7815] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 80.381385][ T7815] EXT4-fs (loop3): 1 truncate cleaned up [ 80.394340][ T7815] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.486461][ T4773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.548337][ T7833] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1943'. [ 80.611389][ T7842] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 80.715784][ T7860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.724401][ T7860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.161708][ T7862] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1957'. [ 81.204220][ T7864] netlink: 'syz.3.1958': attribute type 1 has an invalid length. [ 81.261053][ T4630] hid (null): report_id 3804673681 is invalid [ 81.267230][ T4630] hid (null): global environment stack underflow [ 81.273652][ T4630] hid (null): report_id 0 is invalid [ 81.278988][ T4630] hid (null): invalid report_size 11153 [ 81.284697][ T4630] hid (null): unknown global tag 0xe [ 81.290027][ T4630] hid (null): unknown global tag 0xc2 [ 81.295409][ T4630] hid (null): unknown global tag 0xe [ 81.302439][ T4630] hid-generic 0002:0400:01F0.0003: report_id 3804673681 is invalid [ 81.310459][ T4630] hid-generic 0002:0400:01F0.0003: item 0 4 1 8 parsing failed [ 81.356227][ T4630] hid-generic 0002:0400:01F0.0003: probe with driver hid-generic failed with error -22 [ 81.397916][ T7885] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1968'. [ 81.999572][ T7950] macvtap1: entered promiscuous mode [ 82.004963][ T7950] macvtap1: entered allmulticast mode [ 82.082755][ T7964] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2003'. [ 82.103867][ T7968] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2004'. [ 82.157787][ T7977] loop4: detected capacity change from 0 to 512 [ 82.180523][ T7977] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 82.189722][ T7977] EXT4-fs (loop4): orphan cleanup on readonly fs [ 82.196745][ T7977] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2009: Failed to acquire dquot type 1 [ 82.208365][ T7977] EXT4-fs (loop4): Remounting filesystem read-only [ 82.215929][ T7977] EXT4-fs (loop4): 1 truncate cleaned up [ 82.223358][ T7977] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 82.247628][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.501740][ T53] Bluetooth: hci0: Frame reassembly failed (-84) [ 82.943654][ T8068] loop3: detected capacity change from 0 to 512 [ 82.959854][ T8068] EXT4-fs (loop3): too many log groups per flexible block group [ 82.967529][ T8068] EXT4-fs (loop3): failed to initialize mballoc (-12) [ 82.974501][ T8068] EXT4-fs (loop3): mount failed [ 83.016673][ T8076] netlink: 'syz.2.2053': attribute type 3 has an invalid length. [ 83.024816][ T8076] netlink: 'syz.2.2053': attribute type 3 has an invalid length. [ 83.297662][ T8119] loop2: detected capacity change from 0 to 128 [ 83.582332][ T8163] sg_write: data in/out 49276/1 bytes for SCSI command 0x6-- guessing data in; [ 83.582332][ T8163] program syz.3.2096 not setting count and/or reply_len properly [ 83.660285][ T8172] netlink: 'syz.3.2100': attribute type 5 has an invalid length. [ 83.712373][ T8177] __nla_validate_parse: 18 callbacks suppressed [ 83.712391][ T8177] netlink: 332 bytes leftover after parsing attributes in process `syz.3.2103'. [ 84.219992][ T8215] loop3: detected capacity change from 0 to 512 [ 84.229950][ T8215] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 84.244506][ T8215] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 84.278126][ T8215] EXT4-fs (loop3): orphan cleanup on readonly fs [ 84.284587][ T8215] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.2121: bad orphan inode 267 [ 84.342913][ T8215] EXT4-fs (loop3): Remounting filesystem read-only [ 84.359476][ T8215] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 84.374495][ T8215] EXT4-fs warning (device loop3): dx_probe:861: inode #2: comm syz.3.2121: dx entry: limit 0 != root limit 125 [ 84.386418][ T8215] EXT4-fs warning (device loop3): dx_probe:934: inode #2: comm syz.3.2121: Corrupt directory, running e2fsck is recommended [ 84.420256][ T4773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 84.444862][ T8232] 9p: Bad value for 'wfdno' [ 84.528814][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 84.532508][ T3620] Bluetooth: hci0: command 0x1003 tx timeout [ 84.709435][ T23] hid_parser_main: 22 callbacks suppressed [ 84.709457][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.722824][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.730272][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.737694][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.745136][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.752639][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.760151][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.767619][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.775107][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.782681][ T23] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0 [ 84.793007][ T23] hid-generic 0000:0004:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 84.937316][ T29] kauditd_printk_skb: 718 callbacks suppressed [ 84.937347][ T29] audit: type=1400 audit(1765954758.158:3137): avc: denied { execute } for pid=8286 comm="syz.1.2155" name="cgroup" dev="tmpfs" ino=2232 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=lnk_file permissive=1 [ 84.987745][ T29] audit: type=1400 audit(1765954758.208:3138): avc: denied { setopt } for pid=8290 comm="syz.2.2157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 85.013149][ T8293] SELinux: policydb version 949191445 does not match my version range 15-35 [ 85.022257][ T8293] SELinux: failed to load policy [ 85.211555][ T8299] program syz.1.2161 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 85.319348][ T29] audit: type=1326 audit(1765954758.548:3139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.359967][ T29] audit: type=1326 audit(1765954758.548:3140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.383730][ T29] audit: type=1326 audit(1765954758.568:3141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.383769][ T29] audit: type=1326 audit(1765954758.568:3142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.383867][ T29] audit: type=1326 audit(1765954758.568:3143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.383898][ T29] audit: type=1326 audit(1765954758.568:3144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.384006][ T29] audit: type=1326 audit(1765954758.568:3145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.384051][ T29] audit: type=1326 audit(1765954758.568:3146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8312 comm="syz.1.2167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f67a2def749 code=0x7ffc0000 [ 85.538514][ T8324] netlink: 'syz.4.2172': attribute type 3 has an invalid length. [ 85.758803][ T8340] loop4: detected capacity change from 0 to 512 [ 85.759139][ T8340] EXT4-fs: Ignoring removed bh option [ 85.777901][ T8340] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.778098][ T8340] ext4 filesystem being mounted at /414/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 85.819946][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.862817][ T8350] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.050304][ T8365] xt_hashlimit: max too large, truncated to 1048576 [ 86.144486][ T8372] ================================================================== [ 86.144511][ T8372] BUG: KCSAN: data-race in bq_flush_to_queue / cpu_map_kthread_run [ 86.144536][ T8372] [ 86.144542][ T8372] write to 0xffff88812ab41898 of 8 bytes by task 8374 on cpu 0: [ 86.144556][ T8372] cpu_map_kthread_run+0x529/0x1560 [ 86.144584][ T8372] kthread+0x489/0x510 [ 86.144612][ T8372] ret_from_fork+0x149/0x290 [ 86.144637][ T8372] ret_from_fork_asm+0x1a/0x30 [ 86.144662][ T8372] [ 86.144670][ T8372] read to 0xffff88812ab41898 of 8 bytes by task 8372 on cpu 1: [ 86.144689][ T8372] bq_flush_to_queue+0x124/0x350 [ 86.144714][ T8372] cpu_map_enqueue+0x1a6/0x1c0 [ 86.144737][ T8372] xdp_do_redirect_frame+0x27c/0x560 [ 86.144761][ T8372] bpf_test_run_xdp_live+0x98c/0x11d0 [ 86.144796][ T8372] bpf_prog_test_run_xdp+0x525/0x970 [ 86.144838][ T8372] bpf_prog_test_run+0x22a/0x390 [ 86.144859][ T8372] __sys_bpf+0x4c0/0x7c0 [ 86.144881][ T8372] __x64_sys_bpf+0x41/0x50 [ 86.144913][ T8372] x64_sys_call+0x28e1/0x3000 [ 86.144934][ T8372] do_syscall_64+0xd8/0x2c0 [ 86.144964][ T8372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.144989][ T8372] [ 86.144994][ T8372] value changed: 0xffff88812703c070 -> 0x0000000000000000 [ 86.145008][ T8372] [ 86.145013][ T8372] Reported by Kernel Concurrency Sanitizer on: [ 86.145029][ T8372] CPU: 1 UID: 0 PID: 8372 Comm: syz.3.2192 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 86.145065][ T8372] Tainted: [W]=WARN [ 86.145074][ T8372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 86.145090][ T8372] ================================================================== [ 86.197802][ T8381] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2196'.