last executing test programs: 4.434948528s ago: executing program 4 (id=394): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000001080)={r2}, 0xc) setsockopt(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0) 3.13867977s ago: executing program 1 (id=437): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) fsopen(&(0x7f0000000100)='configfs\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r1, &(0x7f0000000540), 0xfffffdd8) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 2.669067998s ago: executing program 4 (id=427): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0) 2.55092735s ago: executing program 4 (id=431): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000002001000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48141, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc) 2.25188912s ago: executing program 1 (id=434): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000001080)={r2}, 0xc) setsockopt(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0) 2.232918162s ago: executing program 4 (id=453): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 2.130113332s ago: executing program 4 (id=445): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xd, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000300)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r1 = gettid() r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) kcmp(r1, r2, 0x6, 0xffffffffffffffff, 0xffffffffffffffff) 1.27734108s ago: executing program 4 (id=461): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x4, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x8, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r0) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x8000000000000003, {}, 0xfd}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@getchain={0x24, 0x66, 0x400, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x10, 0x3}, {0xfff1, 0x56e7de01af07971a}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), r1) 1.1717831s ago: executing program 1 (id=456): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x4) fchdir(r1) mkdirat(r1, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file2\x00', 0x100, 0xfffbfffe) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x2) 1.128266124s ago: executing program 1 (id=459): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r2, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 1.001792347s ago: executing program 1 (id=464): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x400, 0x1, 0x800021d}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 956.153592ms ago: executing program 0 (id=468): write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e028008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000410000009500"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 837.349784ms ago: executing program 0 (id=469): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000001e000000"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 716.611777ms ago: executing program 0 (id=470): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, 0x0, 0x100) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) sendto$inet6(r2, &(0x7f0000000b80)="be", 0x1, 0x4008014, &(0x7f0000000000)={0xa, 0x4e22, 0x1, @dev={0xfe, 0x80, '\x00', 0x23}, 0x7}, 0x1c) shutdown(r2, 0x1) 609.729547ms ago: executing program 2 (id=471): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x4) fchdir(r1) mkdirat(r1, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file2\x00', 0x100, 0xfffbfffe) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x2) 608.971147ms ago: executing program 0 (id=472): bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0xe, 0x7ffc0001}]}) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0xa, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) getpgid(0x0) 576.798461ms ago: executing program 0 (id=473): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x13, r2, 0x6f20c000) connect$inet6(r3, &(0x7f0000000380)={0xa, 0x4e21, 0x0, @remote, 0x3}, 0x1c) write$binfmt_misc(r3, &(0x7f0000000100), 0xfdef) 539.468345ms ago: executing program 2 (id=474): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000019200)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRES64, @ANYRES64, @ANYRES16], 0x1, 0x374, &(0x7f0000000f80)="$eJzs3c9rI2UYwPEnbX5MWrbJQRQF6YNe9DK01bMaZBfEgEt3I+4Kwux2oiFjUmZCJCK2N6/izX9AcNnjgocF9R/oxdt68eLJXgRBFxFH5leapJMfjSmb7n4/0OZJ3veZed/84nkDeXP83pcfN+ueWbc6smKoZEREHoqUZUUSmegiLykO5eX1Px48f+3Gzbcr1erlXdUrleuv7Kjqxub3n3xWjLvdL8hR+YNjMX49evro2eN/r3/U8LThaavdUUtvtX/pWLccW/caXtNUverYlmdro+XZbtTejtrrTnt/v6dWa+/S2r5re55arZ427Z522tpxe2p9aDVaapqmXlpLG+5jzJgjp3Znd9eqzHnC23PmYdH+9n1/QrPrVqxVEbN4qqV251zHBQAAltJI/f91UiOUZaVfUGbitUA+jIeXAUH9n8Rh/R8sFk7q/7sv/NhZf/feRlz/38+n1f+v/hzlD9X/wdkXXv9/O3L9dEV04R2cpfP/qv+xHDaHX5G/nazYY0H9H7wa+iv63Pt3t8KA+h8AAAAAAAAAAAAAAAAAAAAAgIvgoe+XfN8vJZfJ38lXCOLrybVJXzTGhTPu8S/EOwr0nw94LF27cVOM8It72Q0R54turVuLLuP2pOOWlOSf8PkQizacOAwbNVCWH5yDbi0XJ6yG/ysiKo7Ysi0lKQ/lh/GVt6qXtzUS5YfnP+jWMtm1IL8ujTB/R0ryVHr+Tmp+Xl56cSDflJL8dFva4she/D6W5H++rfrmO9WR/GLYL83r5/uQAAAAAACwcKaqES+fy8Pr32j9bpqqae3BWl4G1+enPx/or6+3Utfn2dJz2Uc7dwAAAAAAnhRe/tOm5Ti26/XGBkWZ1qcQH22kKStTjhwE2Rn6DAUPwiA3qc/qwAxnPXI+/gWNWYfhej2ZecxJ8GdBUu/MZAvXoSYj/V6dMUjmP0Nn46wPgeutnH3ututtBuPRuaYzECQfG43rI1fnPfK4INk5d1rnZ7765q/5TpGJd+0dbHrtnjFlpmGQGbnlcMqT9nffD17UE8eTS3+3+G6eH5kBAAAAsCSSor/oJbe8MSVj/fwHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAADAE2ah26SNCR71HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBl8V8AAAD//1f39NU=") r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r3 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) fallocate(r2, 0x0, 0x0, 0x1000f4) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r4, 0x2, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000000)="96", 0x1, 0x0, 0x0, 0x0, r3}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r2, 0x0, 0x0, 0xffffffffffffff7f, 0x0, 0x2, r3}]) 381.596131ms ago: executing program 2 (id=475): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000012c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) io_submit(r3, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r2, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 381.357661ms ago: executing program 3 (id=476): close(0x3) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in={{0x2, 0x4e24, @remote}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000001640)={r2}, &(0x7f0000001740)=0x8) 379.719461ms ago: executing program 0 (id=485): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) fsopen(&(0x7f0000000100)='configfs\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r1, &(0x7f0000000540), 0xfffffdd8) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 314.670707ms ago: executing program 3 (id=477): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 243.943514ms ago: executing program 3 (id=478): socket$can_j1939(0x1d, 0x2, 0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 242.781855ms ago: executing program 2 (id=479): socket$kcm(0x21, 0x2, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0x43, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000fcffffff000000000000000018010000756c6c2500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x20780, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@msize={'msize', 0x3d, 0x1000}}], [], 0x6b}}) 138.549605ms ago: executing program 2 (id=480): write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e028008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000410000009500"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 138.307475ms ago: executing program 3 (id=481): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000001e000000"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) 89.45376ms ago: executing program 3 (id=482): r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8900, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @remote}}, 0x5, 0x12, 0x0, 0x3}, 0x9c) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 75.573212ms ago: executing program 1 (id=483): syz_mount_image$ext4(&(0x7f0000002800)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000002880), 0x1, 0x5fd, &(0x7f0000002ec0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x4040, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0xaa042, 0x100) write(r2, &(0x7f0000004200)='t', 0x1) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0xffffffff, 0xfd}, 0x0, 0x0, 0x1, 0x0, 0x2, 0xff, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xfff8000000000001, 0xffffffffffffffff, 0x9) sendfile(r2, r0, 0x0, 0x3ffff) sendfile(r2, r0, 0x0, 0x7ffff000) 62.257833ms ago: executing program 2 (id=484): bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0xe, 0x7ffc0001}]}) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0xa, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) getpgid(0x0) 0s ago: executing program 3 (id=486): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0) connect$can_j1939(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x90) syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000380)='./file1\x00', 0x844, &(0x7f0000000bc0)=ANY=[], 0x1, 0x267, &(0x7f0000000740)="$eJzs3b9rVFkUAOAzmcmvbSYsCwvLLjuwLGw1JIHtsyy7bNigYhgkIsGJmUjIhICBgBZJrAQrG0vLdBFBCzv9HwQbG7ERS9NZSJ4kL0xmzEQTMfMk833NPbx7znv33vDeyxRz5/LPiwuzS8tzW1uvY2AgF4Wxq9tJkouh6Il8pNYDADhN3iVJvE1SWY8FAOgM738A6D6Hvf//60nb3rQ5l8XYAICT8eWf/+9OPXlZrY39eYTUpL8Rvpg+/hgBgK9rcuri/9tPfx8cj0d3IhZvrVRWKmmb9v81F/NRj1oMRzHeRyQNafzv+MQ/w6UdgxGVxbW9+rWVSr61fiSKMRRx4czB+pFSqrW+N75rrh+NYvzQ/vqjbev74o/fmurLUYxnV2Ip6jG78y9JU/3qSKn099mJj+r7d/NiI5/p3wcAAAAAAAAAAAAAAAAAAAAAgNOpXGoYard/T7l8WH9af/T9gfb357m9W1+InwpxM9vZAwAAAAAAAAAAAAAAAAAAwLdh+fqNhWq9XrvWCGbOz3/feuRzQa5NV37v/Mc5T9cEOwtzgpf4NSJOehYPN2vPN6YvTWa/mB0M2q/qg8wHNvOJnJ6I2A1+vDdWfbz66s3BnFhvupcL6X1bradtX/PDotThhxMAAAAAAAAAAAAAAAAAAHSZ/a8BH5aRdHZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCB/d//P3bQ1ziyOZierNH1y0Bzctp5v+W6ufUMJgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNf6EAAA//9rIKjm") bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x38, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20846, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 26.466491][ T29] kauditd_printk_skb: 45 callbacks suppressed [ 26.466508][ T29] audit: type=1400 audit(1768181000.318:57): avc: denied { transition } for pid=3296 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.495481][ T29] audit: type=1400 audit(1768181000.318:58): avc: denied { noatsecure } for pid=3296 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.515177][ T29] audit: type=1400 audit(1768181000.318:59): avc: denied { write } for pid=3296 comm="sh" path="pipe:[1905]" dev="pipefs" ino=1905 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 26.537318][ T29] audit: type=1400 audit(1768181000.318:60): avc: denied { rlimitinh } for pid=3296 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 26.556044][ T29] audit: type=1400 audit(1768181000.318:61): avc: denied { siginh } for pid=3296 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.155' (ED25519) to the list of known hosts. [ 35.053004][ T29] audit: type=1400 audit(1768181008.898:62): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 35.076029][ T29] audit: type=1400 audit(1768181008.928:63): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.078348][ T3307] cgroup: Unknown subsys name 'net' [ 35.103918][ T29] audit: type=1400 audit(1768181008.958:64): avc: denied { unmount } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 35.264148][ T3307] cgroup: Unknown subsys name 'cpuset' [ 35.270429][ T3307] cgroup: Unknown subsys name 'rlimit' [ 35.442071][ T29] audit: type=1400 audit(1768181009.288:65): avc: denied { setattr } for pid=3307 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.470652][ T29] audit: type=1400 audit(1768181009.298:66): avc: denied { create } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.491134][ T29] audit: type=1400 audit(1768181009.298:67): avc: denied { write } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.511641][ T29] audit: type=1400 audit(1768181009.298:68): avc: denied { read } for pid=3307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.531945][ T3311] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 35.540727][ T29] audit: type=1400 audit(1768181009.318:69): avc: denied { read } for pid=3046 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 35.561628][ T29] audit: type=1400 audit(1768181009.318:70): avc: denied { mounton } for pid=3307 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 35.586504][ T29] audit: type=1400 audit(1768181009.318:71): avc: denied { mount } for pid=3307 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 35.620071][ T3307] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 36.784518][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 36.855269][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 36.903624][ T3323] chnl_net:caif_netlink_parms(): no params data found [ 36.912571][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.919745][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.926947][ T3322] bridge_slave_0: entered allmulticast mode [ 36.933483][ T3322] bridge_slave_0: entered promiscuous mode [ 36.947048][ T3326] chnl_net:caif_netlink_parms(): no params data found [ 36.962185][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.969306][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.976531][ T3322] bridge_slave_1: entered allmulticast mode [ 36.983010][ T3322] bridge_slave_1: entered promiscuous mode [ 37.042909][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.052179][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.059302][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.066774][ T3317] bridge_slave_0: entered allmulticast mode [ 37.073186][ T3317] bridge_slave_0: entered promiscuous mode [ 37.080154][ T3319] chnl_net:caif_netlink_parms(): no params data found [ 37.095016][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.104397][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.111484][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.119157][ T3317] bridge_slave_1: entered allmulticast mode [ 37.125607][ T3317] bridge_slave_1: entered promiscuous mode [ 37.186965][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.194125][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.201281][ T3323] bridge_slave_0: entered allmulticast mode [ 37.207871][ T3323] bridge_slave_0: entered promiscuous mode [ 37.215232][ T3322] team0: Port device team_slave_0 added [ 37.222017][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.233858][ T3326] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.241090][ T3326] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.248451][ T3326] bridge_slave_0: entered allmulticast mode [ 37.254945][ T3326] bridge_slave_0: entered promiscuous mode [ 37.261363][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.268498][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.275831][ T3323] bridge_slave_1: entered allmulticast mode [ 37.282206][ T3323] bridge_slave_1: entered promiscuous mode [ 37.289358][ T3322] team0: Port device team_slave_1 added [ 37.296121][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.308086][ T3326] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.315228][ T3326] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.322500][ T3326] bridge_slave_1: entered allmulticast mode [ 37.329056][ T3326] bridge_slave_1: entered promiscuous mode [ 37.384865][ T3326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.395205][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.404581][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.411606][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.437627][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.449248][ T3317] team0: Port device team_slave_0 added [ 37.461346][ T3326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.471693][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.481015][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.488103][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.514132][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.525819][ T3317] team0: Port device team_slave_1 added [ 37.531514][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.538693][ T3319] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.546114][ T3319] bridge_slave_0: entered allmulticast mode [ 37.553145][ T3319] bridge_slave_0: entered promiscuous mode [ 37.584204][ T3319] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.591354][ T3319] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.598542][ T3319] bridge_slave_1: entered allmulticast mode [ 37.605173][ T3319] bridge_slave_1: entered promiscuous mode [ 37.623629][ T3323] team0: Port device team_slave_0 added [ 37.629616][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.636610][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.662550][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.679039][ T3326] team0: Port device team_slave_0 added [ 37.686187][ T3326] team0: Port device team_slave_1 added [ 37.692417][ T3323] team0: Port device team_slave_1 added [ 37.703491][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.710442][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.736380][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.770437][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.795908][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.803008][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.828983][ T3326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.841571][ T3326] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.848579][ T3326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.874678][ T3326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.886534][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.897958][ T3322] hsr_slave_0: entered promiscuous mode [ 37.904320][ T3322] hsr_slave_1: entered promiscuous mode [ 37.910626][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.917651][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.943658][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.962438][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.969439][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.995409][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.022616][ T3319] team0: Port device team_slave_0 added [ 38.033905][ T3317] hsr_slave_0: entered promiscuous mode [ 38.039960][ T3317] hsr_slave_1: entered promiscuous mode [ 38.045863][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 38.051587][ T3317] Cannot create hsr debugfs directory [ 38.064047][ T3319] team0: Port device team_slave_1 added [ 38.117601][ T3326] hsr_slave_0: entered promiscuous mode [ 38.123814][ T3326] hsr_slave_1: entered promiscuous mode [ 38.129753][ T3326] debugfs: 'hsr0' already exists in 'hsr' [ 38.135577][ T3326] Cannot create hsr debugfs directory [ 38.141240][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.148224][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.174299][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.190297][ T3323] hsr_slave_0: entered promiscuous mode [ 38.196535][ T3323] hsr_slave_1: entered promiscuous mode [ 38.202531][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 38.208315][ T3323] Cannot create hsr debugfs directory [ 38.214654][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.221612][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 38.247530][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.330699][ T3319] hsr_slave_0: entered promiscuous mode [ 38.336895][ T3319] hsr_slave_1: entered promiscuous mode [ 38.342667][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 38.348450][ T3319] Cannot create hsr debugfs directory [ 38.489882][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.506025][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.521120][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.529785][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 38.544196][ T3317] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.554220][ T3317] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.566181][ T3317] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.575634][ T3317] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.604190][ T3326] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 38.613515][ T3326] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 38.630179][ T3326] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 38.641142][ T3326] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 38.672113][ T3323] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.682244][ T3323] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.693180][ T3323] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.702241][ T3323] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.761028][ T3319] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.777095][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.785917][ T3319] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.797199][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.809155][ T3319] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.819773][ T3319] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.847366][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.860508][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.869402][ T2612] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.876496][ T2612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.889019][ T2612] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.896106][ T2612] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.911444][ T2612] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.918503][ T2612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.929774][ T3326] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.941903][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.949040][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.963986][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.981955][ T3323] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.999729][ T3326] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.015271][ T2612] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.022408][ T2612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.036907][ T2612] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.044080][ T2612] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.061164][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.068264][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.078569][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.085622][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.120953][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.183423][ T3319] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.198846][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.205968][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.223369][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.230514][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.264975][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.275333][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.346018][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.392952][ T3326] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.456426][ T3322] veth0_vlan: entered promiscuous mode [ 39.464329][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.475575][ T3322] veth1_vlan: entered promiscuous mode [ 39.507560][ T3323] veth0_vlan: entered promiscuous mode [ 39.535440][ T3322] veth0_macvtap: entered promiscuous mode [ 39.550658][ T3323] veth1_vlan: entered promiscuous mode [ 39.561477][ T3322] veth1_macvtap: entered promiscuous mode [ 39.589279][ T3317] veth0_vlan: entered promiscuous mode [ 39.601182][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.610461][ T3323] veth0_macvtap: entered promiscuous mode [ 39.622491][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.641229][ T3317] veth1_vlan: entered promiscuous mode [ 39.656165][ T3323] veth1_macvtap: entered promiscuous mode [ 39.670021][ T3319] veth0_vlan: entered promiscuous mode [ 39.691700][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.701797][ T3319] veth1_vlan: entered promiscuous mode [ 39.713645][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.725769][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.733308][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.750238][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.760120][ T3326] veth0_vlan: entered promiscuous mode [ 39.767237][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.784228][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.793003][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.802726][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.821095][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.830586][ T3326] veth1_vlan: entered promiscuous mode [ 39.837985][ T3317] veth0_macvtap: entered promiscuous mode [ 39.852180][ T3319] veth0_macvtap: entered promiscuous mode [ 39.864295][ T3317] veth1_macvtap: entered promiscuous mode [ 39.877274][ T3319] veth1_macvtap: entered promiscuous mode [ 39.889373][ T3326] veth0_macvtap: entered promiscuous mode [ 39.897009][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 39.917766][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.939390][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.956541][ T3326] veth1_macvtap: entered promiscuous mode [ 39.971667][ T1671] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.996714][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.010694][ T1671] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.028655][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.037739][ T1671] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.048137][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.080520][ T1671] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.095367][ T3326] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.109238][ T1671] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.155568][ T1671] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.201300][ T1671] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.216959][ T1671] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.231767][ T1671] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.242927][ T1671] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.252419][ T1671] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.263007][ T1671] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.296708][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 40.296797][ T29] audit: type=1400 audit(1768181014.148:105): avc: denied { execute } for pid=3515 comm="syz.0.16" name="file0" dev="tmpfs" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 40.333627][ T3518] process 'syz.0.16' launched './file0' with NULL argv: empty string added [ 40.367735][ T29] audit: type=1400 audit(1768181014.178:106): avc: denied { allowed } for pid=3517 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 40.386994][ T29] audit: type=1400 audit(1768181014.178:107): avc: denied { create } for pid=3517 comm="syz.4.5" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 40.407922][ T29] audit: type=1400 audit(1768181014.178:108): avc: denied { map } for pid=3517 comm="syz.4.5" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=4453 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 40.431759][ T29] audit: type=1400 audit(1768181014.178:109): avc: denied { read write } for pid=3517 comm="syz.4.5" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=4453 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 40.456361][ T29] audit: type=1400 audit(1768181014.198:110): avc: denied { execute_no_trans } for pid=3515 comm="syz.0.16" path="/3/file0" dev="tmpfs" ino=33 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 40.479444][ T29] audit: type=1400 audit(1768181014.208:111): avc: denied { create } for pid=3514 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 40.498804][ T29] audit: type=1400 audit(1768181014.208:112): avc: denied { write } for pid=3514 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 40.536502][ T29] audit: type=1400 audit(1768181014.288:113): avc: denied { setopt } for pid=3514 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 40.708896][ T29] audit: type=1400 audit(1768181014.558:114): avc: denied { block_suspend } for pid=3529 comm="syz.0.19" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 40.761389][ T3532] loop3: detected capacity change from 0 to 512 [ 40.816641][ T3532] ------------[ cut here ]------------ [ 40.822173][ T3532] EA inode 11 i_nlink=2 [ 40.822188][ T3532] WARNING: fs/ext4/xattr.c:1058 at ext4_xattr_inode_update_ref+0x2e6/0x320, CPU#0: syz.3.8/3532 [ 40.837045][ T3532] Modules linked in: [ 40.840986][ T3532] CPU: 0 UID: 0 PID: 3532 Comm: syz.3.8 Not tainted syzkaller #0 PREEMPT(voluntary) [ 40.850688][ T3532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 40.860799][ T3532] RIP: 0010:ext4_xattr_inode_update_ref+0x305/0x320 [ 40.867550][ T3532] Code: a1 e2 9c ff 4c 8d 2d da ed 20 05 49 8d 7e 40 e8 11 6d b8 ff 49 8b 6e 40 4c 89 e7 e8 25 68 b8 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 2b ff ff ff e8 1c 9c ba 03 66 66 66 2e 0f 1f 84 [ 40.887408][ T3532] RSP: 0018:ffffc900019f75a0 EFLAGS: 00010246 [ 40.893569][ T3532] RAX: ffff88811a214c90 RBX: ffff888107a63220 RCX: ffffffff81bb1deb [ 40.901582][ T3532] RDX: 0000000000000002 RSI: 000000000000000b RDI: ffffffff86dc0bb0 [ 40.909674][ T3532] RBP: 000000000000000b R08: 0001888107a631d3 R09: 0000000000000000 [ 40.917710][ T3532] R10: ffffc900019f74d0 R11: 0001c900019f74d0 R12: ffff888107a631d0 [ 40.925784][ T3532] R13: ffffffff86dc0bb0 R14: ffff888107a63188 R15: 0000000000000001 [ 40.933950][ T3532] FS: 00007f85875676c0(0000) GS:ffff8882aedc5000(0000) knlGS:0000000000000000 [ 40.942914][ T3532] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 40.949609][ T3532] CR2: ffffffffffffffe8 CR3: 000000011a172000 CR4: 00000000003506f0 [ 40.957623][ T3532] Call Trace: [ 40.960946][ T3532] [ 40.963942][ T3532] ext4_xattr_set_entry+0x77f/0x1020 [ 40.969322][ T3532] ext4_xattr_ibody_set+0x184/0x3c0 [ 40.974607][ T3532] ext4_expand_extra_isize_ea+0xcbb/0x11f0 [ 40.980507][ T3532] __ext4_expand_extra_isize+0x246/0x280 [ 40.986232][ T3532] __ext4_mark_inode_dirty+0x29d/0x3f0 [ 40.991872][ T3532] ext4_evict_inode+0x7c4/0xd40 [ 40.996818][ T3532] ? __pfx_ext4_evict_inode+0x10/0x10 [ 41.002414][ T3532] evict+0x2af/0x510 [ 41.006433][ T3532] ? __dquot_initialize+0x146/0x7c0 [ 41.011730][ T3532] iput+0x4bd/0x650 [ 41.015859][ T3532] ext4_process_orphan+0x1a9/0x1c0 [ 41.021115][ T3532] ext4_orphan_cleanup+0x6a8/0xa00 [ 41.026359][ T3532] ext4_fill_super+0x3411/0x37a0 [ 41.031334][ T3532] ? set_blocksize+0x1a8/0x310 [ 41.036268][ T3532] ? sb_set_blocksize+0xfc/0x170 [ 41.041260][ T3532] ? setup_bdev_super+0x30e/0x370 [ 41.046380][ T3532] ? __pfx_ext4_fill_super+0x10/0x10 [ 41.051700][ T3532] get_tree_bdev_flags+0x291/0x300 [ 41.056954][ T3532] ? __pfx_ext4_fill_super+0x10/0x10 [ 41.062282][ T3532] get_tree_bdev+0x1f/0x30 [ 41.066811][ T3532] ext4_get_tree+0x1c/0x30 [ 41.071259][ T3532] vfs_get_tree+0x57/0x1d0 [ 41.075731][ T3532] do_new_mount+0x24d/0x6a0 [ 41.080282][ T3532] path_mount+0x4ab/0xb80 [ 41.084716][ T3532] ? user_path_at+0xbf/0x130 [ 41.089462][ T3532] __se_sys_mount+0x28c/0x2e0 [ 41.094258][ T3532] __x64_sys_mount+0x67/0x80 [ 41.098891][ T3532] x64_sys_call+0x2cca/0x3000 [ 41.103709][ T3532] do_syscall_64+0xca/0x2b0 [ 41.108387][ T3532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 41.114409][ T3532] RIP: 0033:0x7f8588b00eea [ 41.118994][ T3532] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 41.138715][ T3532] RSP: 002b:00007f8587566e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 41.147200][ T3532] RAX: ffffffffffffffda RBX: 00007f8587566ef0 RCX: 00007f8588b00eea [ 41.155285][ T3532] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f8587566eb0 [ 41.163294][ T3532] RBP: 0000200000000180 R08: 00007f8587566ef0 R09: 0000000000800700 [ 41.171391][ T3532] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 41.179570][ T3532] R13: 00007f8587566eb0 R14: 000000000000046f R15: 000000000000002c [ 41.187716][ T3532] [ 41.191039][ T3532] ---[ end trace 0000000000000000 ]--- [ 41.204488][ T3532] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #18: comm syz.3.8: iget: bad extra_isize 90 (inode size 256) [ 41.234392][ T3532] EXT4-fs (loop3): Remounting filesystem read-only [ 41.241029][ T3532] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -30) [ 41.258523][ T3532] EXT4-fs (loop3): 1 orphan inode deleted [ 41.299874][ T3548] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12'. [ 41.309469][ T3532] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.362218][ T3548] netlink: 100 bytes leftover after parsing attributes in process `syz.2.12'. [ 41.450039][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.543895][ T3563] loop0: detected capacity change from 0 to 1024 [ 41.606468][ T3563] EXT4-fs: Ignoring removed nomblk_io_submit option [ 41.681338][ T3563] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 41.711987][ T3563] System zones: 0-1, 3-36 [ 41.787042][ T3563] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.836503][ T3563] ======================================================= [ 41.836503][ T3563] WARNING: The mand mount option has been deprecated and [ 41.836503][ T3563] and is ignored by this kernel. Remove the mand [ 41.836503][ T3563] option from the mount to silence this warning. [ 41.836503][ T3563] ======================================================= [ 41.931933][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.136239][ T3599] vlan2: entered allmulticast mode [ 42.171659][ T3599] bridge0: port 3(vlan2) entered blocking state [ 42.178074][ T3599] bridge0: port 3(vlan2) entered disabled state [ 42.194687][ T3599] vlan2: entered promiscuous mode [ 42.492051][ T3565] syz.3.20 (3565) used greatest stack depth: 7264 bytes left [ 42.549838][ T3625] loop4: detected capacity change from 0 to 512 [ 42.555382][ T3629] vlan2: entered allmulticast mode [ 42.572519][ T3629] bridge0: port 3(vlan2) entered blocking state [ 42.578975][ T3629] bridge0: port 3(vlan2) entered disabled state [ 42.609535][ T3625] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #18: comm syz.4.40: iget: bad extra_isize 90 (inode size 256) [ 42.622797][ T3629] vlan2: entered promiscuous mode [ 42.653605][ T3625] EXT4-fs (loop4): Remounting filesystem read-only [ 42.660337][ T3625] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30) [ 42.678538][ T3636] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 42.723943][ T3625] EXT4-fs (loop4): 1 orphan inode deleted [ 42.730278][ T3625] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.842808][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.127607][ T3670] bridge0: entered promiscuous mode [ 43.133010][ T3670] macsec1: entered promiscuous mode [ 43.140823][ T3670] bridge0: port 3(macsec1) entered blocking state [ 43.147462][ T3670] bridge0: port 3(macsec1) entered disabled state [ 43.156982][ T3671] loop4: detected capacity change from 0 to 2048 [ 43.176188][ T3670] macsec1: entered allmulticast mode [ 43.181548][ T3670] bridge0: entered allmulticast mode [ 43.188494][ T3670] macsec1: left allmulticast mode [ 43.193725][ T3670] bridge0: left allmulticast mode [ 43.200567][ T3670] bridge0: left promiscuous mode [ 43.216613][ T3308] loop4: p1 p2 p3 [ 43.236093][ T3671] loop4: p1 p2 p3 [ 43.265315][ T3671] netlink: 8 bytes leftover after parsing attributes in process `syz.4.59'. [ 43.325124][ T3680] vlan2: entered allmulticast mode [ 43.356340][ T3680] bridge0: port 3(vlan2) entered blocking state [ 43.362788][ T3680] bridge0: port 3(vlan2) entered disabled state [ 43.373826][ T3680] vlan2: entered promiscuous mode [ 43.420209][ T3686] loop2: detected capacity change from 0 to 1024 [ 43.431138][ T3687] bridge0: entered promiscuous mode [ 43.448117][ T3686] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.455096][ T3687] macsec1: entered promiscuous mode [ 43.469556][ T3687] bridge0: port 4(macsec1) entered blocking state [ 43.476097][ T3687] bridge0: port 4(macsec1) entered disabled state [ 43.484004][ T3693] netlink: 4 bytes leftover after parsing attributes in process `gtp'. [ 43.492856][ T3693] netlink: 4 bytes leftover after parsing attributes in process `gtp'. [ 43.512894][ T3686] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 43.522786][ T3686] System zones: 0-1, 3-36 [ 43.532398][ T3687] macsec1: entered allmulticast mode [ 43.537883][ T3687] bridge0: entered allmulticast mode [ 43.544152][ T3687] macsec1: left allmulticast mode [ 43.549243][ T3687] bridge0: left allmulticast mode [ 43.552717][ T3686] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.567171][ T3687] bridge0: left promiscuous mode [ 43.573216][ T3691] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 43.606516][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.672552][ T3698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.68'. [ 43.689952][ T3698] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 43.697793][ T3698] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 43.710124][ T3698] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 43.717600][ T3698] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 43.771391][ T3713] bridge0: entered promiscuous mode [ 43.785536][ T3715] loop2: detected capacity change from 0 to 2048 [ 43.792329][ T3713] macsec1: entered promiscuous mode [ 43.801299][ T3713] bridge0: port 4(macsec1) entered blocking state [ 43.807865][ T3713] bridge0: port 4(macsec1) entered disabled state [ 43.830339][ T3308] loop2: p1 p2 p3 [ 43.834052][ T3713] macsec1: entered allmulticast mode [ 43.839587][ T3713] bridge0: entered allmulticast mode [ 43.860291][ T3715] loop2: p1 p2 p3 [ 43.874200][ T3713] macsec1: left allmulticast mode [ 43.879395][ T3713] bridge0: left allmulticast mode [ 43.914117][ T3713] bridge0: left promiscuous mode [ 43.946658][ T3715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.76'. [ 43.977573][ T3720] vlan2: entered allmulticast mode [ 43.982860][ T3720] bridge0: port 3(vlan2) entered blocking state [ 43.989305][ T3720] bridge0: port 3(vlan2) entered disabled state [ 44.026565][ T3720] vlan2: entered promiscuous mode [ 44.128284][ T3729] loop1: detected capacity change from 0 to 2048 [ 44.175872][ T3310] loop1: p1 p2 p3 [ 44.193148][ T3729] loop1: p1 p2 p3 [ 44.203116][ T3729] netlink: 8 bytes leftover after parsing attributes in process `syz.1.91'. [ 44.271853][ T3739] loop4: detected capacity change from 0 to 1024 [ 44.299747][ T3739] EXT4-fs: Ignoring removed nomblk_io_submit option [ 44.334853][ T3739] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 44.360808][ T3739] System zones: 0-1, 3-36 [ 44.388353][ T3746] loop0: detected capacity change from 0 to 1024 [ 44.398739][ T3739] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.413662][ T3746] EXT4-fs: inline encryption not supported [ 44.470054][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.500097][ T3746] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.519658][ T3752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.89'. [ 44.547126][ T3759] bridge0: entered promiscuous mode [ 44.552585][ T3759] macsec1: entered promiscuous mode [ 44.565793][ T3746] EXT4-fs error (device loop0): mb_free_blocks:2037: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 44.577186][ T3759] bridge0: port 3(macsec1) entered blocking state [ 44.586962][ T3759] bridge0: port 3(macsec1) entered disabled state [ 44.594093][ T3746] EXT4-fs (loop0): Remounting filesystem read-only [ 44.601104][ T3759] macsec1: entered allmulticast mode [ 44.606478][ T3759] bridge0: entered allmulticast mode [ 44.612618][ T3759] macsec1: left allmulticast mode [ 44.617795][ T3759] bridge0: left allmulticast mode [ 44.625297][ T3759] bridge0: left promiscuous mode [ 44.633438][ T3752] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.640859][ T3752] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 44.648752][ T3752] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.656358][ T3752] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 44.680071][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.754331][ T3768] netlink: 12 bytes leftover after parsing attributes in process `syz.4.107'. [ 44.821601][ T3772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 44.849963][ T3772] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 44.860458][ T3771] loop3: detected capacity change from 0 to 2048 [ 44.915468][ T3308] loop3: p1 p2 p3 [ 44.942518][ T3771] loop3: p1 p2 p3 [ 44.977656][ T3784] syzkaller0: entered allmulticast mode [ 45.001842][ T3784] syzkaller0: entered promiscuous mode [ 45.013262][ T3784] syzkaller0 (unregistering): left allmulticast mode [ 45.020161][ T3784] syzkaller0 (unregistering): left promiscuous mode [ 45.076472][ T3540] udevd[3540]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 45.081215][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 45.096655][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 45.156332][ T3310] udevd[3310]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 45.166463][ T3540] udevd[3540]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 45.169674][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 45.225184][ T3797] bridge0: entered promiscuous mode [ 45.262741][ T3797] macsec1: entered promiscuous mode [ 45.281913][ T3797] bridge0: port 4(macsec1) entered blocking state [ 45.288583][ T3797] bridge0: port 4(macsec1) entered disabled state [ 45.313577][ T3797] macsec1: entered allmulticast mode [ 45.318969][ T3797] bridge0: entered allmulticast mode [ 45.342734][ T3797] macsec1: left allmulticast mode [ 45.348152][ T3797] bridge0: left allmulticast mode [ 45.364381][ T3797] bridge0: left promiscuous mode [ 45.443679][ T3808] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.465979][ T29] kauditd_printk_skb: 299 callbacks suppressed [ 45.465996][ T29] audit: type=1400 audit(1768181019.318:414): avc: denied { create } for pid=3793 comm="syz.3.105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 45.520187][ T3808] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.617590][ T3808] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.670936][ T29] audit: type=1400 audit(1768181019.358:415): avc: denied { connect } for pid=3813 comm="syz.0.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 45.690427][ T29] audit: type=1400 audit(1768181019.358:416): avc: denied { name_connect } for pid=3813 comm="syz.0.115" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 45.710521][ T29] audit: type=1400 audit(1768181019.388:417): avc: denied { listen } for pid=3813 comm="syz.0.115" lport=56134 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 45.733483][ T29] audit: type=1400 audit(1768181019.388:418): avc: denied { accept } for pid=3813 comm="syz.0.115" lport=56134 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 45.756790][ T29] audit: type=1400 audit(1768181019.388:419): avc: denied { write } for pid=3813 comm="syz.0.115" lport=56134 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 45.780217][ T29] audit: type=1400 audit(1768181019.388:420): avc: denied { setopt } for pid=3813 comm="syz.0.115" lport=56134 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 45.804091][ T29] audit: type=1326 audit(1768181019.458:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3816 comm="syz.0.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 45.827909][ T29] audit: type=1326 audit(1768181019.458:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3816 comm="syz.0.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 45.851285][ T29] audit: type=1326 audit(1768181019.468:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3816 comm="syz.0.116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f432da7de97 code=0x7ffc0000 [ 45.897467][ T3808] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.986409][ T1671] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.015654][ T1671] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.046307][ T1671] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.075042][ T1671] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.134218][ T3830] Invalid argument reading file caps for ./file0 [ 46.520617][ T3850] loop3: detected capacity change from 0 to 512 [ 46.538771][ T3855] mmap: syz.4.130 (3855) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 46.554297][ T3857] __nla_validate_parse: 2 callbacks suppressed [ 46.554315][ T3857] netlink: 4 bytes leftover after parsing attributes in process `syz.0.125'. [ 46.555331][ T3850] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 46.560511][ T3857] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 46.560533][ T3857] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 46.610344][ T3850] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 46.627183][ T3857] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 46.634785][ T3857] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 46.662882][ T3867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.134'. [ 46.672237][ T3850] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.127: bg 0: block 248: padding at end of block bitmap is not set [ 46.717729][ T3850] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.127: Failed to acquire dquot type 1 [ 46.733946][ T3850] EXT4-fs (loop3): 1 truncate cleaned up [ 46.744038][ T3850] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 46.791606][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 46.803401][ T126] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:5: Failed to release dquot type 1 [ 47.340336][ T36] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 47.363380][ T36] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 47.406591][ T3911] loop4: detected capacity change from 0 to 2048 [ 47.460208][ T3911] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.568450][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.584145][ T3922] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.656296][ T3922] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.718931][ T3922] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.774866][ T3922] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.874003][ T1671] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.895663][ T1671] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.907431][ T1671] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.925774][ T1671] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.945918][ T3935] loop2: detected capacity change from 0 to 512 [ 47.953086][ T3935] EXT4-fs: Ignoring removed bh option [ 47.962103][ T3935] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 47.984343][ T3935] EXT4-fs (loop2): 1 truncate cleaned up [ 47.993885][ T3935] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.025788][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.140163][ T3946] syz.2.160 uses obsolete (PF_INET,SOCK_PACKET) [ 48.300006][ T3956] loop4: detected capacity change from 0 to 1024 [ 48.314249][ T2970] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 48.348500][ T2970] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 48.369850][ T3958] loop3: detected capacity change from 0 to 2048 [ 48.415308][ T3958] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.496917][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.520462][ T3969] loop2: detected capacity change from 0 to 512 [ 48.538008][ T3969] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 48.558936][ T3969] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 48.583861][ T3969] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.181: bg 0: block 248: padding at end of block bitmap is not set [ 48.610222][ T3971] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.630497][ T3969] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.181: Failed to acquire dquot type 1 [ 48.649752][ T3969] EXT4-fs (loop2): 1 truncate cleaned up [ 48.656494][ T3969] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 48.694254][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 48.703814][ T3971] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.714627][ T126] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:5: Failed to release dquot type 1 [ 48.767863][ T3971] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.817173][ T3971] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 48.880553][ T126] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.899761][ T126] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.933418][ T126] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.951324][ T126] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 49.084749][ T3992] netlink: 64 bytes leftover after parsing attributes in process `syz.1.180'. [ 49.184974][ T3425] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 49.203237][ T4003] loop1: detected capacity change from 0 to 2048 [ 49.210913][ T3425] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 49.284868][ T4003] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.351964][ T4014] Driver unsupported XDP return value 0 on prog (id 160) dev N/A, expect packet loss! [ 49.451520][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.528651][ T4023] netlink: 4 bytes leftover after parsing attributes in process `syz.1.191'. [ 49.529214][ C1] hrtimer: interrupt took 33066 ns [ 49.579233][ T4034] netlink: 96 bytes leftover after parsing attributes in process `syz.2.196'. [ 49.677314][ T4037] netlink: 'syz.2.198': attribute type 1 has an invalid length. [ 50.565491][ T3425] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 50.582412][ T29] kauditd_printk_skb: 525 callbacks suppressed [ 50.582426][ T29] audit: type=1400 audit(1768181280.428:943): avc: denied { create } for pid=4050 comm="syz.3.203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 50.587490][ T4051] loop2: detected capacity change from 0 to 2048 [ 50.596630][ T29] audit: type=1400 audit(1768181280.438:944): avc: denied { read } for pid=4050 comm="syz.3.203" name="usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 50.611450][ T3425] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 50.614528][ T29] audit: type=1400 audit(1768181280.438:945): avc: denied { open } for pid=4050 comm="syz.3.203" path="/dev/usbmon7" dev="devtmpfs" ino=163 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 50.660890][ T29] audit: type=1400 audit(1768181280.508:946): avc: denied { ioctl } for pid=4050 comm="syz.3.203" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 50.754972][ T4065] netlink: 4 bytes leftover after parsing attributes in process `syz.0.212'. [ 50.766101][ T4051] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.895392][ T29] audit: type=1400 audit(1768181280.748:947): avc: denied { mounton } for pid=4072 comm="syz.3.209" path="/37/file0" dev="tmpfs" ino=217 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 50.939032][ T4078] loop1: detected capacity change from 0 to 512 [ 50.956377][ T4078] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 50.980690][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.009255][ T4078] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 51.063183][ T4082] loop2: detected capacity change from 0 to 512 [ 51.065250][ T4078] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.210: bg 0: block 248: padding at end of block bitmap is not set [ 51.098018][ T4078] Quota error (device loop1): write_blk: dquota write failed [ 51.105584][ T4078] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 51.120388][ T4078] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.210: Failed to acquire dquot type 1 [ 51.122077][ T4082] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #3: comm syz.2.211: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 51.141059][ T4078] EXT4-fs (loop1): 1 truncate cleaned up [ 51.152633][ T4082] EXT4-fs error (device loop2): ext4_quota_enable:7180: comm syz.2.211: Bad quota inode: 3, type: 0 [ 51.157025][ T4078] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 51.166879][ T4082] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 51.193608][ T4082] EXT4-fs (loop2): mount failed [ 51.221125][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 51.234532][ T126] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 51.243659][ T126] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:5: Failed to release dquot type 1 [ 51.289333][ T29] audit: type=1326 audit(1768181537.137:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4092 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd475f749 code=0x7ffc0000 [ 51.312939][ T29] audit: type=1326 audit(1768181537.137:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4092 comm="syz.2.215" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3dd475f749 code=0x7ffc0000 [ 51.502148][ T4107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.222'. [ 51.513857][ T4107] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 51.521298][ T4107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 51.531360][ T4107] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 51.539081][ T4107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 52.202636][ T4123] netlink: 12 bytes leftover after parsing attributes in process `syz.2.236'. [ 52.252886][ T4129] loop3: detected capacity change from 0 to 512 [ 52.282559][ T4129] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #3: comm syz.3.228: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 52.330488][ T4129] EXT4-fs error (device loop3): ext4_quota_enable:7180: comm syz.3.228: Bad quota inode: 3, type: 0 [ 52.362762][ T4145] loop4: detected capacity change from 0 to 512 [ 52.367836][ T4129] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 52.386330][ T4129] EXT4-fs (loop3): mount failed [ 52.391987][ T4145] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 52.426553][ T4145] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 52.455388][ T4145] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.225: bg 0: block 248: padding at end of block bitmap is not set [ 52.496789][ T4145] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.225: Failed to acquire dquot type 1 [ 52.509469][ T4145] EXT4-fs (loop4): 1 truncate cleaned up [ 52.515850][ T4145] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 52.563793][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 52.573519][ T37] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:2: Failed to release dquot type 1 [ 52.972730][ T4181] cgroup: fork rejected by pids controller in /syz3 [ 53.444359][ T5812] loop4: detected capacity change from 0 to 1024 [ 53.451344][ T5812] EXT4-fs: Ignoring removed nomblk_io_submit option [ 53.488429][ T5812] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e815c01c, mo2=0003] [ 53.505104][ T5812] System zones: 0-1, 3-36 [ 53.517683][ T5812] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.627971][ T3326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.779307][ T7853] loop3: detected capacity change from 0 to 128 [ 53.788669][ T10] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 53.889365][ T7849] loop0: detected capacity change from 0 to 2048 [ 53.933749][ T10] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 53.935231][ T7849] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.017110][ T7853] syz.3.255: attempt to access beyond end of device [ 54.017110][ T7853] loop3: rw=2049, sector=169, nr_sectors = 24 limit=128 [ 54.030721][ T7853] syz.3.255: attempt to access beyond end of device [ 54.030721][ T7853] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 54.044483][ T7853] syz.3.255: attempt to access beyond end of device [ 54.044483][ T7853] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 54.057931][ T7853] syz.3.255: attempt to access beyond end of device [ 54.057931][ T7853] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 54.073179][ T7853] syz.3.255: attempt to access beyond end of device [ 54.073179][ T7853] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 54.086769][ T7853] syz.3.255: attempt to access beyond end of device [ 54.086769][ T7853] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 54.100653][ T7853] syz.3.255: attempt to access beyond end of device [ 54.100653][ T7853] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 54.120080][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.125051][ T7864] netlink: 4 bytes leftover after parsing attributes in process `syz.2.258'. [ 54.143091][ T7865] netlink: 96 bytes leftover after parsing attributes in process `syz.1.257'. [ 54.164618][ T7853] syz.3.255: attempt to access beyond end of device [ 54.164618][ T7853] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 54.196682][ T7864] netlink: 12 bytes leftover after parsing attributes in process `syz.2.258'. [ 54.224041][ T7853] syz.3.255: attempt to access beyond end of device [ 54.224041][ T7853] loop3: rw=2049, sector=313, nr_sectors = 8 limit=128 [ 54.255276][ T7853] syz.3.255: attempt to access beyond end of device [ 54.255276][ T7853] loop3: rw=2049, sector=329, nr_sectors = 8 limit=128 [ 54.585696][ T7889] netlink: 240 bytes leftover after parsing attributes in process `syz.1.267'. [ 54.967392][ T7911] infiniband syz!: set active [ 54.972216][ T7911] infiniband syz!: added team_slave_0 [ 55.013900][ T7911] RDS/IB: syz!: added [ 55.017988][ T7911] smc: adding ib device syz! with port count 1 [ 55.024484][ T7911] smc: ib device syz! port 1 has no pnetid [ 55.114551][ T7925] netlink: 4 bytes leftover after parsing attributes in process `syz.4.281'. [ 55.129176][ T7925] team1: entered promiscuous mode [ 55.134375][ T7925] team1: entered allmulticast mode [ 55.140031][ T7925] 8021q: adding VLAN 0 to HW filter on device team1 [ 55.148331][ T7925] Zero length message leads to an empty skb [ 55.608973][ T7976] netlink: 240 bytes leftover after parsing attributes in process `syz.2.285'. [ 55.684100][ T29] kauditd_printk_skb: 129 callbacks suppressed [ 55.684118][ T29] audit: type=1400 audit(1768181541.537:1076): avc: denied { setopt } for pid=7981 comm="syz.3.295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 55.734189][ T7985] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 55.748668][ T29] audit: type=1326 audit(1768181541.587:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7983 comm="syz.3.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 55.772125][ T29] audit: type=1326 audit(1768181541.597:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7983 comm="syz.3.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 55.795649][ T29] audit: type=1326 audit(1768181541.597:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7983 comm="syz.3.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 55.819015][ T29] audit: type=1326 audit(1768181541.597:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7983 comm="syz.3.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 55.843923][ T29] audit: type=1326 audit(1768181541.597:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7988 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f615d72f749 code=0x7ffc0000 [ 55.867309][ T29] audit: type=1326 audit(1768181541.597:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7988 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f615d72f749 code=0x7ffc0000 [ 55.890822][ T29] audit: type=1326 audit(1768181541.697:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7988 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f615d72f749 code=0x7ffc0000 [ 55.904463][ T7990] loop1: detected capacity change from 0 to 512 [ 55.914582][ T29] audit: type=1326 audit(1768181541.697:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7983 comm="syz.3.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 55.943956][ T29] audit: type=1326 audit(1768181541.697:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7988 comm="syz.1.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f615d72f749 code=0x7ffc0000 [ 55.972309][ T7990] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.031376][ T7990] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4215: comm syz.1.298: Allocating blocks 41-42 which overlap fs metadata [ 56.059835][ T7990] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.298: Failed to acquire dquot type 1 [ 56.071407][ T7990] EXT4-fs error (device loop1): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 56.087854][ T7990] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.298: corrupted inode contents [ 56.099921][ T7990] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #12: comm syz.1.298: mark_inode_dirty error [ 56.111755][ T7990] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.298: corrupted inode contents [ 56.123791][ T7990] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #12: comm syz.1.298: mark_inode_dirty error [ 56.135733][ T7990] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.298: corrupted inode contents [ 56.147785][ T7990] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 56.156757][ T7990] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #12: comm syz.1.298: corrupted inode contents [ 56.168961][ T7990] EXT4-fs error (device loop1): ext4_truncate:4635: inode #12: comm syz.1.298: mark_inode_dirty error [ 56.180610][ T7990] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 56.190627][ T7990] EXT4-fs (loop1): 1 truncate cleaned up [ 56.196892][ T7990] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 56.268919][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.671999][ T8040] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 56.783582][ T8050] loop2: detected capacity change from 0 to 512 [ 56.791501][ T8050] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.875343][ T8050] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4215: comm syz.2.318: Allocating blocks 41-42 which overlap fs metadata [ 56.893161][ T8058] bridge0: port 3(gretap0) entered blocking state [ 56.899766][ T8058] bridge0: port 3(gretap0) entered disabled state [ 56.900452][ T8050] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4215: comm syz.2.318: Allocating blocks 41-42 which overlap fs metadata [ 56.928453][ T8062] atomic_op ffff8881193b6d28 conn xmit_atomic 0000000000000000 [ 56.940999][ T8058] gretap0: entered allmulticast mode [ 56.954775][ T8050] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.318: Failed to acquire dquot type 1 [ 56.954840][ T8058] gretap0: entered promiscuous mode [ 56.955436][ T8058] bridge0: port 3(gretap0) entered blocking state [ 56.977962][ T8058] bridge0: port 3(gretap0) entered forwarding state [ 57.007207][ T8064] gretap0: left allmulticast mode [ 57.012383][ T8064] gretap0: left promiscuous mode [ 57.017714][ T8064] bridge0: port 3(gretap0) entered disabled state [ 57.025538][ T8050] EXT4-fs error (device loop2): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 57.080954][ T8050] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.318: corrupted inode contents [ 57.122694][ T8074] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 57.137630][ T8050] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #12: comm syz.2.318: mark_inode_dirty error [ 57.154109][ T8050] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.318: corrupted inode contents [ 57.166704][ T8050] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #12: comm syz.2.318: mark_inode_dirty error [ 57.178760][ T8050] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.318: corrupted inode contents [ 57.190849][ T8050] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 57.199922][ T8050] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #12: comm syz.2.318: corrupted inode contents [ 57.212026][ T8050] EXT4-fs error (device loop2): ext4_truncate:4635: inode #12: comm syz.2.318: mark_inode_dirty error [ 57.223848][ T8050] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 57.233023][ T8050] EXT4-fs (loop2): 1 truncate cleaned up [ 57.239446][ T8050] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.336619][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.463135][ T8099] bridge0: port 4(gretap0) entered blocking state [ 57.469680][ T8099] bridge0: port 4(gretap0) entered disabled state [ 57.483455][ T8099] gretap0: entered allmulticast mode [ 57.504794][ T8099] gretap0: entered promiscuous mode [ 57.513553][ T8099] bridge0: port 4(gretap0) entered blocking state [ 57.520028][ T8099] bridge0: port 4(gretap0) entered forwarding state [ 57.555017][ T8105] gretap0: left allmulticast mode [ 57.560106][ T8105] gretap0: left promiscuous mode [ 57.565331][ T8105] bridge0: port 4(gretap0) entered disabled state [ 57.628225][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 57.674990][ T8119] netlink: 'syz.1.347': attribute type 4 has an invalid length. [ 57.817750][ T8126] loop3: detected capacity change from 0 to 512 [ 57.831463][ T8126] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.851403][ T8126] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.348: Allocating blocks 41-42 which overlap fs metadata [ 57.870662][ T8126] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4215: comm syz.3.348: Allocating blocks 41-42 which overlap fs metadata [ 57.884816][ T8126] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.348: Failed to acquire dquot type 1 [ 57.898729][ T8126] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 57.919234][ T8126] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.348: corrupted inode contents [ 57.931341][ T8126] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #12: comm syz.3.348: mark_inode_dirty error [ 57.943149][ T8126] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.348: corrupted inode contents [ 57.955491][ T8126] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #12: comm syz.3.348: mark_inode_dirty error [ 57.967827][ T8126] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.348: corrupted inode contents [ 57.980192][ T8126] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 57.989327][ T8126] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #12: comm syz.3.348: corrupted inode contents [ 58.003755][ T8126] EXT4-fs error (device loop3): ext4_truncate:4635: inode #12: comm syz.3.348: mark_inode_dirty error [ 58.015039][ T8126] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 58.024125][ T8124] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.350'. [ 58.033534][ T8126] EXT4-fs (loop3): 1 truncate cleaned up [ 58.039693][ T8126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.040425][ T8124] netlink: zone id is out of range [ 58.057586][ T8124] netlink: zone id is out of range [ 58.070390][ T8124] netlink: zone id is out of range [ 58.104604][ T8124] netlink: set zone limit has 8 unknown bytes [ 58.131729][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.240370][ T8153] netlink: 'syz.3.361': attribute type 4 has an invalid length. [ 58.358559][ T8163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.369640][ T8163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.921363][ T8195] netlink: 'syz.0.377': attribute type 4 has an invalid length. [ 59.786537][ T8246] loop2: detected capacity change from 0 to 1024 [ 59.814793][ T8246] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.403: bad orphan inode 134217728 [ 59.841415][ T8246] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 60.088547][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.141748][ T8278] loop0: detected capacity change from 0 to 1024 [ 60.151471][ T8278] EXT4-fs: Ignoring removed i_version option [ 60.157640][ T8278] EXT4-fs: Ignoring removed oldalloc option [ 60.163636][ T8278] EXT4-fs: Ignoring removed orlov option [ 60.169340][ T8278] EXT4-fs: Ignoring removed oldalloc option [ 60.175385][ T8278] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.195645][ T8278] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 60.240918][ T8284] syzkaller1: entered promiscuous mode [ 60.246737][ T8284] syzkaller1: entered allmulticast mode [ 60.256856][ T8278] EXT4-fs error (device loop0): ext4_xattr_set_entry:1669: inode #13: comm syz.0.418: corrupted xattr entries [ 60.292590][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.700137][ T29] kauditd_printk_skb: 1768 callbacks suppressed [ 60.700154][ T29] audit: type=1326 audit(1768181546.547:2843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8251 comm="syz.3.416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 60.734430][ T29] audit: type=1326 audit(1768181546.567:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8251 comm="syz.3.416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 60.757842][ T29] audit: type=1326 audit(1768181546.587:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8251 comm="syz.3.416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 60.781288][ T29] audit: type=1326 audit(1768181546.587:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8251 comm="syz.3.416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f8588aff749 code=0x7ffc0000 [ 60.816727][ T29] audit: type=1326 audit(1768181546.667:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8300 comm="syz.0.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 60.840338][ T29] audit: type=1326 audit(1768181546.667:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8300 comm="syz.0.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 60.913240][ T29] audit: type=1326 audit(1768181546.667:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8300 comm="syz.0.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 60.936697][ T29] audit: type=1326 audit(1768181546.667:2850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8300 comm="syz.0.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 60.960062][ T29] audit: type=1326 audit(1768181546.667:2851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8300 comm="syz.0.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 60.983457][ T29] audit: type=1326 audit(1768181546.727:2852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8300 comm="syz.0.436" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f432da7f749 code=0x7ffc0000 [ 61.415449][ T8322] syzkaller1: entered promiscuous mode [ 61.421075][ T8322] syzkaller1: entered allmulticast mode [ 61.701298][ T8330] program +}[@ is using a deprecated SCSI ioctl, please convert it to SG_IO [ 63.114825][ T8396] loop2: detected capacity change from 0 to 256 [ 63.128714][ T8396] FAT-fs (loop2): Directory bread(block 64) failed [ 63.135454][ T8396] FAT-fs (loop2): Directory bread(block 65) failed [ 63.142011][ T8396] FAT-fs (loop2): Directory bread(block 66) failed [ 63.153358][ T8396] FAT-fs (loop2): Directory bread(block 67) failed [ 63.160018][ T8396] FAT-fs (loop2): Directory bread(block 68) failed [ 63.170163][ T8396] FAT-fs (loop2): Directory bread(block 69) failed [ 63.180364][ T8396] FAT-fs (loop2): Directory bread(block 70) failed [ 63.208431][ T8396] FAT-fs (loop2): Directory bread(block 71) failed [ 63.221582][ T8396] FAT-fs (loop2): Directory bread(block 72) failed [ 63.237574][ T8396] FAT-fs (loop2): Directory bread(block 73) failed [ 63.272083][ T8396] bio_check_eod: 97 callbacks suppressed [ 63.272101][ T8396] syz.2.466: attempt to access beyond end of device [ 63.272101][ T8396] loop2: rw=8388608, sector=1736, nr_sectors = 8 limit=256 [ 63.425048][ T8410] loop2: detected capacity change from 0 to 128 [ 63.888473][ T8431] loop1: detected capacity change from 0 to 1024 [ 63.955292][ T8435] loop3: detected capacity change from 0 to 256 [ 63.982213][ T8435] FAT-fs (loop3): Directory bread(block 64) failed [ 63.988882][ T8435] FAT-fs (loop3): Directory bread(block 65) failed [ 64.005884][ T8431] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.483: bad orphan inode 134217728 [ 64.021255][ T8435] FAT-fs (loop3): Directory bread(block 66) failed [ 64.028576][ T8431] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.063460][ T8435] FAT-fs (loop3): Directory bread(block 67) failed [ 64.078326][ T8435] FAT-fs (loop3): Directory bread(block 68) failed [ 64.105159][ T8435] FAT-fs (loop3): Directory bread(block 69) failed [ 64.128692][ T8435] FAT-fs (loop3): Directory bread(block 70) failed [ 64.149743][ T8435] FAT-fs (loop3): Directory bread(block 71) failed [ 64.169952][ T8435] FAT-fs (loop3): Directory bread(block 72) failed [ 64.184201][ T8435] FAT-fs (loop3): Directory bread(block 73) failed [ 64.230698][ T8435] syz.3.486: attempt to access beyond end of device [ 64.230698][ T8435] loop3: rw=8388608, sector=1736, nr_sectors = 8 limit=256 [ 64.278946][ T8431] ================================================================== [ 64.287113][ T8431] BUG: KCSAN: data-race in filemap_read / filemap_read [ 64.294001][ T8431] [ 64.296349][ T8431] write to 0xffff8881276b1168 of 8 bytes by task 8439 on cpu 0: [ 64.304009][ T8431] filemap_read+0x974/0xa00 [ 64.308545][ T8431] generic_file_read_iter+0x79/0x330 [ 64.313915][ T8431] ext4_file_read_iter+0x1cc/0x290 [ 64.319091][ T8431] copy_splice_read+0x442/0x660 [ 64.323980][ T8431] splice_direct_to_actor+0x290/0x680 [ 64.329399][ T8431] do_splice_direct+0xda/0x150 [ 64.334187][ T8431] do_sendfile+0x380/0x650 [ 64.338630][ T8431] __x64_sys_sendfile64+0x105/0x150 [ 64.343881][ T8431] x64_sys_call+0x2db1/0x3000 [ 64.348607][ T8431] do_syscall_64+0xca/0x2b0 [ 64.353175][ T8431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.359107][ T8431] [ 64.361459][ T8431] write to 0xffff8881276b1168 of 8 bytes by task 8431 on cpu 1: [ 64.369117][ T8431] filemap_read+0x974/0xa00 [ 64.373660][ T8431] generic_file_read_iter+0x79/0x330 [ 64.379002][ T8431] ext4_file_read_iter+0x1cc/0x290 [ 64.384204][ T8431] copy_splice_read+0x442/0x660 [ 64.389079][ T8431] splice_direct_to_actor+0x290/0x680 [ 64.394494][ T8431] do_splice_direct+0xda/0x150 [ 64.399388][ T8431] do_sendfile+0x380/0x650 [ 64.403850][ T8431] __x64_sys_sendfile64+0x105/0x150 [ 64.409103][ T8431] x64_sys_call+0x2db1/0x3000 [ 64.413821][ T8431] do_syscall_64+0xca/0x2b0 [ 64.418385][ T8431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.424403][ T8431] [ 64.426755][ T8431] value changed: 0x00000000000002a4 -> 0x00000000000002a5 [ 64.433914][ T8431] [ 64.436255][ T8431] Reported by Kernel Concurrency Sanitizer on: [ 64.442437][ T8431] CPU: 1 UID: 0 PID: 8431 Comm: syz.1.483 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 64.453663][ T8431] Tainted: [W]=WARN [ 64.457489][ T8431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 64.467579][ T8431] ================================================================== [ 64.624705][ T3317] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.