last executing test programs: 57.591375284s ago: executing program 1 (id=3405): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000020000000000002000085000000ae00000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x41, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kfree\x00', r1}, 0x18) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) close(r0) 57.529338989s ago: executing program 1 (id=3407): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000004c0)='signal_generate\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 57.462009195s ago: executing program 1 (id=3410): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) unshare(0x26000400) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = mq_open(&(0x7f00000004c0)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!T\xednux\x02\xc7\x12\xec\xca7\xbc\x1fS\x1c\x05y\x91\xe5\x9aL\xa9u\b\x00\x00\x00\xa0pC\x19\x9b\vY\x186\xa4\xe7\x1eg{`\xfa\xf3n\x8fIj6f\xfb\x13-g\x19(a6\x18\xe24nz\x83w8\xff\xfb\x83\f\x9a\xda\xc5w\x8eo\x02\xa3\xc1\x83\x91\xc6\xfd\x8c\xc4s\x03\x16\xa4+\xce|^\x98K_0\x8a\xb0\xff~\x1e\xd92\xb4r\xd8\xe7', 0x40, 0x110, 0x0) mq_timedreceive(r1, 0x0, 0xfffffffffffffee3, 0x2000000, 0x0) 56.567872796s ago: executing program 1 (id=3421): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) umount2(&(0x7f0000000280)='./file0/file0/file0\x00', 0xa) 56.490331362s ago: executing program 1 (id=3423): timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) r1 = socket(0x10, 0x3, 0x0) write(r1, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14) recvmmsg(r1, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8) timer_settime(r0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 56.196120096s ago: executing program 1 (id=3425): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 56.195006896s ago: executing program 32 (id=3425): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 38.02619s ago: executing program 5 (id=3845): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newtfilter={0x24, 0x11, 0x1, 0x691522ec, 0x0, {0x0, 0x0, 0x74, r3, {0x10, 0xf}, {}, {0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 37.695159476s ago: executing program 5 (id=3856): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000180)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=""/198, 0xc6}, 0x5cd}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000d80)=""/7, 0x7}, 0xf1a1}], 0x2, 0x45833af92e4b39ff, 0x0) 37.52418691s ago: executing program 5 (id=3860): pread64(0xffffffffffffffff, 0x0, 0x0, 0x7) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f0000000540), 0x1, 0x4b8, &(0x7f0000000a40)="$eJzs3c9rHFUcAPA3u02apNH+UKStYAsV6g+6mx9IE/XiST0U1IIICjUm21izyYbspjahh1RvPXgQRUE8ePcv8GJPFkE86108SEVrBBWElZndbTc/Ni422a2ZzwcmO/Nmst/3svm+nX0zsxOA1Doe/4hCGAwhfBtC2F9bXLvB8drD6s3Lk/EUhWr17C9Rsl283Ni08Xv7QggrIYS+EMJLz4bwRrQxbnlpeWaiWCws1Jfzldn5fHlp+dSF2YnpwnRhbnjs9Pj42NDoyPi2tfXqe29dPfPF872f//Hujevvf/VlXK3B+rrmdmynWtN7wsGmsj0hhKd3IlgXZOvt6e92RfhP4tfvvhDCiST/94ds8moCaVCtVqt/V/e2Wr1SBXatTLIPHGVyIYTafCaTy9X24e8PA5liqVx5/HxpcW6qtq98IPRkzl8oFobqnxUOhJ4oXh5O5m8vj6xbHg0h2Qf+INufLOcmS8WpznZ1wDr71uX/79la/gMp4SM/pFfb+f/KztYD6Dzv/5Be8h/SS/5Desl/SC/5D+kl/yG95D+kl/yH9JL/kEovnDkTT9XG9e9TF5cWZ0oXT00VyjO52cXJ3GRpYT43XSpNJ9fszP7b8xVLpfnhJ8LipXylUK7ky0vL52ZLi3OVc8l1/ecKPR1pFdCOg8eufR+FEFae7E+mWG99nVyF3a1ajUK3r0EGuiPb7Q4I6BpDf5BePuMDm3xF7xp9rVbMb39dgM7IdLsCQNecPOL4H6SV8X9IL+P/kF728QHj/5A+xv8hvQZb3P/rnqZ7dw2FEO4NIXyX7dnbuNcXsBtkforq+/8n9z88uH5tb/RncoigN4Tw9idnP7o0UaksDMflv94qr3xcLx/pRv2BdjXytJHHAEB6rd68PNmYmsv7dzjuz8/UTkLYGH9PfWyyLzlGObAarTlXIdqmcxdWroQQDm8WP6rf77x25GNgNbsh/qH6Y1R7iqS+e5L7pncm/pGm+A81xT96x38VSIdrcf8ztFn+ZZKcDrfyb23/M7hN50607v8yt/q/bIv+71ibMd789J0fW8a/EsLRTeM34vUlsdbHj+t2ss34N157+YFW66qf1Z5ns/gN8Vy+MjufLy8tn0q+R266MDc8dnp8fGxodGQ8n4xR5xsj1Rs9dfib61u1f6BF/K3aH5c92mb7/3rw61ePbxH/kRObv/6Htogfvy8/1mb830Z+eH1tSc+LzfGnWrQ/s0X8uGy0zfjlD5/b2+amAEAHlJeWZyaKxcKCGTP/t5k7+u+N96DvilbcpTPd7pmAnXY76btdEwAAAAAAAAAAAKBdnTiduNttBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYDf4JAAD//96Q1PM=") epoll_create1(0x80000) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, r1, &(0x7f0000000100), 0x41000004, 0x0) 37.123136421s ago: executing program 5 (id=3862): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000a40)={[{@stripe={'stripe', 0x3d, 0x3}}, {@noauto_da_alloc}, {@jqfmt_vfsold}, {@data_err_ignore}, {@noauto_da_alloc}, {@delalloc}, {@resuid}, {@oldalloc}, {@jqfmt_vfsv1}]}, 0xfc, 0x550, &(0x7f0000000b00)="$eJzs3d9rW1UcAPDvTdv91nUwhvoghT04mUvX1h8TfJiPosOBvs/Q3pXRZBlNOtY6cHtwL77IEEQciH+A7z4O/wH/ioEOhoyiD75EbnrTZWvSZm22Zubzgduec89Nzz0593t6bk5CAhhaE9mPQsSrEfFtEnG4rWw08sKJteNWH16fzbYkGo3P/koiyfe1jk/y3wfzzCsR8dvXEScLG+utLa8slMrldDHPT9YrVyZryyunLlVK8+l8enl6ZubMOzPT77/3bt/a+ub5f3749O5HZ745vvr9L/eP3E7ibBzKy9rbsQM32jMTMZE/J2Nx9okDp/pQ2SBJdvsE2JaRPM7HIhsDDsdIHvXA/99XEdEAhlQi/mFIteYBrXv7Pt0HvzAefLh2A7Sx/aNrr43Evua90YHV5LE7o+x+d7wP9Wd1/PrnndvZFv17HQJgSzduRsTp0dGN41+Sj3/bd7qHY56sw/gHz8/dbP7zVqf5T2F9/hMd5j8HO8Tudmwd/4X7faimq2z+90HH+e/6otX4SJ57qTnnG0suXiqn2dj2ckSciLG9WX6z9Zwzq/ca3cra53/ZltXfmgvm53F/dO/jj5kr1Us7aXO7BzcjXus4/03W+z/p0P/Z83G+xzqOpXde71a2dfufrcbPEW907P9HK1rJ5uuTk83rYbJ1VWz0961jv3erf7fbn/X/gc3bP560r9fWnr6On/b9m3Yr2+71vyf5vJnek++7VqrXF6ci9iSfbNw//eixrXzr+Kz9J45vPv51uv73R8QXPbb/1tFbXQ8dhP6fe6r+f/rEvY+//LFb/b31/9vN1Il8Ty/jX68nuJPnDgAAAAAAAAZNISIORVIorqcLhWJx7f0dR+NAoVyt1U9erC5dnovmZ2XHY6zQWuk+3PZ+iKn8/bCt/PQT+ZmIOBIR343sb+aLs9Xy3G43HgAAAAAAAAAAAAAAAAAAAAbEwYh9nT7/n/ljZLfPDnjmfOU3DK/u8Z+X9OObnoCB5P8/DC/xD8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8AAAAAAAAAAAAAAAAAAAAAAAAAAADQV+fPncu2xurD67NZfu7q8tJC9eqpubS2UKwszRZnq4tXivPV6nw5Lc5WK1v9vXK1emVqOpauTdbTWn2ytrxyoVJduly/cKlSmk8vpGPPpVUAAAAAAAAAAAAAAAAAAADwYqktryyUyuV0UUJiW4nRwTgNiT4ndntkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH/gsAAP//sQI4ww==") openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000380)="e9", 0x1}], 0x1, 0x7fff, 0x0, 0x0) 36.781656469s ago: executing program 5 (id=3872): socket$kcm(0xa, 0x2, 0x88) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a001000000002800000128c", 0x2e}], 0x1}, 0x0) 36.400192719s ago: executing program 5 (id=3894): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x2, 0x40, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xa}, 0x0, 0x0, 0x0, 0x9, 0x800000007, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 36.370623472s ago: executing program 33 (id=3894): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x8, 0x80, 0x0, 0x2, 0x40, 0x7, 0x2, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080), 0xa}, 0x0, 0x0, 0x0, 0x9, 0x800000007, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 2.119274661s ago: executing program 0 (id=4740): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, &(0x7f0000001700)=""/47}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f0000000140)="24000000010006", 0x7) 2.041939187s ago: executing program 0 (id=4741): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4) close_range(r2, 0xffffffffffffffff, 0x0) 1.959489864s ago: executing program 0 (id=4753): r0 = socket$inet(0x2, 0x80001, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10) listen(r1, 0x3) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10) listen(r0, 0x3) 1.839615773s ago: executing program 0 (id=4746): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) write$binfmt_format(r0, &(0x7f0000000100)='0\x00', 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="ca", 0x1) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000340)=[0x1, 0x2], 0x0, 0x0, 0x2}}, 0x40) mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6002, &(0x7f0000000000)=0x3, 0xf, 0x0) 1.723901482s ago: executing program 0 (id=4747): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3ff}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='timer_start\x00', r2}, 0x18) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000180)) 1.723165703s ago: executing program 0 (id=4749): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x3c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x13) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc) 1.484628142s ago: executing program 3 (id=4761): futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x3, 0x801, 0x0, &(0x7f0000000040), 0xfffffffc) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) mlock2(&(0x7f0000495000/0x2000)=nil, 0x2000, 0x0) get_mempolicy(0x0, 0x0, 0x400, &(0x7f0000ffd000/0x2000)=nil, 0x2) socket$nl_route(0x10, 0x3, 0x0) 725.779932ms ago: executing program 2 (id=4783): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x94) ftruncate(r3, 0x2007ffc) 725.388002ms ago: executing program 3 (id=4784): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r2, 0x5) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r3, 0x2) dup3(r3, r2, 0x0) 667.127287ms ago: executing program 2 (id=4787): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000000)='kmem_cache_free\x00', r4}, 0x18) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd7000fedbdf250200000008000100", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8040) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4) 645.638969ms ago: executing program 3 (id=4789): r0 = io_uring_setup(0x21a4, &(0x7f0000000000)={0x0, 0x75f, 0x10, 0x1, 0x11cb}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x18) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 624.17225ms ago: executing program 2 (id=4790): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 594.243893ms ago: executing program 6 (id=4791): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000003c0)='kfree\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x86) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r3 = dup(r2) write$P9_RLERRORu(r3, &(0x7f0000000500)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 593.694773ms ago: executing program 2 (id=4792): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000060000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x18) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20010814) 593.044833ms ago: executing program 3 (id=4793): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='kmem_cache_free\x00', r1, 0x0, 0x9}, 0x18) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000400)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) r2 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r2, 0x84, 0x9, &(0x7f0000000380), 0x98) sendmsg$kcm(r2, &(0x7f00000003c0)={&(0x7f0000000740)=@in={0x2, 0x4e21, @loopback=0x7f0000e0}, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000000880)='\r', 0xfffd}], 0x1}, 0x40) 560.455386ms ago: executing program 3 (id=4794): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000740)='bridge0\x00', 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0xc000, @multicast1}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e23, @empty}}) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0), 0x4) 538.437337ms ago: executing program 6 (id=4795): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r2 = open(&(0x7f0000000100)='./file1\x00', 0x147842, 0x180) preadv2(r2, 0x0, 0x0, 0x0, 0x0, 0x0) 538.136697ms ago: executing program 3 (id=4796): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x2440, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = gettid() timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000380)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setlease(r2, 0x400, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 472.059743ms ago: executing program 4 (id=4798): bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) set_tid_address(0x0) 471.601013ms ago: executing program 4 (id=4799): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='kfree\x00', r1}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f000000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4005}, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 471.288153ms ago: executing program 4 (id=4800): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006980)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) fadvise64(r2, 0xc89, 0x0, 0x5) 464.904383ms ago: executing program 2 (id=4801): r0 = syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0x4d736, 0x1000, 0x3, 0x92}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3, 0xffffffffffffffff}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x80, 0x6000}) io_uring_enter(r0, 0x1c3a, 0xe176, 0x22, 0x0, 0x0) 455.973134ms ago: executing program 4 (id=4802): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter\x00') utimensat(r2, 0x0, 0x0, 0x0) 397.983929ms ago: executing program 4 (id=4803): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000001a80)=0x5, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c) 397.647839ms ago: executing program 4 (id=4804): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98) splice(r0, 0x0, r4, 0x0, 0x80, 0x4) write(r2, 0x0, 0x0) 397.377989ms ago: executing program 2 (id=4805): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x11c0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file4\x00', 0x1, 0x20) openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file4\x00', &(0x7f00000000c0)={0x8a001, 0x0, 0x20}, 0x18) 236.190062ms ago: executing program 6 (id=4806): r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r0, 0x28, 0x1, &(0x7f0000000380)=0xffffffff00000041, 0x8) bind$vsock_stream(r0, &(0x7f0000000940)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x10001, 0x0) 180.880926ms ago: executing program 6 (id=4807): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) process_madvise(r3, 0x0, 0x0, 0x17, 0x0) 160.605728ms ago: executing program 6 (id=4808): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 0s ago: executing program 6 (id=4809): r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_mount_image$iso9660(&(0x7f0000000780), &(0x7f0000000080)='./file0\x00', 0x21488b, &(0x7f0000000100)=ANY=[], 0x1, 0x66e, &(0x7f0000001880)="$eJzs3V1rG9kdx/HfyLIseyGUtiwh5OEk6YJDU0WSNw4ihVYdjezZShoxI7c2FJZ0Yy8hcrZNUmh8E3LTB9i+gb3bm6X0RRR63XfRy8LS3hV6M2WeLNvSWHYiO7vb78es52jmP3P+Z0Y7/4wljQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGTZrWq1Zqnj9jY2TT675XvdY5YnW5vXraRxa0JXXxzqV7Ki/1Qu62Iy6+J3R4vfjX7d0OXk0WWVo0lZe++8+6373ykWsvWPSeh1KJROsM1SmqQxz17sPX4wHG4/nXEiXwEqnCBozem5ged2m2uOcQPPNFZXq3fW24FpuyUFW8HA6RrbdwoDzzfL9i1TazRWjFPZ8jZ6a61mx8lm3vtBvVpdNR8spHv2zgeVwF53Ox23txbHRIujmHvm018kIU6za8zOo+H2yrQko6DaSYLq04Lq1Xq9VqvXa6t3G3fvVavFsRnVIzQWMfMnLb5mZnfyBt5QIar//7CkjsrqaUObMhN/bLXky1M3Z3kqq//v3XGO7fdg/c+q/MXR4kuK6//V5NHVvPqfk4uRiVeYtMTKmf96P8/0Qnt6rAcaaqhtPZ3Ndq/NLsOz/VmTipKrQJ5cddXUmpzFbI5RQ6taVVUfal1tBTJqy1VHjgJtKdBAjrrxMfHlqBm3IsuydUtGNTXU0IqMHFW0JU8b6mlNLTX1nzAMd/Qo3u8rx+SoLKh2kqD6MUF59f+XL5Osp9Z/S9T/b7Ts/HWSGOCtC9Pr/1O6djbZAAAAAACAs2DFf3234tfur0gK1XY7TvVtpwUAAAAAAGYofuX/cjSZj1pXZOVc/4fnnxsAAAAAAJgNK/6MnSVpKX5TvzX6JNRJ3gQwdw4pAgAAAACANxS//n+1JIXxvdeuyTrV9T8AAAAAAPga+MOBe+wXs3vshtnL+gVJQX/B+uu/FuTPW6/6m9+zdpvRkuZuGjP2DoBB+5J1Ib1RbzwpSYof2c5l60oSlN4E08pW/3Jn2r3+Lf9IAqW57M8X0xJYLaaP9KmuJzHXy8n04V5B8ZKkl6W223Eqtte5X1OzeaEwcDYHv3ny6LeSvz/OnUfD7cpHnwwfxrm8ima92o3yeHkoncKhXF5qLJfnSvfFlYkjXlQ76/KPve6SFfdbzcY/p+Zu4WBHJxv/73QjibmxlEyX9pTuiXj85Wj8tUp8yEajj0b12Z9Ho68dHfmkA5GTRTnOQlqPYm4u30wmWX5pFt+fk+qVo8egFD0FR/uifjCL6fvC+vfYvriZxORlEe2LlSiLv0UbGj0TDmWxcrosxo4IALwtO6MqFN/EfPwe+0fr7uuc5aZX9x8f7uX5Z2HygcM5qZi+NnFsL2VFZ/TleNsqKT6xFi/tn2V3r2dn9GpaV8rKOaNX36C6RX39ZfQdSGnaY3Xlv2EY3q/F/f5pv9+kqn4erfB5br9Bpz4XjfDO891fxTfAj3y8/fH2k3p9ZbX6frV6t675eBjphNoDAJhg+nfsTI2w3t+/qn74z/eS1qGK9+39txRU9JE+0VAPdTv7CoFrk7e6dOBtCLfHr1qj2EWl/wpJY9+JHt/OvaqLa2my3Z9vlX6UBMW/55WtcrhSj3JYOctDAADAubvRSBs5dfgk9f92fN0tafnSgevu/Wv2I7X86DcE59Xc2rntAwAA/t84/pfW0uD3lu+7/Q9rjUatOVh3jO/ZPzW+21pzjNsbOL693uytOabvewPP9jqm72vBbTmBCTb6fc8fmLbnm74XuJum7XYck371e+B0m72Bawf9jtMMHGN7vUHTHpiWG9imv/GTjhusO368ctB3bLft2s2B6/VM4G34tlMxJnCcA4Fuy+kN3LYbNXum77vdpr9lfuZ1NrqOaTmB7bv9gZdsMOvL7bU9vxtvtqLw1F90CADAN9GzF3uPHwyH20/zGvEV/ZSYUaM0aYNZX7ziDADAV8N4lc5VPpeEAAAAAAAAAAAAAAAAAAAAAADAmOkf6TtlY37ShwWl/Tm/vnCi7ViadWKnaRRef/W/HxOzuD8n2/0HY14dXSsMw/iezGc4UiWN4uy3vHiaj43OoPHDnWSP5sZECycuWtg/FsXZ/+8QNZ58kbMoDMPw+NUXDu/D0nEDPNwoSnpaeoND8FZORwDO0f8CAAD//y/BQEY=") open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000020000001d"], 0x8840) open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0xc2) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) recvmsg(r0, 0x0, 0x10000) kernel console output (not intermixed with test programs): 2228 comm="syz.2.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 142.878124][ T29] audit: type=1326 audit(1755343721.149:7468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12228 comm="syz.2.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 142.901727][ T29] audit: type=1326 audit(1755343721.149:7469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12228 comm="syz.2.3580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 142.928992][T12233] netlink: 'syz.4.3581': attribute type 1 has an invalid length. [ 142.946205][T12233] 8021q: adding VLAN 0 to HW filter on device bond2 [ 142.970490][T12233] bond2: (slave veth7): Enslaving as an active interface with a down link [ 142.989428][T12233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.996862][T12233] bond2: (slave batadv0): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 143.366801][T12267] SELinux: failed to load policy [ 143.388186][T12274] loop3: detected capacity change from 0 to 512 [ 143.400379][T12274] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.412964][T12274] ext4 filesystem being mounted at /719/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 143.443881][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.482410][T12284] loop3: detected capacity change from 0 to 512 [ 143.510722][T12284] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.523291][T12284] ext4 filesystem being mounted at /720/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 143.539840][T12284] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3603: corrupted inode contents [ 143.554854][T12284] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.3603: mark_inode_dirty error [ 143.571027][T12284] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3603: corrupted inode contents [ 143.605357][T12294] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3603: corrupted inode contents [ 143.632678][T12294] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.3603: mark_inode_dirty error [ 143.647697][T12294] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.3603: corrupted inode contents [ 143.674412][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.684266][T12300] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3610'. [ 143.693240][T12300] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.971782][T12319] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12319 comm=syz.2.3619 [ 144.021622][T12323] loop2: detected capacity change from 0 to 2048 [ 144.043377][T12323] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 144.099991][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 144.191891][T12341] netlink: '+}[@': attribute type 1 has an invalid length. [ 144.199188][T12341] netlink: 198116 bytes leftover after parsing attributes in process `+}[@'. [ 144.232653][ T3420] hid_parser_main: 18 callbacks suppressed [ 144.232683][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.246192][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.253905][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.261386][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.268883][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.276290][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.283761][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.291218][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.298656][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.306041][ T3420] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 144.344393][ T3420] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz1 [ 144.801341][T12362] netlink: 'syz.5.3633': attribute type 1 has an invalid length. [ 144.819851][T12364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3635'. [ 144.887414][T12376] netlink: 'syz.3.3639': attribute type 1 has an invalid length. [ 144.928835][T12376] 8021q: adding VLAN 0 to HW filter on device bond3 [ 144.945339][T12381] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 144.957105][T12381] bond3: (slave batadv2): making interface the new active one [ 144.978502][T12381] bond3: (slave batadv2): Enslaving as an active interface with an up link [ 145.082633][T12389] loop3: detected capacity change from 0 to 8192 [ 145.145277][T12395] syzkaller1: entered promiscuous mode [ 145.151160][T12395] syzkaller1: entered allmulticast mode [ 145.162860][T12394] syzkaller1: entered promiscuous mode [ 145.168357][T12394] syzkaller1: entered allmulticast mode [ 145.236784][T12411] netlink: 'syz.5.3654': attribute type 1 has an invalid length. [ 145.282089][T12417] netlink: 'syz.0.3658': attribute type 1 has an invalid length. [ 145.295725][T12417] 8021q: adding VLAN 0 to HW filter on device bond2 [ 145.316927][T12417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.325598][T12417] bond2: (slave batadv0): making interface the new active one [ 145.334845][T12417] bond2: (slave batadv0): Enslaving as an active interface with an up link [ 145.433481][T12429] sch_tbf: peakrate 64 is lower than or equals to rate 17038211371681383082 ! [ 145.455987][T12432] random: crng reseeded on system resumption [ 145.503766][T12435] netlink: 'syz.0.3666': attribute type 27 has an invalid length. [ 145.530365][T12435] bond0: left promiscuous mode [ 145.535143][T12435] bond_slave_0: left promiscuous mode [ 145.540741][T12435] bond_slave_1: left promiscuous mode [ 145.546200][T12435] team0: left promiscuous mode [ 145.550982][T12435] team_slave_0: left promiscuous mode [ 145.556469][T12435] team_slave_1: left promiscuous mode [ 145.562112][T12435] bond0: left allmulticast mode [ 145.567055][T12435] bond_slave_0: left allmulticast mode [ 145.572533][T12435] bond_slave_1: left allmulticast mode [ 145.577988][T12435] team0: left allmulticast mode [ 145.582877][T12435] team_slave_0: left allmulticast mode [ 145.588340][T12435] team_slave_1: left allmulticast mode [ 145.598506][T12435] team1: left promiscuous mode [ 145.603473][T12435] team1: left allmulticast mode [ 145.611737][T12437] syzkaller1: entered promiscuous mode [ 145.617260][T12437] syzkaller1: entered allmulticast mode [ 145.765106][T12442] syzkaller1: entered promiscuous mode [ 145.770766][T12442] syzkaller1: entered allmulticast mode [ 145.807483][T12448] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3671'. [ 145.855316][T12452] netlink: 'syz.4.3672': attribute type 1 has an invalid length. [ 145.869492][T12452] 8021q: adding VLAN 0 to HW filter on device bond3 [ 145.888361][T12452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.897363][T12452] bond3: (slave batadv0): making interface the new active one [ 145.906371][T12452] bond3: (slave batadv0): Enslaving as an active interface with an up link [ 145.921590][T12458] netlink: 240 bytes leftover after parsing attributes in process `syz.5.3670'. [ 145.947142][T12460] netlink: 'syz.4.3674': attribute type 1 has an invalid length. [ 145.969601][T12460] 8021q: adding VLAN 0 to HW filter on device bond4 [ 145.984163][T12463] 9pnet_fd: Insufficient options for proto=fd [ 145.991221][T12465] pim6reg1: entered promiscuous mode [ 145.996538][T12465] pim6reg1: entered allmulticast mode [ 146.013920][T12460] bond4: (slave veth9): Enslaving as an active interface with a down link [ 146.025636][T12467] loop5: detected capacity change from 0 to 512 [ 146.035205][T12460] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 146.042585][T12460] bond4: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open [ 146.063897][T12467] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.080524][T12467] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.091774][T12467] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.104399][T12472] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 146.140229][T12476] loop5: detected capacity change from 0 to 1024 [ 146.156374][T12476] EXT4-fs: Ignoring removed orlov option [ 146.182118][T12476] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.244456][T11828] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.294954][T12493] 0{X: left allmulticast mode [ 146.316258][T12495] netlink: 'syz.5.3687': attribute type 1 has an invalid length. [ 146.319201][T12493] dummy0: left promiscuous mode [ 146.331112][T12493] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 146.532514][T12515] loop2: detected capacity change from 0 to 512 [ 146.550561][T12515] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3694: bg 0: block 248: padding at end of block bitmap is not set [ 146.566340][T12515] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3694: Failed to acquire dquot type 1 [ 146.578451][T12515] EXT4-fs (loop2): 1 truncate cleaned up [ 146.584638][T12515] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.597328][T12515] ext4 filesystem being mounted at /706/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.611498][T12515] EXT4-fs (loop2): shut down requested (1) [ 146.627086][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.888262][T12535] netlink: 'syz.3.3706': attribute type 1 has an invalid length. [ 146.903987][T12535] 8021q: adding VLAN 0 to HW filter on device bond4 [ 146.923347][T12540] netlink: 'syz.2.3708': attribute type 13 has an invalid length. [ 146.959744][T12540] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 146.979167][T12535] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 146.990629][T12535] bond4: (slave batadv3): making interface the new active one [ 146.999763][T12535] bond4: (slave batadv3): Enslaving as an active interface with an up link [ 147.268013][T12571] sctp: [Deprecated]: syz.4.3721 (pid 12571) Use of int in maxseg socket option. [ 147.268013][T12571] Use struct sctp_assoc_value instead [ 147.318173][T12575] netlink: 'syz.0.3723': attribute type 1 has an invalid length. [ 147.405841][T12575] 8021q: adding VLAN 0 to HW filter on device bond3 [ 147.495566][T12582] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 147.520113][T12582] bond3: (slave batadv1): making interface the new active one [ 147.541100][T12587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3727'. [ 147.554101][T12582] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 147.644123][ T29] kauditd_printk_skb: 914 callbacks suppressed [ 147.644202][ T29] audit: type=1326 audit(1755343982.006:8382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.674079][ T29] audit: type=1326 audit(1755343982.006:8383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.700483][ T29] audit: type=1326 audit(1755343982.066:8384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.724126][ T29] audit: type=1326 audit(1755343982.066:8385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.747660][ T29] audit: type=1326 audit(1755343982.066:8386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.771283][ T29] audit: type=1326 audit(1755343982.066:8387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.794884][ T29] audit: type=1326 audit(1755343982.066:8388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.818696][ T29] audit: type=1326 audit(1755343982.066:8389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.842233][ T29] audit: type=1326 audit(1755343982.066:8390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.865763][ T29] audit: type=1326 audit(1755343982.066:8391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12592 comm="syz.5.3729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a4344ebe9 code=0x7ffc0000 [ 147.927536][T12605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3735'. [ 147.943873][T12605] netlink: 'syz.3.3735': attribute type 2 has an invalid length. [ 148.113549][T12624] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3743'. [ 148.133932][T12624] netlink: 5448 bytes leftover after parsing attributes in process `syz.3.3743'. [ 148.536390][T12655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.590465][T12655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.622002][T12667] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3763'. [ 148.631078][T12667] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3763'. [ 148.670254][T12675] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.730564][T12675] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.770428][T12675] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.829776][T12675] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.886390][ T3624] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.905224][ T3636] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.917475][ T3636] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.948464][T12690] loop2: detected capacity change from 0 to 512 [ 148.948496][ T3636] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.966853][T12690] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.3772: casefold flag without casefold feature [ 148.981014][T12690] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.3772: couldn't read orphan inode 15 (err -117) [ 148.994673][T12690] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.027201][T12698] pim6reg1: entered promiscuous mode [ 149.032697][T12698] pim6reg1: entered allmulticast mode [ 149.051880][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.067025][T12700] 9pnet_fd: Insufficient options for proto=fd [ 149.091367][T12704] netem: change failed [ 149.092777][T12703] loop5: detected capacity change from 0 to 512 [ 149.118529][T12703] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.139235][T12703] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.208337][T12720] team2: entered promiscuous mode [ 149.213468][T12720] team2: entered allmulticast mode [ 149.361524][T11828] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.613007][T12739] loop5: detected capacity change from 0 to 128 [ 149.703338][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.703338][ T3624] loop5: rw=1, sector=145, nr_sectors = 8 limit=128 [ 149.716983][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.716983][ T3624] loop5: rw=1, sector=161, nr_sectors = 8 limit=128 [ 149.730548][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.730548][ T3624] loop5: rw=1, sector=177, nr_sectors = 8 limit=128 [ 149.744276][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.744276][ T3624] loop5: rw=1, sector=193, nr_sectors = 8 limit=128 [ 149.758021][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.758021][ T3624] loop5: rw=1, sector=209, nr_sectors = 8 limit=128 [ 149.772124][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.772124][ T3624] loop5: rw=1, sector=225, nr_sectors = 8 limit=128 [ 149.785833][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.785833][ T3624] loop5: rw=1, sector=241, nr_sectors = 8 limit=128 [ 149.799387][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.799387][ T3624] loop5: rw=1, sector=257, nr_sectors = 8 limit=128 [ 149.813284][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.813284][ T3624] loop5: rw=1, sector=273, nr_sectors = 8 limit=128 [ 149.827001][ T3624] kworker/u8:25: attempt to access beyond end of device [ 149.827001][ T3624] loop5: rw=1, sector=289, nr_sectors = 8 limit=128 [ 150.072601][T12759] __nla_validate_parse: 2 callbacks suppressed [ 150.072634][T12759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3802'. [ 150.432293][T12779] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 150.442220][T12779] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.468236][T12781] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3810'. [ 150.481062][T12781] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.502650][T12779] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 150.512426][T12779] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.590239][T12779] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 150.600050][T12779] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.701993][T12779] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 150.711835][T12779] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.787518][ T3624] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 150.795751][ T3624] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.838931][ T3624] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 150.840151][T12789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3813'. [ 150.847161][ T3624] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.906656][T12789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3813'. [ 150.922246][ T3624] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 150.930460][ T3624] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.953509][T12793] loop4: detected capacity change from 0 to 1024 [ 150.970994][ T3624] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 150.979316][ T3624] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.003449][T12793] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 151.014395][T12793] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 151.051293][T12793] JBD2: no valid journal superblock found [ 151.057063][T12793] EXT4-fs (loop4): Could not load journal inode [ 151.112856][T12793] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3815'. [ 151.975979][T12810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3823'. [ 151.994462][T12816] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3826'. [ 152.001151][T12810] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.033261][T12821] cgroup: fork rejected by pids controller in /syz0 [ 152.040970][T12810] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.091305][T12818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3828'. [ 152.140406][T12828] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3830'. [ 152.253780][ T3388] kernel write not supported for file /1735/attr/exec (pid: 3388 comm: kworker/0:3) [ 152.411570][T12855] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3842'. [ 152.514450][ T3668] bridge_slave_1: left allmulticast mode [ 152.520245][ T3668] bridge_slave_1: left promiscuous mode [ 152.525948][ T3668] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.559989][ T3668] bridge_slave_0: left allmulticast mode [ 152.565656][ T3668] bridge_slave_0: left promiscuous mode [ 152.571376][ T3668] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.793790][ T3668] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 152.805349][ T3668] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 152.814801][ T3668] bond0 (unregistering): (slave team0): Releasing backup interface [ 152.823297][ T3668] bond0 (unregistering): Released all slaves [ 152.832333][ T3668] bond1 (unregistering): (slave veth7): Releasing active interface [ 152.840659][ T3668] bond1 (unregistering): Released all slaves [ 152.849630][ T3668] bond2 (unregistering): (slave batadv0): Releasing active interface [ 152.858151][ T3668] bond2 (unregistering): Released all slaves [ 152.869478][ T3668] bond3 (unregistering): (slave batadv1): Releasing active interface [ 152.878299][ T3668] bond3 (unregistering): Released all slaves [ 152.945666][ T3668] hsr_slave_0: left promiscuous mode [ 152.953745][ T3668] hsr_slave_1: left promiscuous mode [ 152.995283][ T3668] team0 (unregistering): Port device team_slave_1 removed [ 153.005951][ T3668] team0 (unregistering): Port device team_slave_0 removed [ 153.063592][T12847] chnl_net:caif_netlink_parms(): no params data found [ 153.108432][T12847] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.116090][T12847] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.125983][T12847] bridge_slave_0: entered allmulticast mode [ 153.132717][T12847] bridge_slave_0: entered promiscuous mode [ 153.141913][T12847] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.149064][T12847] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.157444][T12847] bridge_slave_1: entered allmulticast mode [ 153.166329][T12847] bridge_slave_1: entered promiscuous mode [ 153.185543][T12847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.202409][T12847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.224382][T12847] team0: Port device team_slave_0 added [ 153.231303][T12847] team0: Port device team_slave_1 added [ 153.249767][T12847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.256736][T12847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.282691][T12847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.294772][T12847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.301810][T12847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.327783][T12847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.356160][T12847] hsr_slave_0: entered promiscuous mode [ 153.362382][T12847] hsr_slave_1: entered promiscuous mode [ 153.368457][T12847] debugfs: 'hsr0' already exists in 'hsr' [ 153.374227][T12847] Cannot create hsr debugfs directory [ 153.500158][ T3668] ------------[ cut here ]------------ [ 153.505659][ T3668] WARNING: CPU: 1 PID: 3668 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0 [ 153.515375][ T3668] Modules linked in: [ 153.519353][ T3668] CPU: 1 UID: 0 PID: 3668 Comm: kworker/u8:65 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 153.531754][ T3668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 153.542004][ T3668] Workqueue: netns cleanup_net [ 153.546818][ T3668] RIP: 0010:xfrm_state_fini+0x17c/0x1f0 [ 153.552506][ T3668] Code: 48 8d bb 30 0e 00 00 e8 12 10 bd fc 48 8b bb 30 0e 00 00 e8 d6 90 c9 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 65 52 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 57 52 a2 fc 90 0f 0b 90 4c 89 f7 e8 db [ 153.572193][ T3668] RSP: 0018:ffffc90001387c60 EFLAGS: 00010293 [ 153.578324][ T3668] RAX: ffffffff84b5a76b RBX: ffff888118490000 RCX: ffff88811ba51080 [ 153.586382][ T3668] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888118490e00 [ 153.594435][ T3668] RBP: ffffffff86c8b7a0 R08: 0001ffff86847f7f R09: 0000000000000000 [ 153.602547][ T3668] R10: ffffc90001387be8 R11: 0001c90001387be8 R12: ffffffff86c8b7c0 [ 153.610630][ T3668] R13: ffff888118490028 R14: ffff888118490e00 R15: ffff888118490000 [ 153.618641][ T3668] FS: 0000000000000000(0000) GS:ffff8882aef44000(0000) knlGS:0000000000000000 [ 153.627629][ T3668] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 153.634264][ T3668] CR2: 00007fe8f3782e9c CR3: 0000000105444000 CR4: 00000000003506f0 [ 153.642274][ T3668] Call Trace: [ 153.645570][ T3668] [ 153.648509][ T3668] xfrm_net_exit+0x2d/0x60 [ 153.653042][ T3668] ops_undo_list+0x278/0x410 [ 153.657742][ T3668] cleanup_net+0x2de/0x4d0 [ 153.662318][ T3668] process_scheduled_works+0x4cb/0x9d0 [ 153.667852][ T3668] worker_thread+0x582/0x770 [ 153.672815][ T3668] kthread+0x489/0x510 [ 153.676924][ T3668] ? finish_task_switch+0xad/0x2b0 [ 153.682162][ T3668] ? __pfx_worker_thread+0x10/0x10 [ 153.687296][ T3668] ? __pfx_kthread+0x10/0x10 [ 153.691942][ T3668] ret_from_fork+0xda/0x150 [ 153.696463][ T3668] ? __pfx_kthread+0x10/0x10 [ 153.701138][ T3668] ret_from_fork_asm+0x1a/0x30 [ 153.705951][ T3668] [ 153.709010][ T3668] ---[ end trace 0000000000000000 ]--- [ 153.887903][T12847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 153.897137][T12847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 153.908346][T12847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 153.917663][T12847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 153.958427][T12847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.977019][T12847] 8021q: adding VLAN 0 to HW filter on device team0 [ 153.991421][ T3668] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.998497][ T3668] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.021545][ T3668] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.028677][ T3668] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.088022][T12847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.162881][T12847] veth0_vlan: entered promiscuous mode [ 154.171088][T12847] veth1_vlan: entered promiscuous mode [ 154.189929][T12847] veth0_macvtap: entered promiscuous mode [ 154.197048][T12847] veth1_macvtap: entered promiscuous mode [ 154.211175][T12847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 154.224752][T12847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.236174][ T3624] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.245204][ T3624] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.259243][ T332] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.273439][ T332] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.307716][ T29] kauditd_printk_skb: 811 callbacks suppressed [ 154.307731][ T29] audit: type=1400 audit(1755343988.666:9203): avc: denied { mac_admin } for pid=12891 comm="syz.0.3838" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 154.338793][T12892] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 154.348389][ T29] audit: type=1400 audit(1755343988.706:9204): avc: denied { relabelto } for pid=12891 comm="syz.0.3838" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 154.376883][ T29] audit: type=1400 audit(1755343988.706:9205): avc: denied { associate } for pid=12891 comm="syz.0.3838" name="/" dev="cgroup2" ino=1 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0" [ 154.407509][ T29] audit: type=1400 audit(1755343988.756:9206): avc: denied { unmount } for pid=12847 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 155.118704][ T29] audit: type=1326 audit(1755343989.476:9207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12898 comm="syz.2.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 155.142271][ T29] audit: type=1326 audit(1755343989.476:9208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12898 comm="syz.2.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 155.165894][ T29] audit: type=1326 audit(1755343989.476:9209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12898 comm="syz.2.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 155.189494][ T29] audit: type=1326 audit(1755343989.476:9210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12898 comm="syz.2.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 155.213147][ T29] audit: type=1326 audit(1755343989.476:9211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12898 comm="syz.2.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 155.236655][ T29] audit: type=1326 audit(1755343989.476:9212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12898 comm="syz.2.3846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 155.262297][T12897] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3845'. [ 155.281615][T12897] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.289407][T12897] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.318265][T12897] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.325810][T12897] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.363745][T12912] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 155.364088][T12906] loop0: detected capacity change from 0 to 2048 [ 155.393093][T12906] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.633696][T12934] loop5: detected capacity change from 0 to 512 [ 155.678429][T12934] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.704112][T12934] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 155.900081][T12923] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 155.917448][T12923] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 155.929991][T12923] EXT4-fs (loop0): This should not happen!! Data will be lost [ 155.929991][T12923] [ 155.939696][T12923] EXT4-fs (loop0): Total free blocks count 0 [ 155.945694][T12923] EXT4-fs (loop0): Free/Dirty block details [ 155.951673][T12923] EXT4-fs (loop0): free_blocks=2415919104 [ 155.957396][T12923] EXT4-fs (loop0): dirty_blocks=8208 [ 155.962705][T12923] EXT4-fs (loop0): Block reservation details [ 155.968735][T12923] EXT4-fs (loop0): i_reserved_data_blocks=513 [ 156.016407][T11828] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.080511][T12941] loop5: detected capacity change from 0 to 1024 [ 156.087820][T12941] EXT4-fs: Ignoring removed oldalloc option [ 156.096282][T12941] EXT4-fs (loop5): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 156.119827][T12941] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.140446][ T3636] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 156.163781][T12949] bond5: entered allmulticast mode [ 156.171051][T12949] 8021q: adding VLAN 0 to HW filter on device bond5 [ 156.180529][T12949] bridge0: port 4(bond5) entered blocking state [ 156.186927][T12949] bridge0: port 4(bond5) entered disabled state [ 156.196525][T12949] bond5: entered promiscuous mode [ 156.228817][T12941] loop5: detected capacity change from 1024 to 64 [ 156.230064][T12953] EXT4-fs error (device loop5): xattr_find_entry:333: inode #15: comm syz.5.3862: corrupted xattr entries [ 156.250868][T12953] EXT4-fs error (device loop5): get_max_inline_xattr_value_size:74: inode #15: comm syz.5.3862: corrupt xattr in inline inode [ 156.251213][T12958] cgroup: Unknown subsys name 'cpuset' [ 156.281401][T12953] EXT4-fs error (device loop5): xattr_find_entry:333: inode #15: comm syz.5.3862: corrupted xattr entries [ 156.344472][T11828] EXT4-fs error (device loop5): ext4_readdir:264: inode #2: block 16: comm syz-executor: path /50/file1: bad entry in directory: inode out of bounds - offset=0, inode=201326592, rec_len=256, size=1024 fake=0 [ 156.424558][T12747] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.450784][T12944] bio_check_eod: 102 callbacks suppressed [ 156.450803][T12944] kmmpd-loop5: attempt to access beyond end of device [ 156.450803][T12944] loop5: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 156.470245][T12944] Buffer I/O error on dev loop5, logical block 64, lost sync page write [ 156.530134][T12986] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3881'. [ 156.708084][ T3636] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.767380][ T3636] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.810109][T13017] veth11: entered promiscuous mode [ 156.830181][ T3636] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.900918][T13029] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3902'. [ 156.910981][ T3636] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.996136][ T3636] bridge_slave_1: left allmulticast mode [ 157.001853][ T3636] bridge_slave_1: left promiscuous mode [ 157.007464][ T3636] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.017868][T13044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3906'. [ 157.027067][ T3636] bridge_slave_0: left allmulticast mode [ 157.032887][ T3636] bridge_slave_0: left promiscuous mode [ 157.038755][ T3636] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.161673][ T3636] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 157.174810][ T3636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 157.185505][ T3636] bond0 (unregistering): Released all slaves [ 157.194832][T13053] netlink: 'syz.0.3909': attribute type 15 has an invalid length. [ 157.224343][ T3636] hsr_slave_0: left promiscuous mode [ 157.247286][ T3636] hsr_slave_1: left promiscuous mode [ 157.257204][ T3636] veth1_macvtap: left promiscuous mode [ 157.263298][ T3636] veth0_macvtap: left promiscuous mode [ 157.269055][ T3636] veth1_vlan: left promiscuous mode [ 157.276959][ T3636] veth0_vlan: left promiscuous mode [ 157.376146][ T3636] team0 (unregistering): Port device team_slave_1 removed [ 157.397844][ T3636] team0 (unregistering): Port device team_slave_0 removed [ 157.465602][T13066] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 157.550802][T13022] chnl_net:caif_netlink_parms(): no params data found [ 157.623153][T13022] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.630535][T13022] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.641469][T13022] bridge_slave_0: entered allmulticast mode [ 157.648214][T13022] bridge_slave_0: entered promiscuous mode [ 157.658551][T13022] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.665753][T13022] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.675174][T13022] bridge_slave_1: entered allmulticast mode [ 157.725432][T13022] bridge_slave_1: entered promiscuous mode [ 157.763679][T13022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.781970][T13099] hub 2-0:1.0: USB hub found [ 157.792165][T13099] hub 2-0:1.0: 8 ports detected [ 157.798377][T13022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.842181][T13022] team0: Port device team_slave_0 added [ 157.853162][T13022] team0: Port device team_slave_1 added [ 157.877961][T13113] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13113 comm=syz.3.3932 [ 157.903188][T13022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.910196][T13022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.936196][T13022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.951481][T13022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.958428][T13022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.984402][T13022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.071056][T13022] hsr_slave_0: entered promiscuous mode [ 158.077156][T13022] hsr_slave_1: entered promiscuous mode [ 158.083566][T13022] debugfs: 'hsr0' already exists in 'hsr' [ 158.089369][T13022] Cannot create hsr debugfs directory [ 158.172824][T13130] loop2: detected capacity change from 0 to 2048 [ 158.204338][T13022] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 158.224603][T13130] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.236127][T13022] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 158.266890][T13022] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 158.276568][T13022] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 158.443032][T13022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.479680][T13022] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.508984][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.516076][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.548114][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.555206][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.586270][T13144] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 158.602502][T13144] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 158.615090][T13144] EXT4-fs (loop2): This should not happen!! Data will be lost [ 158.615090][T13144] [ 158.624816][T13144] EXT4-fs (loop2): Total free blocks count 0 [ 158.630933][T13144] EXT4-fs (loop2): Free/Dirty block details [ 158.636837][T13144] EXT4-fs (loop2): free_blocks=2415919104 [ 158.642775][T13144] EXT4-fs (loop2): dirty_blocks=8208 [ 158.648160][T13144] EXT4-fs (loop2): Block reservation details [ 158.654180][T13144] EXT4-fs (loop2): i_reserved_data_blocks=513 [ 158.707152][ T3636] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 158.742511][T13022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.966106][T13022] veth0_vlan: entered promiscuous mode [ 158.976329][T13207] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13207 comm=syz.4.3961 [ 158.993317][T13022] veth1_vlan: entered promiscuous mode [ 159.020189][T13022] veth0_macvtap: entered promiscuous mode [ 159.042031][T13022] veth1_macvtap: entered promiscuous mode [ 159.069641][T13022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.083240][T13022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.107988][ T37] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.117672][ T37] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.134967][ T37] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.155967][ T37] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.536341][ T29] kauditd_printk_skb: 128 callbacks suppressed [ 159.536357][ T29] audit: type=1326 audit(1755343993.896:9341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.566113][ T29] audit: type=1326 audit(1755343993.896:9342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.590359][ T29] audit: type=1326 audit(1755343993.896:9343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.613902][ T29] audit: type=1326 audit(1755343993.896:9344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.637519][ T29] audit: type=1326 audit(1755343993.896:9345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.661092][ T29] audit: type=1326 audit(1755343993.896:9346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.684824][ T29] audit: type=1326 audit(1755343993.896:9347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.708505][ T29] audit: type=1326 audit(1755343993.896:9348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.732010][ T29] audit: type=1326 audit(1755343993.896:9349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 159.755545][ T29] audit: type=1326 audit(1755343993.896:9350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13236 comm="syz.2.3972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 160.002714][T13269] hub 2-0:1.0: USB hub found [ 160.007685][T13269] hub 2-0:1.0: 8 ports detected [ 160.211796][T13284] SELinux: failed to load policy [ 160.834108][T13323] SELinux: failed to load policy [ 160.897034][T13338] netlink: 'syz.4.4009': attribute type 5 has an invalid length. [ 160.911554][T13341] loop3: detected capacity change from 0 to 1024 [ 160.940804][T13341] EXT4-fs (loop3): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 160.955352][T13341] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 160.967439][T13341] EXT4-fs (loop3): orphan cleanup on readonly fs [ 160.974302][T13341] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 160.989027][T13341] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 160.996010][T13341] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.4011: Freeing blocks not in datazone - block = 0, count = 4096 [ 161.010805][T13341] EXT4-fs (loop3): Remounting filesystem read-only [ 161.023978][T13341] EXT4-fs (loop3): 1 orphan inode deleted [ 161.032901][T13341] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 161.303201][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.414919][T13400] SELinux: failed to load policy [ 161.725747][T13465] netlink: 'syz.0.4028': attribute type 4 has an invalid length. [ 161.740946][T13469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4029'. [ 161.761107][T13469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4029'. [ 161.803627][T13469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4029'. [ 161.814045][T13469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4029'. [ 161.825604][T13475] usb usb8: usbfs: process 13475 (syz.3.4029) did not claim interface 0 before use [ 161.850982][T13469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4029'. [ 161.861659][T13469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4029'. [ 162.131090][T13500] netlink: '+}[@': attribute type 1 has an invalid length. [ 162.138329][T13500] netlink: 198116 bytes leftover after parsing attributes in process `+}[@'. [ 162.221173][T13504] loop4: detected capacity change from 0 to 2048 [ 162.242776][T13504] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.262051][T13508] hub 2-0:1.0: USB hub found [ 162.271663][T13508] hub 2-0:1.0: 8 ports detected [ 162.613906][T13516] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 162.644839][T13516] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 162.646494][T13532] loop6: detected capacity change from 0 to 2048 [ 162.657430][T13516] EXT4-fs (loop4): This should not happen!! Data will be lost [ 162.657430][T13516] [ 162.673588][T13516] EXT4-fs (loop4): Total free blocks count 0 [ 162.679641][T13516] EXT4-fs (loop4): Free/Dirty block details [ 162.685627][T13516] EXT4-fs (loop4): free_blocks=2415919104 [ 162.691397][T13516] EXT4-fs (loop4): dirty_blocks=8208 [ 162.696709][T13516] EXT4-fs (loop4): Block reservation details [ 162.702734][T13516] EXT4-fs (loop4): i_reserved_data_blocks=513 [ 162.748954][T13540] loop2: detected capacity change from 0 to 2048 [ 162.755715][T13540] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 162.764393][T13532] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 162.795855][T13022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 162.885099][ T37] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 162.904301][T13551] hub 2-0:1.0: USB hub found [ 162.909541][T13551] hub 2-0:1.0: 8 ports detected [ 163.003989][T13567] loop3: detected capacity change from 0 to 512 [ 163.020862][T13567] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 163.040340][T13567] EXT4-fs (loop3): invalid journal inode [ 163.054036][T13567] EXT4-fs (loop3): can't get journal size [ 163.066793][T13567] EXT4-fs (loop3): 1 truncate cleaned up [ 163.074739][T13567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.130966][ T9028] hid_parser_main: 33 callbacks suppressed [ 163.130987][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.144382][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.151964][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.159430][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.166839][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.174372][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.181800][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.189258][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.196758][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.204178][ T9028] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 163.217019][ T9028] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz1 [ 163.254974][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.217099][T13684] loop6: detected capacity change from 0 to 2048 [ 164.236479][T13689] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13689 comm=syz.4.4075 [ 164.293310][T13684] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 164.643056][ T29] kauditd_printk_skb: 673 callbacks suppressed [ 164.643073][ T29] audit: type=1326 audit(1755344767.006:10024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.705060][T13704] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 164.727143][ T29] audit: type=1326 audit(1755344767.006:10025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.750790][ T29] audit: type=1326 audit(1755344767.006:10026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.774412][ T29] audit: type=1326 audit(1755344767.006:10027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.798521][ T29] audit: type=1326 audit(1755344767.006:10028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.822205][ T29] audit: type=1326 audit(1755344767.006:10029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.845838][ T29] audit: type=1326 audit(1755344767.006:10030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.869487][ T29] audit: type=1326 audit(1755344767.006:10031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.893152][ T29] audit: type=1326 audit(1755344767.006:10032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 164.916902][ T29] audit: type=1326 audit(1755344767.006:10033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13701 comm="syz.2.4078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4ec8b0ebe9 code=0x7ffc0000 [ 165.002576][T13715] random: crng reseeded on system resumption [ 165.010197][T13694] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 165.070850][T13694] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 165.083339][T13694] EXT4-fs (loop6): This should not happen!! Data will be lost [ 165.083339][T13694] [ 165.093088][T13694] EXT4-fs (loop6): Total free blocks count 0 [ 165.099252][T13694] EXT4-fs (loop6): Free/Dirty block details [ 165.105155][T13694] EXT4-fs (loop6): free_blocks=2415919104 [ 165.111081][T13694] EXT4-fs (loop6): dirty_blocks=8208 [ 165.116387][T13694] EXT4-fs (loop6): Block reservation details [ 165.122399][T13694] EXT4-fs (loop6): i_reserved_data_blocks=513 [ 165.163174][ T3635] EXT4-fs (loop6): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 165.332872][T13727] loop0: detected capacity change from 0 to 512 [ 165.370900][T13727] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.427484][T13727] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.449668][T13727] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.556563][T13747] netlink: 'syz.0.4097': attribute type 5 has an invalid length. [ 165.713317][T13766] netlink: 'syz.3.4104': attribute type 27 has an invalid length. [ 165.726081][T13766] sit0: left promiscuous mode [ 165.730828][T13766] sit0: left allmulticast mode [ 165.739375][T13766] geneve2: left promiscuous mode [ 165.744984][T13766] team1: left promiscuous mode [ 165.749880][T13766] team1: left allmulticast mode [ 165.802980][T13773] loop6: detected capacity change from 0 to 512 [ 165.822329][T13773] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.843451][T13773] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.854657][T13773] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.067547][T13786] loop3: detected capacity change from 0 to 512 [ 166.099935][T13786] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.4112: bg 0: block 248: padding at end of block bitmap is not set [ 166.126437][T13786] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.4112: Failed to acquire dquot type 1 [ 166.140121][T13786] EXT4-fs (loop3): 1 truncate cleaned up [ 166.146226][T13786] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.164321][T13786] ext4 filesystem being mounted at /850/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.184280][T13786] EXT4-fs (loop3): shut down requested (1) [ 166.202909][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.269585][T13805] loop4: detected capacity change from 0 to 1024 [ 166.284617][T13805] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 166.330151][T13805] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 166.353464][T13805] EXT4-fs (loop4): orphan cleanup on readonly fs [ 166.361590][T13805] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 166.376194][T13805] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 166.388754][T13805] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.4119: Freeing blocks not in datazone - block = 0, count = 4096 [ 166.417944][T13805] EXT4-fs (loop4): Remounting filesystem read-only [ 166.421893][T13815] loop6: detected capacity change from 0 to 1024 [ 166.428147][T13805] EXT4-fs (loop4): 1 orphan inode deleted [ 166.445858][T13805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 166.452212][T13815] EXT4-fs: Ignoring removed orlov option [ 166.526055][T13815] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.542849][T13824] loop3: detected capacity change from 0 to 512 [ 166.585096][T13824] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.4127: corrupted inode contents [ 166.603495][T13824] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #16: comm syz.3.4127: mark_inode_dirty error [ 166.617359][T13824] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.4127: corrupted inode contents [ 166.629522][T13824] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.4127: mark_inode_dirty error [ 166.648662][T13824] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.4127: corrupted inode contents [ 166.662800][T13824] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 166.672226][T13824] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #16: comm syz.3.4127: corrupted inode contents [ 166.685818][T13824] EXT4-fs error (device loop3): ext4_truncate:4666: inode #16: comm syz.3.4127: mark_inode_dirty error [ 166.697219][T13824] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 166.710579][T13824] EXT4-fs (loop3): 1 truncate cleaned up [ 166.717071][T13824] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.718320][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.729590][T13824] ext4 filesystem being mounted at /853/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.751187][ T332] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 1 [ 166.784104][T13833] loop0: detected capacity change from 0 to 512 [ 166.802730][T13824] ALSA: seq fatal error: cannot create timer (-22) [ 166.810661][T13833] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.4129: bg 0: block 248: padding at end of block bitmap is not set [ 166.863006][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.886353][T13833] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4129: Failed to acquire dquot type 1 [ 166.909090][T13833] EXT4-fs (loop0): 1 truncate cleaned up [ 166.915733][T13833] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.928636][T13833] ext4 filesystem being mounted at /70/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 166.942716][T13833] EXT4-fs (loop0): shut down requested (1) [ 166.980187][T12847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.999677][T13848] loop3: detected capacity change from 0 to 512 [ 167.011682][T13848] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.034553][ T9027] hid-generic 0008:0006:0007.0009: hidraw0: HID v0.0b Device [syz1] on syz1 [ 167.079924][T13848] ext4 filesystem being mounted at /855/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.091362][T13022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.101179][T13848] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.169132][T13868] random: crng reseeded on system resumption [ 167.207882][T13873] loop6: detected capacity change from 0 to 128 [ 167.245793][T13879] loop6: detected capacity change from 0 to 512 [ 167.287492][T13879] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.4149: bg 0: block 248: padding at end of block bitmap is not set [ 167.305794][T13879] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.4149: Failed to acquire dquot type 1 [ 167.337414][T13879] EXT4-fs (loop6): 1 truncate cleaned up [ 167.346552][T13879] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.383326][T13879] ext4 filesystem being mounted at /36/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.401905][T13879] EXT4-fs (loop6): shut down requested (1) [ 167.421838][T13022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.454228][T13893] loop6: detected capacity change from 0 to 512 [ 167.470513][T13893] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2 [ 167.481412][T13893] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #13: comm syz.6.4153: invalid indirect mapped block 2683928664 (level 1) [ 167.496076][T13893] EXT4-fs (loop6): Remounting filesystem read-only [ 167.503056][T13893] EXT4-fs (loop6): 1 truncate cleaned up [ 167.509488][T13893] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.555600][T13022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.619159][T13904] netlink: 'syz.6.4169': attribute type 13 has an invalid length. [ 167.632228][T13906] random: crng reseeded on system resumption [ 167.665351][T13904] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 167.817042][T13912] loop2: detected capacity change from 0 to 512 [ 167.834846][T13912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.847914][T13912] ext4 filesystem being mounted at /787/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.862228][T13912] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.915631][T13926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.924722][T13926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.995234][T13934] random: crng reseeded on system resumption [ 168.025831][T13936] loop4: detected capacity change from 0 to 512 [ 168.037957][T13938] loop2: detected capacity change from 0 to 1024 [ 168.045436][T13938] EXT4-fs: Ignoring removed orlov option [ 168.054833][T13936] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.4172: bg 0: block 248: padding at end of block bitmap is not set [ 168.072353][T13936] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4172: Failed to acquire dquot type 1 [ 168.084463][T13936] EXT4-fs (loop4): 1 truncate cleaned up [ 168.087460][T13938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.093282][T13936] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.116785][T13936] ext4 filesystem being mounted at /810/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.136877][T13936] EXT4-fs (loop4): shut down requested (1) [ 168.153468][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.163954][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.210506][T13956] loop2: detected capacity change from 0 to 512 [ 168.220663][T13959] loop4: detected capacity change from 0 to 512 [ 168.231951][T13959] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.232216][T13956] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.4189: bg 0: block 248: padding at end of block bitmap is not set [ 168.244900][T13959] ext4 filesystem being mounted at /812/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.261756][T13956] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4189: Failed to acquire dquot type 1 [ 168.270506][T13959] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.283729][T13956] EXT4-fs (loop2): 1 truncate cleaned up [ 168.296033][T13956] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.308797][T13956] ext4 filesystem being mounted at /791/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.336059][T13956] EXT4-fs (loop2): shut down requested (1) [ 168.357886][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.483091][T13980] loop6: detected capacity change from 0 to 1024 [ 168.503814][T13980] EXT4-fs (loop6): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 168.529192][T13980] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 168.549212][T13980] EXT4-fs (loop6): orphan cleanup on readonly fs [ 168.563388][T13980] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 168.578055][T13980] EXT4-fs (loop6): Cannot turn on quotas: error -22 [ 168.618045][T13980] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.4187: Freeing blocks not in datazone - block = 0, count = 4096 [ 168.633915][T13980] EXT4-fs (loop6): Remounting filesystem read-only [ 168.640553][T13980] EXT4-fs (loop6): 1 orphan inode deleted [ 168.646706][T13980] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 168.709384][T13988] loop3: detected capacity change from 0 to 512 [ 168.745426][T13988] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.771218][T13988] ext4 filesystem being mounted at /869/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 168.787424][T13993] loop2: detected capacity change from 0 to 512 [ 168.798675][T13993] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 168.819433][T13993] EXT4-fs (loop2): invalid journal inode [ 168.825307][T13993] EXT4-fs (loop2): can't get journal size [ 168.839754][T13993] EXT4-fs (loop2): 1 truncate cleaned up [ 168.846314][T13993] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 168.925664][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.958901][T13022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.017606][ T3301] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.042941][T14009] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4199'. [ 169.070750][T14009] netlink: 'syz.2.4199': attribute type 2 has an invalid length. [ 169.109847][T14019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4204'. [ 169.132158][T14019] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4204'. [ 169.190086][T14024] loop0: detected capacity change from 0 to 1024 [ 169.239418][T14024] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 169.250373][T14024] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 169.272147][T14024] JBD2: no valid journal superblock found [ 169.277940][T14024] EXT4-fs (loop0): Could not load journal inode [ 169.335538][T14024] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4207'. [ 169.346233][T14038] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4213'. [ 169.513198][T14048] loop3: detected capacity change from 0 to 2048 [ 169.544276][T14048] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.650708][T14060] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4230'. [ 169.747380][T14064] loop0: detected capacity change from 0 to 1024 [ 169.767865][T14064] EXT4-fs (loop0): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 169.792848][T14064] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 169.811478][T14064] EXT4-fs (loop0): orphan cleanup on readonly fs [ 169.819394][T14064] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 169.834041][T14064] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 169.847279][T14054] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 169.865319][T14064] EXT4-fs error (device loop0): ext4_free_blocks:6696: comm syz.0.4234: Freeing blocks not in datazone - block = 0, count = 4096 [ 169.888778][T14064] EXT4-fs (loop0): Remounting filesystem read-only [ 169.895338][T14064] EXT4-fs (loop0): 1 orphan inode deleted [ 169.903242][T14054] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 169.915821][T14054] EXT4-fs (loop3): This should not happen!! Data will be lost [ 169.915821][T14054] [ 169.925498][T14054] EXT4-fs (loop3): Total free blocks count 0 [ 169.931500][T14054] EXT4-fs (loop3): Free/Dirty block details [ 169.937492][T14054] EXT4-fs (loop3): free_blocks=2415919104 [ 169.943244][T14054] EXT4-fs (loop3): dirty_blocks=8208 [ 169.948676][T14054] EXT4-fs (loop3): Block reservation details [ 169.954711][T14054] EXT4-fs (loop3): i_reserved_data_blocks=513 [ 169.963715][T14064] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 170.049540][ T3654] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 170.272920][T12847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.370463][T14087] cgroup: fork rejected by pids controller in /syz3 [ 170.758419][T14111] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.761829][T14113] loop2: detected capacity change from 0 to 1024 [ 170.776048][T14113] EXT4-fs (loop2): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 170.786741][T14113] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 170.795037][T14113] EXT4-fs (loop2): orphan cleanup on readonly fs [ 170.802074][T14113] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 170.816739][T14113] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 170.823784][T14113] EXT4-fs error (device loop2): ext4_free_blocks:6696: comm syz.2.4242: Freeing blocks not in datazone - block = 0, count = 4096 [ 170.837415][T14113] EXT4-fs (loop2): Remounting filesystem read-only [ 170.843977][T14113] EXT4-fs (loop2): 1 orphan inode deleted [ 170.844814][T14111] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.850367][T14113] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 170.961622][T14111] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.981666][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.996192][T14117] loop4: detected capacity change from 0 to 512 [ 171.004184][T14117] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 171.012451][T14117] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.4245: invalid indirect mapped block 2683928664 (level 1) [ 171.026795][T14117] EXT4-fs (loop4): Remounting filesystem read-only [ 171.034383][T14117] EXT4-fs (loop4): 1 truncate cleaned up [ 171.040297][T14120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4244'. [ 171.040720][T14117] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.083432][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.084230][T14111] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.175918][ T3650] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.186917][ T3668] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.198936][ T386] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.210335][ T386] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.419144][ T29] kauditd_printk_skb: 130 callbacks suppressed [ 171.419205][ T29] audit: type=1326 audit(1755344773.786:10153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.452646][ T29] audit: type=1326 audit(1755344773.816:10154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.476342][ T29] audit: type=1326 audit(1755344773.816:10155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.500139][ T29] audit: type=1326 audit(1755344773.816:10156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.523818][ T29] audit: type=1326 audit(1755344773.816:10157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.547436][ T29] audit: type=1326 audit(1755344773.816:10158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.570927][ T29] audit: type=1326 audit(1755344773.816:10159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.594554][ T29] audit: type=1326 audit(1755344773.816:10160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.618410][ T29] audit: type=1326 audit(1755344773.816:10161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.642038][ T29] audit: type=1326 audit(1755344773.816:10162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14135 comm="syz.4.4255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 171.797050][T14151] SELinux: failed to load policy [ 171.863211][ T386] bond5: left allmulticast mode [ 171.868176][ T386] bond5: left promiscuous mode [ 171.873274][ T386] bridge0: port 4(bond5) entered disabled state [ 171.879487][T14158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4270'. [ 171.890554][ T386] batadv1: left allmulticast mode [ 171.895601][ T386] batadv1: left promiscuous mode [ 171.900795][ T386] bridge0: port 3(batadv1) entered disabled state [ 171.917952][ T386] bridge_slave_1: left allmulticast mode [ 171.923717][ T386] bridge_slave_1: left promiscuous mode [ 171.929409][ T386] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.937303][ T386] bridge_slave_0: left promiscuous mode [ 171.943110][ T386] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.011931][ T386] bond1 (unregistering): (slave bridge1): Releasing active interface [ 172.053899][T14171] loop4: detected capacity change from 0 to 1024 [ 172.061138][T14171] EXT4-fs (loop4): stripe (8) is not aligned with cluster size (4096), stripe is disabled [ 172.073809][T14171] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 172.082721][T14171] EXT4-fs (loop4): orphan cleanup on readonly fs [ 172.090737][T14171] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 172.105352][T14171] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 172.116482][T14171] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.4265: Freeing blocks not in datazone - block = 0, count = 4096 [ 172.135566][T14171] EXT4-fs (loop4): Remounting filesystem read-only [ 172.142197][T14171] EXT4-fs (loop4): 1 orphan inode deleted [ 172.148563][T14171] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 172.300589][ T386] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.320825][ T386] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.336685][ T386] bond0 (unregistering): Released all slaves [ 172.345579][ T386] bond1 (unregistering): Released all slaves [ 172.360680][ T386] bond2 (unregistering): (slave veth7): Releasing active interface [ 172.373291][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.385286][ T386] bond2 (unregistering): Released all slaves [ 172.396775][T14186] loop0: detected capacity change from 0 to 128 [ 172.401323][ T386] bond3 (unregistering): (slave batadv2): Releasing active interface [ 172.421356][ T386] bond3 (unregistering): Released all slaves [ 172.441320][ T386] bond4 (unregistering): (slave batadv3): Releasing active interface [ 172.452515][ T386] bond4 (unregistering): Released all slaves [ 172.463829][ T386] bond5 (unregistering): Released all slaves [ 172.475216][T14188] loop4: detected capacity change from 0 to 128 [ 172.527876][ T386] tipc: Disabling bearer [ 172.533174][ T386] tipc: Left network mode [ 172.545740][T14138] chnl_net:caif_netlink_parms(): no params data found [ 172.562812][ T386] hsr_slave_0: left promiscuous mode [ 172.578494][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.578494][ T3635] loop0: rw=1, sector=145, nr_sectors = 8 limit=128 [ 172.598626][ T386] hsr_slave_1: left promiscuous mode [ 172.601943][T14200] loop6: detected capacity change from 0 to 1024 [ 172.607495][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.607495][ T3635] loop0: rw=1, sector=161, nr_sectors = 8 limit=128 [ 172.611382][T14200] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 172.623891][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.623891][ T3635] loop0: rw=1, sector=177, nr_sectors = 8 limit=128 [ 172.634739][T14200] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 172.648177][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.648177][ T3635] loop0: rw=1, sector=193, nr_sectors = 8 limit=128 [ 172.663295][T14200] JBD2: no valid journal superblock found [ 172.676878][T14200] EXT4-fs (loop6): Could not load journal inode [ 172.685891][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.685891][ T3635] loop0: rw=1, sector=209, nr_sectors = 8 limit=128 [ 172.699526][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.699526][ T3635] loop0: rw=1, sector=225, nr_sectors = 8 limit=128 [ 172.713267][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.713267][ T3635] loop0: rw=1, sector=241, nr_sectors = 8 limit=128 [ 172.725726][T14200] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4277'. [ 172.726811][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.726811][ T3635] loop0: rw=1, sector=257, nr_sectors = 8 limit=128 [ 172.749187][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.749187][ T3635] loop0: rw=1, sector=273, nr_sectors = 8 limit=128 [ 172.762735][ T3635] kworker/u8:35: attempt to access beyond end of device [ 172.762735][ T3635] loop0: rw=1, sector=289, nr_sectors = 8 limit=128 [ 172.778862][ T386] team0 (unregistering): Port device team_slave_1 removed [ 172.789107][ T386] team0 (unregistering): Port device team_slave_0 removed [ 172.869071][T14138] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.876187][T14138] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.884079][T14138] bridge_slave_0: entered allmulticast mode [ 172.890598][T14138] bridge_slave_0: entered promiscuous mode [ 172.897548][T14138] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.904702][T14138] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.911887][T14138] bridge_slave_1: entered allmulticast mode [ 172.918439][T14138] bridge_slave_1: entered promiscuous mode [ 172.935443][T14138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.945394][T14138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.965544][T14138] team0: Port device team_slave_0 added [ 172.972106][T14138] team0: Port device team_slave_1 added [ 172.987454][T14138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 172.994681][T14138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.020852][T14138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 173.032106][T14138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 173.039075][T14138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.065008][T14138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 173.090798][T14138] hsr_slave_0: entered promiscuous mode [ 173.096750][T14138] hsr_slave_1: entered promiscuous mode [ 173.102606][T14138] debugfs: 'hsr0' already exists in 'hsr' [ 173.108340][T14138] Cannot create hsr debugfs directory [ 173.516376][T14138] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 173.525244][T14138] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 173.533865][T14138] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 173.542885][T14138] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 173.574182][T14138] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.585599][T14138] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.595620][ T3650] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.602727][ T3650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.613081][ T386] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.620157][ T386] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.679948][T14138] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.739368][T14138] veth0_vlan: entered promiscuous mode [ 173.746924][T14138] veth1_vlan: entered promiscuous mode [ 173.761470][T14138] veth0_macvtap: entered promiscuous mode [ 173.769232][T14138] veth1_macvtap: entered promiscuous mode [ 173.780057][T14138] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.791692][T14138] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.802438][ T3635] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.813360][ T3635] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.822207][ T3635] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.834663][ T3635] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.243128][T14255] netlink: 100 bytes leftover after parsing attributes in process `syz.2.4291'. [ 174.535834][T14265] veth3: entered promiscuous mode [ 174.736153][T14275] netlink: 'syz.6.4299': attribute type 15 has an invalid length. [ 174.784192][T14282] loop3: detected capacity change from 0 to 128 [ 174.876915][ T9027] hid_parser_main: 86 callbacks suppressed [ 174.876933][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.890467][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.897871][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.905283][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.912697][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.920113][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.927513][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.934929][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.942410][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.949875][ T9027] hid-generic 0008:0006:0007.000A: unknown main item tag 0x0 [ 174.965228][ T9027] hid-generic 0008:0006:0007.000A: hidraw0: HID v0.0b Device [syz1] on syz1 [ 175.076122][T14295] veth3: entered promiscuous mode [ 175.086565][T14297] netlink: 100 bytes leftover after parsing attributes in process `syz.4.4311'. [ 175.147007][T14305] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4314'. [ 175.158565][T14305] bridge0: entered promiscuous mode [ 175.165384][T14305] bridge0: port 3(macvlan0) entered blocking state [ 175.172040][T14305] bridge0: port 3(macvlan0) entered disabled state [ 175.178852][T14305] macvlan0: entered allmulticast mode [ 175.184441][T14305] bridge0: entered allmulticast mode [ 175.190710][T14305] macvlan0: left allmulticast mode [ 175.195848][T14305] bridge0: left allmulticast mode [ 175.201389][T14305] bridge0: left promiscuous mode [ 175.587781][T14320] loop2: detected capacity change from 0 to 512 [ 175.595983][T14320] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 175.607490][T14320] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.4320: invalid indirect mapped block 2683928664 (level 1) [ 175.623591][T14320] EXT4-fs (loop2): Remounting filesystem read-only [ 175.630254][T14320] EXT4-fs (loop2): 1 truncate cleaned up [ 175.636746][T14320] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.695772][ T3311] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.964105][T14340] bond1: entered allmulticast mode [ 175.975175][T14340] 8021q: adding VLAN 0 to HW filter on device bond1 [ 175.996757][T14340] bridge0: port 3(bond1) entered blocking state [ 176.003221][T14340] bridge0: port 3(bond1) entered disabled state [ 176.018366][T14340] bond1: entered promiscuous mode [ 176.026852][T14340] bridge0: port 3(bond1) entered blocking state [ 176.033177][T14340] bridge0: port 3(bond1) entered forwarding state [ 176.153565][T14354] $H: renamed from bond0 (while UP) [ 176.166964][T14354] $H: entered promiscuous mode [ 176.172166][T14354] bond_slave_0: entered promiscuous mode [ 176.178033][T14354] bond_slave_1: entered promiscuous mode [ 176.359830][T14373] SELinux: failed to load policy [ 176.459047][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 176.459065][ T29] audit: type=1326 audit(1755344778.826:10200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.488963][ T29] audit: type=1326 audit(1755344778.826:10201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.578403][ T29] audit: type=1326 audit(1755344778.886:10202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.601961][ T29] audit: type=1326 audit(1755344778.886:10203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.625539][ T29] audit: type=1326 audit(1755344778.886:10204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.649144][ T29] audit: type=1326 audit(1755344778.886:10205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.672781][ T29] audit: type=1326 audit(1755344778.886:10206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.696387][ T29] audit: type=1326 audit(1755344778.886:10207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.720023][ T29] audit: type=1326 audit(1755344778.896:10208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.743635][ T29] audit: type=1326 audit(1755344778.896:10209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14388 comm="syz.3.4359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c78d5ebe9 code=0x7ffc0000 [ 176.767827][ T3654] bridge0: port 3(bond1) entered disabled state [ 176.903454][T14415] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4358'. [ 176.917032][T14415] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4358'. [ 177.025516][T14431] netlink: 'syz.0.4367': attribute type 39 has an invalid length. [ 177.265089][T14445] loop0: detected capacity change from 0 to 512 [ 177.279688][T14445] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 177.287904][T14445] EXT4-fs (loop0): orphan cleanup on readonly fs [ 177.296628][T14445] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.4372: corrupted inode contents [ 177.308847][T14445] EXT4-fs (loop0): Remounting filesystem read-only [ 177.315702][T14445] EXT4-fs (loop0): 1 truncate cleaned up [ 177.321590][ T3654] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 177.332310][ T3654] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 177.342954][ T3654] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 177.353860][T14445] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 177.367299][T14453] $H: renamed from bond0 (while UP) [ 177.376575][T14453] $H: entered promiscuous mode [ 177.381653][T14453] bond_slave_0: entered promiscuous mode [ 177.387349][T14453] bond_slave_1: entered promiscuous mode [ 177.397541][T14445] tipc: Started in network mode [ 177.402563][T14445] tipc: Node identity ac14140f, cluster identity 4711 [ 177.409569][T14445] tipc: New replicast peer: 255.255.255.83 [ 177.415437][T14445] tipc: Enabled bearer , priority 10 [ 177.431715][T12847] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.879464][T14485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4390'. [ 178.009345][T14493] loop0: detected capacity change from 0 to 1024 [ 178.054067][T14493] EXT4-fs: Ignoring removed bh option [ 178.085467][T14493] EXT4-fs: inline encryption not supported [ 178.099312][T14493] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 178.116092][T14493] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 2: comm syz.0.4394: lblock 2 mapped to illegal pblock 2 (length 1) [ 178.130675][T14493] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 48: comm syz.0.4394: lblock 0 mapped to illegal pblock 48 (length 1) [ 178.146445][T14493] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.4394: Failed to acquire dquot type 0 [ 178.164350][T14493] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 178.174712][T14504] loop6: detected capacity change from 0 to 512 [ 178.181304][T14493] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.4394: mark_inode_dirty error [ 178.192846][T14493] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 178.203159][T14493] EXT4-fs (loop0): 1 orphan inode deleted [ 178.209576][T14493] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.222648][ T3635] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:35: lblock 1 mapped to illegal pblock 1 (length 1) [ 178.243604][T14504] EXT4-fs (loop6): orphan cleanup on readonly fs [ 178.254096][ T3635] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:35: Failed to release dquot type 0 [ 178.268371][T14504] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.4399: bg 0: block 248: padding at end of block bitmap is not set [ 178.283966][T14504] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.4399: Failed to acquire dquot type 1 [ 178.284561][T14493] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.311545][T14504] EXT4-fs (loop6): 1 truncate cleaned up [ 178.329430][T14504] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 178.334066][T14493] EXT4-fs error (device loop0): __ext4_get_inode_loc:4861: comm syz.0.4394: Invalid inode table block 1 in block_group 0 [ 178.376313][T13022] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.391078][T14513] netlink: 'syz.3.4402': attribute type 3 has an invalid length. [ 178.399115][T14493] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 178.416386][T14493] EXT4-fs error (device loop0): ext4_quota_off:7217: inode #3: comm syz.0.4394: mark_inode_dirty error [ 178.448799][T14516] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge0, syncid = 33554432, id = 0 [ 178.528696][ T3355] tipc: Node number set to 2886997007 [ 178.615128][T14530] $H: renamed from bond0 (while UP) [ 178.631379][T14530] $H: entered promiscuous mode [ 178.636460][T14530] bond_slave_0: entered promiscuous mode [ 178.642350][T14530] bond_slave_1: entered promiscuous mode [ 178.648180][T14530] team0: entered promiscuous mode [ 178.653355][T14530] team_slave_0: entered promiscuous mode [ 178.659395][T14530] team_slave_1: entered promiscuous mode [ 179.311632][T14549] loop4: detected capacity change from 0 to 164 [ 179.319079][T14549] rock: directory entry would overflow storage [ 179.325307][T14549] rock: sig=0x66, size=4, remaining=3 [ 179.334649][T14549] rock: directory entry would overflow storage [ 179.340955][T14549] rock: sig=0x66, size=4, remaining=3 [ 179.351505][T14549] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 179.363073][T14549] rock: directory entry would overflow storage [ 179.369328][T14549] rock: sig=0x66, size=4, remaining=3 [ 179.387269][T14549] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 179.959717][T14588] $H: renamed from bond0 (while UP) [ 179.975837][T14588] $H: entered promiscuous mode [ 179.981009][T14588] bond_slave_0: entered promiscuous mode [ 179.986796][T14588] bond_slave_1: entered promiscuous mode [ 181.105275][T14634] loop2: detected capacity change from 0 to 1024 [ 181.112113][T14634] EXT4-fs: Ignoring removed bh option [ 181.117556][T14634] EXT4-fs: inline encryption not supported [ 181.123721][T14634] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 181.136740][T14634] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 2: comm syz.2.4453: lblock 2 mapped to illegal pblock 2 (length 1) [ 181.151030][T14634] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 48: comm syz.2.4453: lblock 0 mapped to illegal pblock 48 (length 1) [ 181.165284][T14634] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4453: Failed to acquire dquot type 0 [ 181.176875][T14634] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 181.186628][T14634] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.4453: mark_inode_dirty error [ 181.198501][T14634] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 181.210650][T14634] EXT4-fs (loop2): 1 orphan inode deleted [ 181.218097][ T3650] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:47: lblock 1 mapped to illegal pblock 1 (length 1) [ 181.234779][ T3650] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:47: Failed to release dquot type 0 [ 181.247277][T14634] EXT4-fs error (device loop2): __ext4_get_inode_loc:4861: comm syz.2.4453: Invalid inode table block 1 in block_group 0 [ 181.262002][T14634] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 181.271591][T14634] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz.2.4453: mark_inode_dirty error [ 181.698660][T14664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.707241][T14664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.743045][T14668] loop4: detected capacity change from 0 to 1024 [ 181.750847][T14664] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000000010 [ 181.762079][T14668] EXT4-fs: Ignoring removed bh option [ 181.767508][T14668] EXT4-fs: inline encryption not supported [ 181.784290][T14662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4464'. [ 181.793422][T14668] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 181.798633][T14662] bridge_slave_1: left allmulticast mode [ 181.809434][T14662] bridge_slave_1: left promiscuous mode [ 181.815081][T14662] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.838528][T14668] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.4467: lblock 2 mapped to illegal pblock 2 (length 1) [ 181.854529][T14662] bridge_slave_0: left allmulticast mode [ 181.860231][T14662] bridge_slave_0: left promiscuous mode [ 181.865984][T14662] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.884861][T14668] __quota_error: 43 callbacks suppressed [ 181.884872][T14668] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 181.925385][T14668] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.4467: lblock 0 mapped to illegal pblock 48 (length 1) [ 181.950912][T14668] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 181.959768][T14668] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4467: Failed to acquire dquot type 0 [ 181.993025][T14668] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 182.018388][T14668] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.4467: mark_inode_dirty error [ 182.040448][T14668] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 182.060208][T14668] EXT4-fs (loop4): 1 orphan inode deleted [ 182.066596][ T332] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 182.086847][ T332] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 182.095317][ T332] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:5: Failed to release dquot type 0 [ 182.120227][T14668] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz.4.4467: Invalid inode table block 1 in block_group 0 [ 182.133650][T14668] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem [ 182.144261][T14668] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.4467: mark_inode_dirty error [ 182.451170][T14693] netlink: 'syz.2.4477': attribute type 39 has an invalid length. [ 182.492443][ T29] audit: type=1400 audit(1755344784.856:10239): avc: denied { ioctl } for pid=14698 comm="syz.3.4481" path="socket:[46520]" dev="sockfs" ino=46520 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 182.581019][T14703] netlink: 'syz.4.4484': attribute type 1 has an invalid length. [ 182.602328][T14703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.623964][T14703] bond0: (slave veth15): Enslaving as an active interface with a down link [ 182.635448][T14706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.648665][T14703] bond0: (slave dummy0): making interface the new active one [ 182.650950][T14706] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.669902][T14703] dummy0: entered promiscuous mode [ 182.675436][T14703] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 182.676271][T14706] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000000010 [ 183.004204][T14726] netlink: 'syz.4.4495': attribute type 39 has an invalid length. [ 183.182069][T14745] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 183.292952][ T29] audit: type=1400 audit(1755344785.656:10240): avc: denied { write } for pid=14756 comm="syz.2.4506" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 183.329457][T14761] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4508'. [ 184.006702][T14784] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 184.025266][T14784] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 184.038535][T14784] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000000010 [ 184.053724][T14790] loop2: detected capacity change from 0 to 2048 [ 184.084449][ T29] audit: type=1400 audit(1755344786.446:10241): avc: denied { read } for pid=14795 comm="syz.0.4524" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 184.090574][T14790] ext4 filesystem being mounted at /854/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.122277][T14790] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm +}[@: bg 0: block 345: padding at end of block bitmap is not set [ 184.137046][T14790] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 79 with max blocks 1 with error 117 [ 184.149511][T14790] EXT4-fs (loop2): This should not happen!! Data will be lost [ 184.149511][T14790] [ 184.296181][T14806] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.306145][T14806] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 184.333438][T14808] loop3: detected capacity change from 0 to 164 [ 184.370042][T14806] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.379939][T14806] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 184.449900][T14806] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.459816][T14806] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 184.520238][T14806] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 184.530117][T14806] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 184.575813][ T3650] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.584081][ T3650] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 184.600415][ T3650] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.608697][ T3650] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 184.621683][ T3650] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.629944][ T3650] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 184.641285][ T3650] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 184.649582][ T3650] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 184.823995][T14825] sch_fq: defrate 4294967295 ignored. [ 184.832052][ T29] audit: type=1326 audit(1755344787.196:10242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14826 comm="syz.4.4536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 184.862239][T14827] loop4: detected capacity change from 0 to 128 [ 184.869731][T14827] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 184.876280][ T29] audit: type=1326 audit(1755344787.196:10243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14826 comm="syz.4.4536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 184.883606][T14827] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 184.905393][ T29] audit: type=1326 audit(1755344787.196:10244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14826 comm="syz.4.4536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 184.938028][ T29] audit: type=1326 audit(1755344787.196:10245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14826 comm="syz.4.4536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f526ebe9 code=0x7ffc0000 [ 185.271487][T14868] netlink: 'syz.4.4555': attribute type 27 has an invalid length. [ 185.341047][T14868] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.348378][T14868] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.376309][T14868] $H: left promiscuous mode [ 185.381417][T14868] bond_slave_0: left promiscuous mode [ 185.387098][T14868] bond_slave_1: left promiscuous mode [ 185.392697][T14868] team0: left promiscuous mode [ 185.397460][T14868] team_slave_0: left promiscuous mode [ 185.402897][T14868] team_slave_1: left promiscuous mode [ 185.455036][T14868] geneve0: left allmulticast mode [ 185.463096][T14868] geneve2: left promiscuous mode [ 185.473929][T14868] team1: left promiscuous mode [ 185.479098][T14868] team1: left allmulticast mode [ 185.489876][T14868] team2: left promiscuous mode [ 185.494760][T14868] team2: left allmulticast mode [ 185.502034][T14868] veth11: left promiscuous mode [ 185.510369][ T3668] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 185.518872][ T3668] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.527828][ T3668] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 185.536265][ T3668] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.559604][ T3668] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 185.568085][ T3668] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.591434][ T3668] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 185.599853][ T3668] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.714589][T14891] loop4: detected capacity change from 0 to 512 [ 185.732025][T14891] ext4 filesystem being mounted at /899/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.743540][T14891] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.4559: Failed to acquire dquot type 0 [ 185.819236][T14904] loop4: detected capacity change from 0 to 512 [ 185.987454][T14915] netlink: 'syz.0.4570': attribute type 1 has an invalid length. [ 186.023390][T14913] bridge_slave_0: left allmulticast mode [ 186.029071][T14913] bridge_slave_0: left promiscuous mode [ 186.034889][T14913] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.053045][T14913] bridge_slave_1: left allmulticast mode [ 186.058830][T14913] bridge_slave_1: left promiscuous mode [ 186.064550][T14913] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.074926][T14913] $H: (slave bond_slave_0): Releasing backup interface [ 186.084498][T14913] bond_slave_0: left promiscuous mode [ 186.092275][T14913] $H: (slave bond_slave_1): Releasing backup interface [ 186.100111][T14913] bond_slave_1: left promiscuous mode [ 186.109148][T14913] team0: Port device team_slave_0 removed [ 186.117588][T14913] team0: Port device team_slave_1 removed [ 186.124833][T14913] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.132336][T14913] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.140869][T14913] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.148253][T14913] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.169154][T14913] bond1: left promiscuous mode [ 186.174042][T14913] bridge0: port 3(bond1) entered disabled state [ 186.188455][T14915] 8021q: adding VLAN 0 to HW filter on device bond1 [ 186.212798][T14920] bond1: (slave veth5): Enslaving as an active interface with a down link [ 186.232859][T14921] bond1: (slave dummy0): making interface the new active one [ 186.242420][T14921] dummy0: entered promiscuous mode [ 186.250959][T14921] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 186.530422][T14965] loop6: detected capacity change from 0 to 128 [ 186.591305][T14974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4595'. [ 186.621770][T14974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4595'. [ 186.712054][T14982] loop6: detected capacity change from 0 to 8192 [ 186.821059][T14997] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 186.951337][T15005] loop0: detected capacity change from 0 to 764 [ 186.970245][T15005] rock: directory entry would overflow storage [ 186.976526][T15005] rock: sig=0x4654, size=5, remaining=4 [ 187.183825][T15023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.208849][T15023] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.260467][T15023] 9pnet: p9_errstr2errno: server reported unknown error @00000000000000000000010 [ 187.810803][T15049] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4629'. [ 187.820801][T15049] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4629'. [ 187.945415][ T29] kauditd_printk_skb: 74 callbacks suppressed [ 187.945431][ T29] audit: type=1326 audit(1755344790.306:10318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.030000][ T29] audit: type=1326 audit(1755344790.346:10319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.053796][ T29] audit: type=1326 audit(1755344790.346:10320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.077387][ T29] audit: type=1326 audit(1755344790.346:10321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.101071][ T29] audit: type=1326 audit(1755344790.346:10322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.124658][ T29] audit: type=1326 audit(1755344790.346:10323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.148237][ T29] audit: type=1326 audit(1755344790.346:10324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.158318][T15067] macvlan2: entered promiscuous mode [ 188.171871][ T29] audit: type=1326 audit(1755344790.346:10325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.171923][ T29] audit: type=1326 audit(1755344790.346:10326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.171950][ T29] audit: type=1326 audit(1755344790.346:10327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15054 comm="syz.0.4632" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6af9c9ebe9 code=0x7ffc0000 [ 188.243713][T15068] macvlan3: entered promiscuous mode [ 188.276854][T15039] loop3: detected capacity change from 0 to 8192 [ 188.351078][T15078] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4642'. [ 188.578931][T15102] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4652'. [ 188.672519][T15119] loop4: detected capacity change from 0 to 512 [ 188.681092][T15119] EXT4-fs: Ignoring removed nobh option [ 188.704839][T15119] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 188.716588][T15119] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it [ 188.726822][T15119] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.4659: Corrupt directory, running e2fsck is recommended [ 188.769717][T15119] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 188.810336][T15119] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.4659: corrupted in-inode xattr: invalid ea_ino [ 188.854477][T15119] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.4659: couldn't read orphan inode 15 (err -117) [ 189.318743][T15158] loop0: detected capacity change from 0 to 128 [ 189.335896][T15162] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.346630][T15161] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4676'. [ 189.355629][T15161] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4676'. [ 189.364737][T15161] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4676'. [ 189.376622][T15158] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 189.408634][T15161] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4676'. [ 189.417658][T15161] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4676'. [ 189.426687][T15161] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4676'. [ 189.447750][T15162] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.496303][T15162] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.563541][T15162] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.629239][ T332] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.645725][ T332] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.663770][ T332] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.687934][ T332] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.715288][T15194] loop2: detected capacity change from 0 to 1024 [ 189.726192][T15194] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.4690: Failed to acquire dquot type 0 [ 189.740933][T15194] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 189.756028][T15194] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.4690: corrupted inode contents [ 189.769889][T15194] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #13: comm syz.2.4690: mark_inode_dirty error [ 189.793941][T15194] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.4690: corrupted inode contents [ 189.819826][T15194] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #13: comm syz.2.4690: mark_inode_dirty error [ 189.833481][T15194] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.4690: corrupted inode contents [ 189.846293][T15194] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 189.855775][T15194] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #13: comm syz.2.4690: corrupted inode contents [ 189.871056][T15194] EXT4-fs error (device loop2): ext4_truncate:4666: inode #13: comm syz.2.4690: mark_inode_dirty error [ 189.882966][T15194] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 189.892825][T15194] EXT4-fs (loop2): 1 truncate cleaned up [ 189.922042][T15208] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=15208 comm=syz.6.4697 [ 189.934736][T15208] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=15208 comm=syz.6.4697 [ 190.039405][T15220] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.110206][T15231] ip6gre1: entered allmulticast mode [ 190.121171][T15220] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.182265][T15220] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.252218][T15245] loop2: detected capacity change from 0 to 1024 [ 190.259083][T15245] EXT4-fs: inline encryption not supported [ 190.265090][T15245] EXT4-fs: Ignoring removed i_version option [ 190.271349][T15245] EXT4-fs: Ignoring removed bh option [ 190.279247][T15220] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.341185][T15254] loop2: detected capacity change from 0 to 128 [ 190.365228][ T3668] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.373914][T15256] loop4: detected capacity change from 0 to 1024 [ 190.384329][ T3668] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.388218][T15256] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 190.397722][ T3668] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.438979][ T3668] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.493632][T15271] loop0: detected capacity change from 0 to 164 [ 190.511513][T15271] bio_check_eod: 102 callbacks suppressed [ 190.511530][T15271] syz.0.4721: attempt to access beyond end of device [ 190.511530][T15271] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 190.531474][T15271] syz.0.4721: attempt to access beyond end of device [ 190.531474][T15271] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 190.577060][T15278] netlink: 'syz.3.4727': attribute type 1 has an invalid length. [ 190.601407][T15273] loop6: detected capacity change from 0 to 8192 [ 190.616207][T15278] bond0: (slave bridge1): making interface the new active one [ 190.626719][T15278] bond0: (slave bridge1): Enslaving as an active interface with an up link [ 190.650651][T15273] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 190.807700][T15300] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.881698][T15300] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.901589][ T9029] Process accounting resumed [ 190.961417][T15300] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.021786][T15300] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.218831][ T3654] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.227221][ T3654] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.235895][ T3654] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.244481][ T3654] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 191.298620][T15326] syzkaller0: entered promiscuous mode [ 191.304115][T15326] syzkaller0: entered allmulticast mode [ 191.382420][T15334] syzkaller1: entered promiscuous mode [ 191.387941][T15334] syzkaller1: entered allmulticast mode [ 191.591358][T15355] syzkaller0: entered allmulticast mode [ 191.597248][T15355] syzkaller0: entered promiscuous mode [ 191.604623][T15355] syzkaller0 (unregistering): left allmulticast mode [ 191.611436][T15355] syzkaller0 (unregistering): left promiscuous mode [ 191.903895][T15371] loop4: detected capacity change from 0 to 128 [ 191.930783][T15371] EXT4-fs mount: 20 callbacks suppressed [ 191.930797][T15371] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 191.964688][T15371] ext4 filesystem being mounted at /928/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 191.993545][T15371] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 192.133593][T15393] C: renamed from team_slave_0 [ 192.143675][T15393] netlink: 'syz.2.4774': attribute type 1 has an invalid length. [ 192.151516][T15393] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 192.301754][T15409] loop4: detected capacity change from 0 to 164 [ 192.328397][T15409] syz.4.4781: attempt to access beyond end of device [ 192.328397][T15409] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 192.360880][T15409] syz.4.4781: attempt to access beyond end of device [ 192.360880][T15409] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 192.528807][T15437] tipc: Started in network mode [ 192.533734][T15437] tipc: Node identity 160faf7a874e, cluster identity 4711 [ 192.541131][T15437] tipc: Enabled bearer , priority 0 [ 192.550040][T15436] tipc: Disabling bearer [ 193.083264][T15478] loop6: detected capacity change from 0 to 164 [ 193.090730][T15478] rock: directory entry would overflow storage [ 193.096914][T15478] rock: sig=0x66, size=4, remaining=3 [ 193.105432][T15478] rock: directory entry would overflow storage [ 193.111831][T15478] rock: sig=0x66, size=4, remaining=3 [ 193.120400][T15478] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 193.128805][T15478] rock: directory entry would overflow storage [ 193.134979][T15478] rock: sig=0x66, size=4, remaining=3 [ 193.142991][T15478] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 193.272305][T15466] ================================================================== [ 193.280430][T15466] BUG: KCSAN: data-race in fifo_open / wait_for_partner [ 193.287410][T15466] [ 193.289748][T15466] read-write to 0xffff888121c8fbac of 4 bytes by task 15468 on cpu 1: [ 193.297952][T15466] fifo_open+0x86/0x5d0 [ 193.302172][T15466] do_dentry_open+0x646/0xa20 [ 193.306885][T15466] vfs_open+0x37/0x1e0 [ 193.310984][T15466] path_openat+0x1c5e/0x2170 [ 193.315589][T15466] do_filp_open+0x109/0x230 [ 193.320109][T15466] do_sys_openat2+0xa6/0x110 [ 193.324732][T15466] __se_sys_openat2+0x194/0x1f0 [ 193.329622][T15466] __x64_sys_openat2+0x55/0x70 [ 193.334416][T15466] x64_sys_call+0x1121/0x2ff0 [ 193.339118][T15466] do_syscall_64+0xd2/0x200 [ 193.343654][T15466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.349581][T15466] [ 193.351909][T15466] read to 0xffff888121c8fbac of 4 bytes by task 15466 on cpu 0: [ 193.359556][T15466] wait_for_partner+0xb5/0x1c0 [ 193.364350][T15466] fifo_open+0x4b1/0x5d0 [ 193.368637][T15466] do_dentry_open+0x646/0xa20 [ 193.373343][T15466] vfs_open+0x37/0x1e0 [ 193.377438][T15466] path_openat+0x1c5e/0x2170 [ 193.382046][T15466] do_filp_open+0x109/0x230 [ 193.386564][T15466] do_sys_openat2+0xa6/0x110 [ 193.391184][T15466] __x64_sys_openat+0xf2/0x120 [ 193.395957][T15466] x64_sys_call+0x2e9c/0x2ff0 [ 193.400659][T15466] do_syscall_64+0xd2/0x200 [ 193.405194][T15466] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.411116][T15466] [ 193.413442][T15466] value changed: 0x00000001 -> 0x00000002 [ 193.419181][T15466] [ 193.421517][T15466] Reported by Kernel Concurrency Sanitizer on: [ 193.427707][T15466] CPU: 0 UID: 0 PID: 15466 Comm: syz.2.4805 Tainted: G W 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(voluntary) [ 193.441462][T15466] Tainted: [W]=WARN [ 193.445285][T15466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 193.455359][T15466] ================================================================== [ 197.548750][ T332] dummy0: left promiscuous mode