last executing test programs: 1.097587904s ago: executing program 2 (id=437): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001ec0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r2, 0x1, 0x70bd25, 0x0, {{}, {}, {0x14, 0x19, {0x80000000, 0x4000001, 0x1, 0x5}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20040803}, 0x20000000) 975.488966ms ago: executing program 2 (id=444): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]}) fsetxattr$security_selinux(r2, &(0x7f0000000000), &(0x7f00000000c0)='system_u:object_r:semanage_exec_t:s0\x00', 0x25, 0x0) 893.249777ms ago: executing program 2 (id=449): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000a80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) syz_emit_ethernet(0x22, &(0x7f0000001b40)=ANY=[], 0x0) 784.172198ms ago: executing program 4 (id=454): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r2, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d) 764.644299ms ago: executing program 2 (id=455): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'caif0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="140002"], 0x48}}, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 742.549859ms ago: executing program 0 (id=458): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0xfffffffffffffffc}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80) 713.517039ms ago: executing program 4 (id=460): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff000060005400000000008000640"], 0x6c}}, 0x0) 638.148981ms ago: executing program 2 (id=463): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x10, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b88f8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b705000008000000a5000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/120, 0x78}) 613.407691ms ago: executing program 4 (id=464): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x4d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) 571.537061ms ago: executing program 3 (id=466): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)={0x14, 0x0, 0x4}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r1) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), r1) sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x10000000}, 0x800) 557.612412ms ago: executing program 2 (id=467): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r0}, 0x18) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x401, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x2}]}) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x8000000) close_range(r1, 0xffffffffffffffff, 0x0) 556.981372ms ago: executing program 4 (id=468): io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0) r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000340)="5825be57aff9352b356be67ca2746357d1787935589db15a23319e3f64fdf5f8", 0x20}], 0x1}}], 0x1, 0x840) 522.285872ms ago: executing program 3 (id=470): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) mount$9p_unix(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='.\x00', &(0x7f0000000280), 0x808008, &(0x7f0000000440)) 506.327872ms ago: executing program 4 (id=471): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r2, 0x2007ffb) sendfile(r1, r2, 0x0, 0x1000000201005) lseek(r0, 0x2, 0x4) 478.130823ms ago: executing program 0 (id=472): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) 454.897633ms ago: executing program 3 (id=474): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, 0x0, 0x111, 0xa}}, 0x20) 436.049834ms ago: executing program 1 (id=475): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read(r1, &(0x7f0000000200)=""/202, 0xca) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @time}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000000c0)={0x7, 0x2, {0x1, 0x2, 0x23, 0x7, 0x9}, 0x8003}) tkill(r0, 0x7) 432.228103ms ago: executing program 0 (id=476): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1, 0x0, 0xffffffff}, 0x18) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x4, 0x0, 0x0) munlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000) 412.073104ms ago: executing program 3 (id=477): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='kfree\x00', r1, 0x0, 0x8000}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000140)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x25dfdbfd, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x0, 0x0, 0x0, 0xffffffff}, {0x3, 0x4, 0x20, 0x1000000}, {0x0, 0x2}, {0x0, 0x0, 0x0, 0x2}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x7, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) 345.273335ms ago: executing program 3 (id=478): socket$packet(0x11, 0x2, 0x300) r0 = socket(0x200000000000011, 0x2, 0x1) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb08004500002c000000020011"], 0x0) syz_emit_ethernet(0x32, &(0x7f0000000300)=ANY=[@ANYBLOB="e90c630faca20180c20000000800450000240000e0000011"], 0x0) 344.868515ms ago: executing program 0 (id=479): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0x0) sendfile(r3, r2, &(0x7f0000002700)=0x1, 0x8) 344.544275ms ago: executing program 3 (id=480): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000000c0)={[{@data_err_ignore}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 344.059135ms ago: executing program 0 (id=481): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f0000000240)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES16, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000000)=0x1a, 0x4) 226.960857ms ago: executing program 1 (id=482): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xb3ad}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @hyper}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000840)='virtio_transport_alloc_pkt\x00', r1}, 0x18) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112) 189.351167ms ago: executing program 1 (id=483): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) socket$pppl2tp(0x18, 0x1, 0x1) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d40)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="0000ffffffffa000903626e43925", 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 185.124977ms ago: executing program 0 (id=484): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r2, 0x0, 0x4, 0x0, 0x0) 144.272087ms ago: executing program 1 (id=485): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000006940)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000003c0)=""/6, 0x6}], 0x1}, 0x8}], 0x1, 0x60, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r1, &(0x7f00000044c0), 0x4000000000001c0, 0x0) recvfrom(r2, &(0x7f0000000040)=""/60, 0x3c, 0x40, 0x0, 0x0) 102.030848ms ago: executing program 1 (id=486): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x2, &(0x7f0000002400)=0x0) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 61.656969ms ago: executing program 4 (id=487): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 0s ago: executing program 1 (id=488): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000380)={0x1}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000000)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x7, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x10}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.39' (ED25519) to the list of known hosts. [ 34.818856][ T29] audit: type=1400 audit(1748959418.368:62): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 34.820085][ T3306] cgroup: Unknown subsys name 'net' [ 34.841613][ T29] audit: type=1400 audit(1748959418.368:63): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.869025][ T29] audit: type=1400 audit(1748959418.398:64): avc: denied { unmount } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 34.970770][ T3306] cgroup: Unknown subsys name 'cpuset' [ 34.977136][ T3306] cgroup: Unknown subsys name 'rlimit' [ 35.129679][ T29] audit: type=1400 audit(1748959418.678:65): avc: denied { setattr } for pid=3306 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.153093][ T29] audit: type=1400 audit(1748959418.688:66): avc: denied { create } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.173566][ T29] audit: type=1400 audit(1748959418.688:67): avc: denied { write } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.193996][ T29] audit: type=1400 audit(1748959418.688:68): avc: denied { read } for pid=3306 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 35.214462][ T29] audit: type=1400 audit(1748959418.708:69): avc: denied { mounton } for pid=3306 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 35.239448][ T29] audit: type=1400 audit(1748959418.708:70): avc: denied { mount } for pid=3306 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 35.248114][ T3309] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 35.271629][ T29] audit: type=1400 audit(1748959418.828:71): avc: denied { relabelto } for pid=3309 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 35.313764][ T3306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 37.095216][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 37.112387][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 37.157313][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 37.220796][ T3320] chnl_net:caif_netlink_parms(): no params data found [ 37.239315][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.246624][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.254125][ T3316] bridge_slave_0: entered allmulticast mode [ 37.260700][ T3316] bridge_slave_0: entered promiscuous mode [ 37.269961][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.277032][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.284268][ T3316] bridge_slave_1: entered allmulticast mode [ 37.290962][ T3316] bridge_slave_1: entered promiscuous mode [ 37.297153][ T3325] chnl_net:caif_netlink_parms(): no params data found [ 37.309717][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.316934][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.324133][ T3317] bridge_slave_0: entered allmulticast mode [ 37.330715][ T3317] bridge_slave_0: entered promiscuous mode [ 37.355360][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.362500][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.369795][ T3317] bridge_slave_1: entered allmulticast mode [ 37.376104][ T3317] bridge_slave_1: entered promiscuous mode [ 37.419994][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.427114][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.434369][ T3322] bridge_slave_0: entered allmulticast mode [ 37.440771][ T3322] bridge_slave_0: entered promiscuous mode [ 37.447428][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.454536][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.461746][ T3322] bridge_slave_1: entered allmulticast mode [ 37.468274][ T3322] bridge_slave_1: entered promiscuous mode [ 37.475709][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.495866][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.506043][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.525551][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.541022][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.551343][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.594506][ T3320] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.601655][ T3320] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.609346][ T3320] bridge_slave_0: entered allmulticast mode [ 37.616209][ T3320] bridge_slave_0: entered promiscuous mode [ 37.622872][ T3325] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.630073][ T3325] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.637249][ T3325] bridge_slave_0: entered allmulticast mode [ 37.644114][ T3325] bridge_slave_0: entered promiscuous mode [ 37.650804][ T3325] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.657922][ T3325] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.665212][ T3325] bridge_slave_1: entered allmulticast mode [ 37.671661][ T3325] bridge_slave_1: entered promiscuous mode [ 37.683597][ T3316] team0: Port device team_slave_0 added [ 37.695020][ T3320] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.702199][ T3320] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.709385][ T3320] bridge_slave_1: entered allmulticast mode [ 37.716069][ T3320] bridge_slave_1: entered promiscuous mode [ 37.728103][ T3317] team0: Port device team_slave_0 added [ 37.734467][ T3316] team0: Port device team_slave_1 added [ 37.745472][ T3322] team0: Port device team_slave_0 added [ 37.762862][ T3317] team0: Port device team_slave_1 added [ 37.773934][ T3322] team0: Port device team_slave_1 added [ 37.795770][ T3325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.806333][ T3325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.815879][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.822943][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.848972][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.866421][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 37.886016][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.893081][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.919034][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.932585][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.939549][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 37.965630][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.977526][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 37.987082][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 37.994086][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.020114][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.036799][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.043889][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.070063][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.088931][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.096006][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.122106][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.133573][ T3325] team0: Port device team_slave_0 added [ 38.159777][ T3325] team0: Port device team_slave_1 added [ 38.176945][ T3320] team0: Port device team_slave_0 added [ 38.195049][ T3325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.202112][ T3325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.228328][ T3325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.241541][ T3316] hsr_slave_0: entered promiscuous mode [ 38.247709][ T3316] hsr_slave_1: entered promiscuous mode [ 38.254782][ T3320] team0: Port device team_slave_1 added [ 38.270700][ T3325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.277668][ T3325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.303762][ T3325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.344647][ T3322] hsr_slave_0: entered promiscuous mode [ 38.350856][ T3322] hsr_slave_1: entered promiscuous mode [ 38.356757][ T3322] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.364565][ T3322] Cannot create hsr debugfs directory [ 38.388971][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 38.396547][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.422615][ T3320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 38.435613][ T3317] hsr_slave_0: entered promiscuous mode [ 38.441795][ T3317] hsr_slave_1: entered promiscuous mode [ 38.447695][ T3317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.455384][ T3317] Cannot create hsr debugfs directory [ 38.468842][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 38.475911][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 38.501898][ T3320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 38.520449][ T3325] hsr_slave_0: entered promiscuous mode [ 38.526459][ T3325] hsr_slave_1: entered promiscuous mode [ 38.532442][ T3325] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.540307][ T3325] Cannot create hsr debugfs directory [ 38.595430][ T3320] hsr_slave_0: entered promiscuous mode [ 38.601579][ T3320] hsr_slave_1: entered promiscuous mode [ 38.607579][ T3320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 38.616209][ T3320] Cannot create hsr debugfs directory [ 38.777058][ T3322] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 38.785993][ T3322] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 38.800227][ T3322] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 38.811220][ T3322] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 38.830122][ T3325] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 38.843057][ T3325] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 38.861713][ T3325] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 38.872447][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 38.881954][ T3325] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 38.902045][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 38.921434][ T3320] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 38.933019][ T3320] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 38.942290][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 38.969867][ T3320] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 38.982893][ T3320] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 38.991835][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 39.011476][ T3317] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 39.032854][ T3325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.049862][ T3317] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 39.059088][ T3317] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 39.068701][ T3317] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 39.102452][ T3325] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.118470][ T797] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.125657][ T797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.136641][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.147504][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.154608][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.165019][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.201636][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.224391][ T797] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.231482][ T797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.240902][ T797] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.248119][ T797] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.266491][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.277563][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.296422][ T797] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.303631][ T797] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.326285][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.356584][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.363761][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.389201][ T3325] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.402128][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.409284][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.428927][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.436134][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.448262][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 39.466803][ T3317] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 39.477358][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.504871][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 39.520630][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 39.527791][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 39.538696][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 39.545801][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 39.575911][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.625199][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.636148][ T3325] veth0_vlan: entered promiscuous mode [ 39.666750][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.698876][ T3316] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 39.720589][ T3325] veth1_vlan: entered promiscuous mode [ 39.752776][ T3325] veth0_macvtap: entered promiscuous mode [ 39.778699][ T3320] veth0_vlan: entered promiscuous mode [ 39.789438][ T3325] veth1_macvtap: entered promiscuous mode [ 39.824943][ T3320] veth1_vlan: entered promiscuous mode [ 39.848867][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.864479][ T3322] veth0_vlan: entered promiscuous mode [ 39.872826][ T3325] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.882330][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 39.893466][ T3320] veth0_macvtap: entered promiscuous mode [ 39.907700][ T3325] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.916547][ T3325] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.925379][ T3325] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.934312][ T3325] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.949139][ T3320] veth1_macvtap: entered promiscuous mode [ 39.957988][ T3322] veth1_vlan: entered promiscuous mode [ 39.993292][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 39.993311][ T29] audit: type=1400 audit(1748959423.548:81): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/root/syzkaller.MNKUNV/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 40.028467][ T3322] veth0_macvtap: entered promiscuous mode [ 40.043303][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.051753][ T3322] veth1_macvtap: entered promiscuous mode [ 40.073621][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.083543][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.093543][ T3320] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.102472][ T3320] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.111342][ T3320] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.120199][ T3320] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.130103][ T29] audit: type=1400 audit(1748959423.548:82): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 40.152238][ T29] audit: type=1400 audit(1748959423.548:83): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/root/syzkaller.MNKUNV/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 40.177579][ T29] audit: type=1400 audit(1748959423.548:84): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 40.199380][ T29] audit: type=1400 audit(1748959423.548:85): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/root/syzkaller.MNKUNV/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 40.216435][ T3316] veth0_vlan: entered promiscuous mode [ 40.226082][ T29] audit: type=1400 audit(1748959423.548:86): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/root/syzkaller.MNKUNV/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 40.236082][ T3316] veth1_vlan: entered promiscuous mode [ 40.258736][ T29] audit: type=1400 audit(1748959423.548:87): avc: denied { unmount } for pid=3325 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 40.281005][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.283942][ T29] audit: type=1400 audit(1748959423.578:88): avc: denied { mounton } for pid=3325 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 40.305504][ T3317] veth0_vlan: entered promiscuous mode [ 40.313791][ T29] audit: type=1400 audit(1748959423.578:89): avc: denied { mount } for pid=3325 comm="syz-executor" name="/" dev="gadgetfs" ino=4154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 40.330859][ T3322] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.350477][ T3322] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.359185][ T3322] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.367918][ T3322] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.378406][ T3325] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 40.398353][ T3317] veth1_vlan: entered promiscuous mode [ 40.410750][ T29] audit: type=1400 audit(1748959423.958:90): avc: denied { read write } for pid=3325 comm="syz-executor" name="loop1" dev="devtmpfs" ino=101 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 40.428316][ T3316] veth0_macvtap: entered promiscuous mode [ 40.465935][ T3317] veth0_macvtap: entered promiscuous mode [ 40.477894][ T3316] veth1_macvtap: entered promiscuous mode [ 40.489497][ T3317] veth1_macvtap: entered promiscuous mode [ 40.496172][ T3461] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2'. [ 40.520022][ T3461] 8021q: adding VLAN 0 to HW filter on device bond1 [ 40.531053][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.552465][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 40.583426][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.607196][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 40.618548][ T3316] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.627401][ T3316] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.636220][ T3316] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.645015][ T3316] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.672704][ T3317] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.681548][ T3317] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.690609][ T3317] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 40.699478][ T3317] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 41.262180][ T3525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.27'. [ 41.271115][ T3525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.27'. [ 41.288447][ T3523] vhci_hcd: default hub control req: 0436 vdd80 i0002 l0 [ 41.383608][ T3533] mmap: syz.2.31 (3533) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 41.889427][ T3579] Illegal XDP return value 3579 on prog (id 36) dev N/A, expect packet loss! [ 42.082348][ T3581] SELinux: failed to load policy [ 42.199074][ T3600] loop1: detected capacity change from 0 to 1024 [ 42.210134][ T3604] netlink: 'syz.4.50': attribute type 21 has an invalid length. [ 42.288070][ T3600] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.469408][ T3325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.529491][ T3635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.64'. [ 42.624910][ T3641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66'. [ 42.641245][ T3639] netlink: 14 bytes leftover after parsing attributes in process `syz.3.65'. [ 42.661582][ T3641] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 42.670468][ T3641] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 42.679230][ T3641] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 42.688036][ T3641] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 42.722567][ T3641] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 42.731582][ T3641] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 42.740580][ T3641] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 42.749752][ T3641] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 42.786546][ T3646] SELinux: syz.1.69 (3646) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 42.839937][ T3641] Zero length message leads to an empty skb [ 42.866057][ T3641] syz.0.66 (3641) used greatest stack depth: 10344 bytes left [ 42.936327][ T3663] loop0: detected capacity change from 0 to 164 [ 42.972376][ T3663] process 'syz.0.75' launched '/dev/fd/5' with NULL argv: empty string added [ 42.999293][ T3663] syz.0.75: attempt to access beyond end of device [ 42.999293][ T3663] loop0: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 43.049739][ T3663] syz.0.75: attempt to access beyond end of device [ 43.049739][ T3663] loop0: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 43.226399][ T3685] netlink: 'syz.0.86': attribute type 10 has an invalid length. [ 43.244306][ T3685] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.244585][ T3685] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.255216][ T3685] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.255257][ T3685] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.255373][ T3685] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.255403][ T3685] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.257396][ T3685] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 43.310960][ T3694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.91'. [ 43.324674][ T3698] 9pnet: p9_errstr2errno: server reported unknown error @L O! [ 43.386569][ T3702] netlink: 'syz.3.93': attribute type 10 has an invalid length. [ 43.392730][ T3702] batman_adv: batadv0: Adding interface: team0 [ 43.392746][ T3702] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.392845][ T3702] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 43.414535][ T3702] netlink: 'syz.3.93': attribute type 10 has an invalid length. [ 43.445202][ T3706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.96'. [ 43.448530][ T3702] netlink: 2 bytes leftover after parsing attributes in process `syz.3.93'. [ 43.500588][ T3702] team0: entered promiscuous mode [ 43.500609][ T3702] team_slave_0: entered promiscuous mode [ 43.500832][ T3702] team_slave_1: entered promiscuous mode [ 43.502039][ T3702] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.502437][ T3702] batman_adv: batadv0: Interface activated: team0 [ 43.502483][ T3702] batman_adv: batadv0: Interface deactivated: team0 [ 43.502506][ T3702] batman_adv: batadv0: Removing interface: team0 [ 43.515551][ T3702] bridge0: port 3(team0) entered blocking state [ 43.515602][ T3702] bridge0: port 3(team0) entered disabled state [ 43.515731][ T3702] team0: entered allmulticast mode [ 43.515750][ T3702] team_slave_0: entered allmulticast mode [ 43.515769][ T3702] team_slave_1: entered allmulticast mode [ 43.517349][ T3702] bridge0: port 3(team0) entered blocking state [ 43.517386][ T3702] bridge0: port 3(team0) entered forwarding state [ 43.653790][ T3722] loop3: detected capacity change from 0 to 512 [ 43.674266][ T3722] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 43.674364][ T3722] EXT4-fs (loop3): orphan cleanup on readonly fs [ 43.679930][ T3722] EXT4-fs error (device loop3): ext4_quota_enable:7124: inode #15: comm syz.3.102: iget: bad i_size value: 360287970189639690 [ 43.681022][ T3722] EXT4-fs error (device loop3): ext4_quota_enable:7127: comm syz.3.102: Bad quota inode: 15, type: 2 [ 43.681156][ T3722] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix. [ 43.681421][ T3722] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 43.681833][ T3722] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.727783][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.880950][ T3737] serio: Serial port ptm1 [ 44.236549][ T3756] loop2: detected capacity change from 0 to 1024 [ 44.252895][ T3756] ======================================================= [ 44.252895][ T3756] WARNING: The mand mount option has been deprecated and [ 44.252895][ T3756] and is ignored by this kernel. Remove the mand [ 44.252895][ T3756] option from the mount to silence this warning. [ 44.252895][ T3756] ======================================================= [ 44.297741][ T3756] EXT4-fs: Ignoring removed nobh option [ 44.305596][ T3756] EXT4-fs: Ignoring removed bh option [ 44.311196][ T3756] EXT4-fs: Ignoring removed bh option [ 44.458097][ T3766] loop4: detected capacity change from 0 to 128 [ 44.485831][ T3766] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 44.498697][ T3766] ext4 filesystem being mounted at /23/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 44.558338][ T3756] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.613855][ T3756] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.117: Allocating blocks 497-513 which overlap fs metadata [ 44.707036][ T3317] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 44.782641][ T3778] syz.0.127 uses obsolete (PF_INET,SOCK_PACKET) [ 44.800079][ T3756] EXT4-fs (loop2): pa ffff8881006530e0: logic 256, phys. 385, len 8 [ 44.808349][ T3756] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 44.876412][ T3755] EXT4-fs error (device loop2): mb_free_blocks:1948: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 44.928713][ T3788] netlink: 44 bytes leftover after parsing attributes in process `syz.4.130'. [ 44.962311][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.043424][ T29] kauditd_printk_skb: 186 callbacks suppressed [ 45.043501][ T29] audit: type=1400 audit(1748959428.598:277): avc: denied { name_bind } for pid=3793 comm="syz.4.133" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 45.089908][ T29] audit: type=1400 audit(1748959428.598:278): avc: denied { node_bind } for pid=3793 comm="syz.4.133" saddr=224.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 45.164847][ T29] audit: type=1400 audit(1748959428.718:279): avc: denied { mount } for pid=3805 comm="syz.0.138" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 45.221244][ T3809] ALSA: seq fatal error: cannot create timer (-22) [ 45.248432][ T3813] loop2: detected capacity change from 0 to 128 [ 45.268354][ T29] audit: type=1400 audit(1748959428.818:280): avc: denied { mount } for pid=3812 comm="syz.2.141" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 45.319208][ T29] audit: type=1400 audit(1748959428.818:281): avc: denied { sys_module } for pid=3812 comm="syz.2.141" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 45.340440][ T29] audit: type=1400 audit(1748959428.818:282): avc: denied { module_load } for pid=3812 comm="syz.2.141" path="/23/file1/bus" dev="loop2" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=system permissive=1 [ 45.363559][ T29] audit: type=1400 audit(1748959428.848:283): avc: denied { unmount } for pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 45.445710][ T29] audit: type=1400 audit(1748959428.998:284): avc: denied { write } for pid=3823 comm="syz.1.143" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 45.480948][ T29] audit: type=1400 audit(1748959429.028:285): avc: denied { ioctl } for pid=3825 comm="syz.4.147" path="/dev/virtual_nci" dev="devtmpfs" ino=132 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 45.595163][ T3835] loop0: detected capacity change from 0 to 1024 [ 45.621595][ T3835] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.621705][ T29] audit: type=1400 audit(1748959429.178:286): avc: denied { read } for pid=3836 comm="syz.4.151" name="sg0" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 45.695222][ T3839] IPVS: stopping master sync thread 3843 ... [ 45.701808][ T3843] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 45.730177][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.732590][ T3848] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 45.897033][ T3864] __nla_validate_parse: 3 callbacks suppressed [ 45.897053][ T3864] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'. [ 45.912992][ T3864] netlink: 4 bytes leftover after parsing attributes in process `syz.1.161'. [ 45.940220][ T3866] raw_sendmsg: syz.0.162 forgot to set AF_INET. Fix it! [ 46.051554][ T3864] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.060410][ T3864] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.069180][ T3864] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.077989][ T3864] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.232393][ T3903] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 46.309478][ T3913] netlink: 256 bytes leftover after parsing attributes in process `syz.0.183'. [ 46.420565][ T3925] loop1: detected capacity change from 0 to 512 [ 46.444407][ T3925] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 46.457618][ T3925] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 46.481420][ T3925] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 46.499933][ T3925] EXT4-fs (loop1): 1 truncate cleaned up [ 46.507212][ T3925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.539204][ T3325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.722862][ T3940] loop0: detected capacity change from 0 to 1024 [ 46.733501][ T3940] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 46.746183][ T3940] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.193: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 46.767192][ T3940] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.193: couldn't read orphan inode 11 (err -117) [ 46.780925][ T3940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.797898][ T3940] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.193: Invalid block bitmap block 0 in block_group 0 [ 46.812626][ T3940] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.193: Failed to acquire dquot type 0 [ 46.828845][ T3940] syz.0.193 (3940) used greatest stack depth: 9816 bytes left [ 46.843935][ T3947] loop1: detected capacity change from 0 to 512 [ 46.852368][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.874047][ T3949] netlink: 32 bytes leftover after parsing attributes in process `syz.0.197'. [ 46.883033][ T3949] netem: unknown loss type 13 [ 46.886687][ T3947] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.887735][ T3949] netem: change failed [ 46.902492][ T3947] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 46.926179][ T3947] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #18: comm syz.1.196: corrupted inode contents [ 46.966803][ T3947] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #18: comm syz.1.196: mark_inode_dirty error [ 46.988174][ T3947] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #18: comm syz.1.196: corrupted inode contents [ 47.020788][ T3947] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #18: comm syz.1.196: mark_inode_dirty error [ 47.056498][ T3947] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #18: comm syz.1.196: mark inode dirty (error -117) [ 47.070812][ T3947] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117) [ 47.088064][ T3965] SELinux: Context is not valid (left unmapped). [ 47.102294][ T3963] Falling back ldisc for ptm0. [ 47.114275][ T3325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.166739][ T3968] bond_slave_1: entered promiscuous mode [ 47.167655][ T3971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.205'. [ 47.176024][ T3967] bond_slave_1: left promiscuous mode [ 47.189651][ T3971] ip6gre1: entered allmulticast mode [ 47.277074][ T3981] netlink: 35 bytes leftover after parsing attributes in process `syz.3.212'. [ 47.286058][ T3981] netlink: 8 bytes leftover after parsing attributes in process `syz.3.212'. [ 47.359045][ T3986] netlink: 'syz.1.214': attribute type 13 has an invalid length. [ 47.421210][ T3995] loop4: detected capacity change from 0 to 256 [ 47.477960][ T3986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 47.493781][ T3998] netlink: 20 bytes leftover after parsing attributes in process `syz.3.220'. [ 47.504408][ T3995] FAT-fs (loop4): Directory bread(block 64) failed [ 47.519801][ T3995] FAT-fs (loop4): Directory bread(block 65) failed [ 47.527224][ T4000] loop0: detected capacity change from 0 to 1024 [ 47.536627][ T3995] FAT-fs (loop4): Directory bread(block 66) failed [ 47.551943][ T4002] loop3: detected capacity change from 0 to 128 [ 47.552833][ T4000] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 47.565806][ T3995] FAT-fs (loop4): Directory bread(block 67) failed [ 47.595774][ T3995] FAT-fs (loop4): Directory bread(block 68) failed [ 47.605332][ T3995] FAT-fs (loop4): Directory bread(block 69) failed [ 47.615381][ T3995] FAT-fs (loop4): Directory bread(block 70) failed [ 47.622383][ T3995] FAT-fs (loop4): Directory bread(block 71) failed [ 47.628992][ T3995] FAT-fs (loop4): Directory bread(block 72) failed [ 47.637430][ T3995] FAT-fs (loop4): Directory bread(block 73) failed [ 47.670246][ T3995] syz.4.218: attempt to access beyond end of device [ 47.670246][ T3995] loop4: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 47.732955][ T4012] block device autoloading is deprecated and will be removed. [ 47.741186][ T4012] syz.4.227: attempt to access beyond end of device [ 47.741186][ T4012] md33: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 47.775583][ T4014] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 47.856663][ T4022] loop1: detected capacity change from 0 to 1024 [ 47.863273][ T4024] loop4: detected capacity change from 0 to 1024 [ 47.877743][ T4022] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 47.889065][ T4022] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 47.891019][ T4024] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 47.920075][ T4024] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.233: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 47.946331][ T4022] JBD2: no valid journal superblock found [ 47.952148][ T4022] EXT4-fs (loop1): Could not load journal inode [ 47.981307][ T4024] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.233: couldn't read orphan inode 11 (err -117) [ 48.041706][ T4024] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.106962][ T4032] loop1: detected capacity change from 0 to 1024 [ 48.114296][ T4032] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 48.167126][ T4024] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.233: Invalid block bitmap block 0 in block_group 0 [ 48.167770][ T4040] loop0: detected capacity change from 0 to 256 [ 48.221423][ T4024] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.233: Failed to acquire dquot type 0 [ 48.241187][ T4040] FAT-fs (loop0): Directory bread(block 64) failed [ 48.247987][ T4040] FAT-fs (loop0): Directory bread(block 65) failed [ 48.267511][ T3317] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.274526][ T4040] FAT-fs (loop0): Directory bread(block 66) failed [ 48.290363][ T4043] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.239'. [ 48.309700][ T4040] FAT-fs (loop0): Directory bread(block 67) failed [ 48.319964][ T4040] FAT-fs (loop0): Directory bread(block 68) failed [ 48.326571][ T4040] FAT-fs (loop0): Directory bread(block 69) failed [ 48.339560][ T4042] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.239'. [ 48.369705][ T4040] FAT-fs (loop0): Directory bread(block 70) failed [ 48.380128][ T4040] FAT-fs (loop0): Directory bread(block 71) failed [ 48.386814][ T4040] FAT-fs (loop0): Directory bread(block 72) failed [ 48.409047][ T4040] FAT-fs (loop0): Directory bread(block 73) failed [ 48.449713][ T4054] 9pnet: p9_errstr2errno: server reported unknown error @L  [ 48.464155][ T4040] syz.0.238: attempt to access beyond end of device [ 48.464155][ T4040] loop0: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 48.483700][ T4056] loop1: detected capacity change from 0 to 512 [ 48.504402][ T4056] EXT4-fs: Ignoring removed nobh option [ 48.517776][ T4056] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 48.530354][ T4056] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.245: attempt to clear invalid blocks 2 len 1 [ 48.601769][ T4056] EXT4-fs (loop1): Remounting filesystem read-only [ 48.609301][ T4065] netlink: 'syz.4.249': attribute type 39 has an invalid length. [ 48.634878][ T4056] EXT4-fs (loop1): 1 truncate cleaned up [ 48.657495][ T4056] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.746016][ T3325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.822066][ T4086] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 48.901595][ T4090] loop3: detected capacity change from 0 to 512 [ 48.918162][ T4090] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.928934][ T4092] gtp0: entered allmulticast mode [ 48.935994][ T4090] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.952715][ T4090] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.967211][ T4090] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.261: corrupted xattr block 19: overlapping e_value [ 49.001891][ T4090] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 49.018351][ T4090] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.261: corrupted xattr block 19: overlapping e_value [ 49.033689][ T4090] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 49.044617][ T4090] EXT4-fs error (device loop3): ext4_xattr_block_get:593: inode #15: comm syz.3.261: corrupted xattr block 19: overlapping e_value [ 49.099210][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.229320][ T4115] loop3: detected capacity change from 0 to 2048 [ 49.247131][ T4116] loop1: detected capacity change from 0 to 128 [ 49.270818][ T4116] vfat: Unknown parameter '' [ 49.302141][ T4115] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.323162][ T4115] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 49.370789][ T4115] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 3 with error 28 [ 49.383284][ T4115] EXT4-fs (loop3): This should not happen!! Data will be lost [ 49.383284][ T4115] [ 49.393086][ T4115] EXT4-fs (loop3): Total free blocks count 0 [ 49.399163][ T4115] EXT4-fs (loop3): Free/Dirty block details [ 49.405260][ T4115] EXT4-fs (loop3): free_blocks=2415919104 [ 49.411050][ T4115] EXT4-fs (loop3): dirty_blocks=16 [ 49.416217][ T4115] EXT4-fs (loop3): Block reservation details [ 49.422281][ T4115] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 49.448376][ T4115] syz.3.271 (4115) used greatest stack depth: 9640 bytes left [ 49.456400][ T12] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 49.500048][ T4131] netlink: 'syz.3.277': attribute type 13 has an invalid length. [ 49.553454][ T4131] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 49.616811][ T4138] loop4: detected capacity change from 0 to 2048 [ 49.661180][ T3537] loop4: p1 < > p4 [ 49.667031][ T3537] loop4: p4 size 8388608 extends beyond EOD, truncated [ 49.676731][ T4138] loop4: p1 < > p4 [ 49.684003][ T4138] loop4: p4 size 8388608 extends beyond EOD, truncated [ 49.893129][ T4167] loop3: detected capacity change from 0 to 512 [ 49.909978][ T4167] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 49.938063][ T4167] EXT4-fs (loop3): 1 truncate cleaned up [ 49.945347][ T4167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.997546][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.052436][ T4180] loop3: detected capacity change from 0 to 512 [ 50.060450][ T4180] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 50.089001][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 50.089018][ T29] audit: type=1400 audit(1748959433.638:460): avc: denied { append } for pid=4183 comm="syz.1.302" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 50.119964][ T4182] ipvlan2: entered promiscuous mode [ 50.121975][ T4180] EXT4-fs (loop3): 1 truncate cleaned up [ 50.126293][ T4182] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 50.134563][ T4180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.223621][ T29] audit: type=1400 audit(1748959433.778:461): avc: denied { audit_write } for pid=4190 comm="syz.2.305" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 50.255015][ T29] audit: type=1107 audit(1748959433.778:462): pid=4190 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 50.307171][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.336130][ T4198] loop0: detected capacity change from 0 to 512 [ 50.382124][ T4198] EXT4-fs error (device loop0): ext4_iget_extra_inode:5035: inode #15: comm syz.0.308: corrupted in-inode xattr: invalid ea_ino [ 50.397888][ T4196] loop2: detected capacity change from 0 to 2048 [ 50.426965][ T4196] EXT4-fs: Ignoring removed mblk_io_submit option [ 50.443153][ T4198] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.308: couldn't read orphan inode 15 (err -117) [ 50.455899][ T4198] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.476663][ T4203] capability: warning: `syz.3.309' uses deprecated v2 capabilities in a way that may be insecure [ 50.487402][ T29] audit: type=1400 audit(1748959434.028:463): avc: denied { setattr } for pid=4197 comm="syz.0.308" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 50.488304][ T4196] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.548412][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.637019][ T29] audit: type=1400 audit(1748959434.188:464): avc: denied { ioctl } for pid=4195 comm="syz.2.306" path="/52/file1/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.637047][ T4196] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.306: bg 0: block 234: padding at end of block bitmap is not set [ 50.659749][ T29] audit: type=1326 audit(1748959434.188:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4210 comm="syz.3.313" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f417e12e969 code=0x0 [ 50.659787][ T29] audit: type=1400 audit(1748959434.188:466): avc: denied { write } for pid=4195 comm="syz.2.306" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 50.697618][ T4216] sd 0:0:1:0: device reset [ 50.728733][ T4196] EXT4-fs (loop2): Remounting filesystem read-only [ 50.772414][ T4221] SELinux: syz.4.316 (4221) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 50.828404][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.880563][ T29] audit: type=1400 audit(1748959434.438:467): avc: denied { write } for pid=4230 comm="syz.2.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 50.916716][ T29] audit: type=1400 audit(1748959434.438:468): avc: denied { connect } for pid=4230 comm="syz.2.320" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 50.936269][ T29] audit: type=1400 audit(1748959434.438:469): avc: denied { name_connect } for pid=4230 comm="syz.2.320" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 51.117357][ T4257] loop4: detected capacity change from 0 to 256 [ 51.133632][ T4257] FAT-fs (loop4): bogus number of FAT sectors [ 51.139882][ T4257] FAT-fs (loop4): Can't find a valid FAT filesystem [ 51.282357][ T4270] loop1: detected capacity change from 0 to 256 [ 51.329235][ T4270] syz.1.336: attempt to access beyond end of device [ 51.329235][ T4270] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 51.397271][ T4279] ipvlan2: entered promiscuous mode [ 51.410825][ T4279] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 51.484668][ T4291] SELinux: syz.1.345 (4291) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 52.095725][ C0] hrtimer: interrupt took 30192 ns [ 52.291329][ T4384] loop1: detected capacity change from 0 to 1024 [ 52.331406][ T4384] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.504391][ T3325] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.691668][ T4432] __nla_validate_parse: 1 callbacks suppressed [ 52.691687][ T4432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.404'. [ 52.800438][ T4445] netlink: 'syz.2.410': attribute type 4 has an invalid length. [ 52.816699][ T4443] netlink: 44 bytes leftover after parsing attributes in process `syz.1.412'. [ 52.870242][ T4443] netlink: 44 bytes leftover after parsing attributes in process `syz.1.412'. [ 52.927320][ T4443] netlink: 44 bytes leftover after parsing attributes in process `syz.1.412'. [ 53.022159][ T4466] loop0: detected capacity change from 0 to 512 [ 53.039433][ T4466] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 53.086038][ T4466] EXT4-fs (loop0): 1 truncate cleaned up [ 53.140075][ T4466] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.439323][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.583166][ T4527] loop0: detected capacity change from 0 to 128 [ 53.592291][ T4527] EXT4-fs: Ignoring removed nobh option [ 53.605656][ T4527] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 53.640567][ T4527] ext4 filesystem being mounted at /110/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 53.725496][ T3316] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 53.901770][ T4557] SELinux: Context system_u:object_r:semanage_exec_t:s0 is not valid (left unmapped). [ 53.931655][ T4561] can0: slcan on ptm0. [ 53.999854][ T4568] netlink: 'syz.1.450': attribute type 10 has an invalid length. [ 54.012802][ T4568] team0: Device veth0_macvtap failed to register rx_handler [ 54.022386][ T4560] can0 (unregistered): slcan off ptm0. [ 54.106669][ T4584] xt_recent: hitcount (4294967295) is larger than allowed maximum (65535) [ 54.119508][ T4583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.455'. [ 54.157778][ T4583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.455'. [ 54.305197][ T4605] random: crng reseeded on system resumption [ 54.345240][ T4611] 9pnet_fd: p9_fd_create_unix (4611): problem connecting socket: ./file0: -2 [ 54.507047][ T4636] loop0: detected capacity change from 0 to 128 [ 54.514586][ T4634] loop3: detected capacity change from 0 to 1024 [ 54.527476][ T4634] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.661054][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.661054][ T51] loop0: rw=1, sector=137, nr_sectors = 8 limit=128 [ 54.676927][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.676927][ T51] loop0: rw=1, sector=153, nr_sectors = 8 limit=128 [ 54.736038][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.736038][ T51] loop0: rw=1, sector=169, nr_sectors = 8 limit=128 [ 54.754646][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.754646][ T51] loop0: rw=1, sector=185, nr_sectors = 8 limit=128 [ 54.771612][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.771612][ T51] loop0: rw=1, sector=201, nr_sectors = 8 limit=128 [ 54.785413][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.785413][ T51] loop0: rw=1, sector=217, nr_sectors = 8 limit=128 [ 54.800579][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.800579][ T51] loop0: rw=1, sector=233, nr_sectors = 8 limit=128 [ 54.814159][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.814159][ T51] loop0: rw=1, sector=249, nr_sectors = 8 limit=128 [ 54.828522][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.828522][ T51] loop0: rw=1, sector=265, nr_sectors = 8 limit=128 [ 54.849438][ T51] kworker/u8:3: attempt to access beyond end of device [ 54.849438][ T51] loop0: rw=1, sector=281, nr_sectors = 8 limit=128 [ 54.875387][ T4642] ================================================================== [ 54.883530][ T4642] BUG: KCSAN: data-race in filemap_write_and_wait_range / xas_set_mark [ 54.891825][ T4642] [ 54.894156][ T4642] write to 0xffff888106bf53ec of 4 bytes by task 4634 on cpu 0: [ 54.901880][ T4642] xas_set_mark+0x12b/0x140 [ 54.906403][ T4642] __folio_start_writeback+0x1dd/0x440 [ 54.911886][ T4642] ext4_bio_write_folio+0x5ad/0x9f0 [ 54.917097][ T4642] mpage_submit_folio+0xe4/0x170 [ 54.922316][ T4642] mpage_process_page_bufs+0x39b/0x4a0 [ 54.927805][ T4642] mpage_prepare_extent_to_map+0x741/0xaa0 [ 54.933654][ T4642] ext4_do_writepages+0xa1a/0x21c0 [ 54.938789][ T4642] ext4_writepages+0x176/0x300 [ 54.943600][ T4642] do_writepages+0x1c3/0x310 [ 54.948210][ T4642] file_write_and_wait_range+0x156/0x2c0 [ 54.953887][ T4642] generic_buffers_fsync_noflush+0x45/0x120 [ 54.959806][ T4642] ext4_sync_file+0x1ab/0x690 [ 54.964523][ T4642] vfs_fsync_range+0x10d/0x130 [ 54.969384][ T4642] ext4_buffered_write_iter+0x34f/0x3c0 [ 54.975006][ T4642] ext4_file_write_iter+0xdbf/0xf00 [ 54.981070][ T4642] iter_file_splice_write+0x5f2/0x970 [ 54.986483][ T4642] direct_splice_actor+0x153/0x2a0 [ 54.991622][ T4642] splice_direct_to_actor+0x30f/0x680 [ 54.997034][ T4642] do_splice_direct+0xda/0x150 [ 55.001817][ T4642] do_sendfile+0x380/0x650 [ 55.006353][ T4642] __x64_sys_sendfile64+0x105/0x150 [ 55.011571][ T4642] x64_sys_call+0xb39/0x2fb0 [ 55.016178][ T4642] do_syscall_64+0xd2/0x200 [ 55.020717][ T4642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.026625][ T4642] [ 55.028953][ T4642] read to 0xffff888106bf53ec of 4 bytes by task 4642 on cpu 1: [ 55.036507][ T4642] filemap_write_and_wait_range+0xfc/0x340 [ 55.042342][ T4642] filemap_invalidate_pages+0xa4/0x1a0 [ 55.047813][ T4642] kiocb_invalidate_pages+0x6e/0x80 [ 55.053120][ T4642] __iomap_dio_rw+0x5d4/0x1250 [ 55.057895][ T4642] iomap_dio_rw+0x40/0x90 [ 55.062498][ T4642] ext4_file_write_iter+0xad9/0xf00 [ 55.067722][ T4642] iter_file_splice_write+0x5f2/0x970 [ 55.073105][ T4642] direct_splice_actor+0x153/0x2a0 [ 55.078264][ T4642] splice_direct_to_actor+0x30f/0x680 [ 55.083649][ T4642] do_splice_direct+0xda/0x150 [ 55.088431][ T4642] do_sendfile+0x380/0x650 [ 55.092870][ T4642] __x64_sys_sendfile64+0x105/0x150 [ 55.098087][ T4642] x64_sys_call+0xb39/0x2fb0 [ 55.103125][ T4642] do_syscall_64+0xd2/0x200 [ 55.107652][ T4642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.113573][ T4642] [ 55.115905][ T4642] value changed: 0x0a000021 -> 0x04000021 [ 55.121629][ T4642] [ 55.123959][ T4642] Reported by Kernel Concurrency Sanitizer on: [ 55.130129][ T4642] CPU: 1 UID: 0 PID: 4642 Comm: syz.3.480 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(voluntary) [ 55.142137][ T4642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 55.152303][ T4642] ================================================================== [ 55.178950][ T29] kauditd_printk_skb: 211 callbacks suppressed [ 55.178966][ T29] audit: type=1400 audit(1748959438.728:681): avc: denied { bind } for pid=4654 comm="syz.4.487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 55.204639][ T29] audit: type=1400 audit(1748959438.728:682): avc: denied { name_bind } for pid=4654 comm="syz.4.487" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 55.226333][ T29] audit: type=1400 audit(1748959438.728:683): avc: denied { node_bind } for pid=4654 comm="syz.4.487" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 55.254328][ T29] audit: type=1400 audit(1748959438.808:684): avc: denied { write } for pid=4654 comm="syz.4.487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 55.273670][ T29] audit: type=1400 audit(1748959438.808:685): avc: denied { name_connect } for pid=4654 comm="syz.4.487" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 55.452519][ T3322] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.