last executing test programs: 7.830481416s ago: executing program 2 (id=742): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000d5030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x800000002400}, 0xc) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000280)="d5", 0x1}], 0x1}}], 0x1, 0x20080058) bpf$MAP_CREATE(0x0, 0x0, 0x48) 7.730356614s ago: executing program 2 (id=745): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c", 0x29) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 6.885257383s ago: executing program 2 (id=774): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x200ed, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x2, @perf_config_ext={0x5, 0x8}, 0x4c58, 0x5, 0x0, 0x4, 0x87, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000400f2000000000009000000850000000f000000850000000700000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 6.812310988s ago: executing program 2 (id=780): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3a95004, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 6.764450383s ago: executing program 2 (id=783): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$kcm(0xa, 0x2, 0x88) sendmsg$inet(r2, &(0x7f0000000000)={&(0x7f0000001340)={0x2, 0x2, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000001580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x27}, @multicast1}}}], 0x20}, 0x8000) sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)="1171eb4845b76325e7e71446fac0eed3ac08197f4f0dd0f388f2f66e1adf1b0c7a7cb8407f", 0x25}, {&(0x7f0000000240)="4937b1586f71d18f", 0x8}], 0x2}, 0x0) 6.125506114s ago: executing program 2 (id=802): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) statfs(0x0, 0x0) 6.101873396s ago: executing program 32 (id=802): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) statfs(0x0, 0x0) 1.337718392s ago: executing program 4 (id=930): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfd, 0x0, 0x7ffc9ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1}, 0x10) lremovexattr(0x0, 0x0) 1.288447646s ago: executing program 4 (id=932): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x1, 0x4, 0x1, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 1.23935863s ago: executing program 4 (id=934): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4) 1.191357574s ago: executing program 4 (id=935): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000001c80)='n', 0x1) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000280)='\x00H\xeb', 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0) close(r0) 957.065502ms ago: executing program 4 (id=947): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r2, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0x6, 0x1}}, 0x20) bpf$LINK_DETACH(0x22, &(0x7f00000001c0)=r3, 0x4) 786.730606ms ago: executing program 4 (id=939): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$igmp6(0xa, 0x3, 0x2) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80000) creat(&(0x7f00000001c0)='./file0\x00', 0x102) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x94, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000980)) 742.69834ms ago: executing program 3 (id=940): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r0, &(0x7f0000000040), 0xe09) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x9, 0x40000) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r0, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000800", [0x0, 0x2000000000001]}}) 739.37179ms ago: executing program 5 (id=941): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) 728.803981ms ago: executing program 1 (id=942): setreuid(0x0, 0xee01) r0 = syz_io_uring_setup(0x4e0, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x400252}, &(0x7f0000000040)=0x0, &(0x7f0000000300)=0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000781daa39ca1061b9c26c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000008000085000000", @ANYRES32], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000500)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2000, @fd, 0x9, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 686.220425ms ago: executing program 5 (id=943): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) fcntl$lock(r2, 0x24, &(0x7f0000000400)={0x1, 0x0, 0x15c3, 0xffdfffffffffffea}) 686.069265ms ago: executing program 3 (id=944): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) 665.224106ms ago: executing program 3 (id=945): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) 653.285657ms ago: executing program 5 (id=946): r0 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000001c80)='n', 0x1) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000280)='\x00H\xeb', 0x0, r0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='syzkaller\x00', &(0x7f0000001140)='\xf1\x95\xb3>-\x8c\xd4\r\x01\xfa\xe2{eED\x0e\xaaPV\x11\xff\xb6j\xd4~6\x82^\x9b b', 0x0) close(r0) 610.858731ms ago: executing program 5 (id=949): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)='N', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e24, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x2}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 560.282705ms ago: executing program 5 (id=951): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="d800000026000186"], 0xd8}, 0x1, 0x0, 0x0, 0x4004041}, 0x20004440) 488.165841ms ago: executing program 0 (id=952): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x8000) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES16=r1], 0x4) 483.742381ms ago: executing program 5 (id=953): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4000, &(0x7f0000000c00)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4}}, {@mblk_io_submit}, {@resuid}, {@norecovery}]}, 0x8, 0x445, &(0x7f0000001dc0)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f00000009c0)="3bf58d7d45d32cfe1da7c797b82f16713d1cb80b3fa1bda74e3977b40e7af46b4c60b70d7a79ed5d8c", 0x29) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7fffeffd) 406.616087ms ago: executing program 0 (id=954): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4) 375.51473ms ago: executing program 0 (id=955): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) socket$netlink(0x10, 0x3, 0x14) newfstatat(0xffffffffffffff9c, &(0x7f0000001f00)='./file0\x00', 0x0, 0x800) 291.830426ms ago: executing program 0 (id=957): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) lgetxattr(0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0) 291.696927ms ago: executing program 1 (id=958): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r1 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r0], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000005c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x80000001, 0x0}) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 245.78652ms ago: executing program 1 (id=959): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) fcntl$lock(r2, 0x24, &(0x7f0000000400)={0x1, 0x0, 0x15c3, 0xffdfffffffffffea}) 110.857701ms ago: executing program 1 (id=960): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7fff}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31"], 0xe8}, 0x1, 0x0, 0x0, 0x40040000}, 0x0) 110.564611ms ago: executing program 3 (id=961): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xe, 0x3, &(0x7f0000001300)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) 93.998702ms ago: executing program 3 (id=962): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x2000000, {0x7}}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x11c}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0x541b, &(0x7f0000000040)={0xffffffffffffffff, 0x5}) close_range(r2, 0xffffffffffffffff, 0x0) 56.865326ms ago: executing program 1 (id=963): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000200), &(0x7f0000000240)=r1}, 0x20) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0) pwritev(r2, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0) 56.505726ms ago: executing program 3 (id=964): r0 = perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x7, 0x2, 0x0, 0x0, 0x0, 0x2, 0x20000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_bp={0x0, 0x9}, 0x2000, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r2}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000001c0)='cpu<20\t&|') 55.778466ms ago: executing program 0 (id=965): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x8e, &(0x7f0000000140)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000400", 0x58, 0x6, 0xfe, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x16, 0xc2, 0x2000, 0x0, 0x7, {[@mss={0x1e, 0x4, 0x8}, @timestamp={0x8, 0xa, 0x0, 0x9}, @md5sig={0x13, 0x12, "a1cbd12aa50e39de3b5624a87fb75f32"}, @md5sig={0x13, 0x12, "e9803cac6913fbfccc18ce5a512eaf73"}, @md5sig={0x13, 0x12, "f2a3c47d2be4dabe21013d40454c15b5"}]}}}}}}}}, 0x0) 26.257728ms ago: executing program 0 (id=966): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = getpid() madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 0s ago: executing program 1 (id=967): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2) readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/238, 0xee}], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.73' (ED25519) to the list of known hosts. [ 26.619252][ T29] audit: type=1400 audit(1755729579.086:62): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.620127][ T3290] cgroup: Unknown subsys name 'net' [ 26.644510][ T29] audit: type=1400 audit(1755729579.086:63): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.672870][ T29] audit: type=1400 audit(1755729579.116:64): avc: denied { unmount } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.793729][ T3290] cgroup: Unknown subsys name 'cpuset' [ 26.800279][ T3290] cgroup: Unknown subsys name 'rlimit' [ 26.909575][ T29] audit: type=1400 audit(1755729579.376:65): avc: denied { setattr } for pid=3290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.933285][ T29] audit: type=1400 audit(1755729579.376:66): avc: denied { create } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.954896][ T29] audit: type=1400 audit(1755729579.376:67): avc: denied { write } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.976463][ T3293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.978366][ T29] audit: type=1400 audit(1755729579.376:68): avc: denied { read } for pid=3290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.009388][ T29] audit: type=1400 audit(1755729579.406:69): avc: denied { mounton } for pid=3290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.035405][ T29] audit: type=1400 audit(1755729579.406:70): avc: denied { mount } for pid=3290 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.048899][ T3290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.059815][ T29] audit: type=1400 audit(1755729579.466:71): avc: denied { relabelto } for pid=3293 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.997280][ T3300] chnl_net:caif_netlink_parms(): no params data found [ 29.037185][ T3307] chnl_net:caif_netlink_parms(): no params data found [ 29.126375][ T3301] chnl_net:caif_netlink_parms(): no params data found [ 29.159303][ T3300] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.166674][ T3300] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.174136][ T3300] bridge_slave_0: entered allmulticast mode [ 29.180528][ T3300] bridge_slave_0: entered promiscuous mode [ 29.188243][ T3300] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.195511][ T3300] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.202699][ T3300] bridge_slave_1: entered allmulticast mode [ 29.209255][ T3300] bridge_slave_1: entered promiscuous mode [ 29.215813][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.223130][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.230498][ T3307] bridge_slave_0: entered allmulticast mode [ 29.237006][ T3307] bridge_slave_0: entered promiscuous mode [ 29.246387][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.253664][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.261016][ T3307] bridge_slave_1: entered allmulticast mode [ 29.267783][ T3307] bridge_slave_1: entered promiscuous mode [ 29.296156][ T3304] chnl_net:caif_netlink_parms(): no params data found [ 29.329050][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.341798][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.361782][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.374759][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.426957][ T3300] team0: Port device team_slave_0 added [ 29.433221][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 29.442964][ T3300] team0: Port device team_slave_1 added [ 29.449303][ T3301] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.456754][ T3301] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.464273][ T3301] bridge_slave_0: entered allmulticast mode [ 29.471658][ T3301] bridge_slave_0: entered promiscuous mode [ 29.479202][ T3307] team0: Port device team_slave_0 added [ 29.486499][ T3307] team0: Port device team_slave_1 added [ 29.507900][ T3301] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.515334][ T3301] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.523152][ T3301] bridge_slave_1: entered allmulticast mode [ 29.529737][ T3301] bridge_slave_1: entered promiscuous mode [ 29.564939][ T3304] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.572139][ T3304] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.580021][ T3304] bridge_slave_0: entered allmulticast mode [ 29.586984][ T3304] bridge_slave_0: entered promiscuous mode [ 29.596293][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.603408][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.632370][ T3300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.644433][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.651375][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.678208][ T3300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.694050][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.701282][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.728916][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.740975][ T3304] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.748422][ T3304] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.756158][ T3304] bridge_slave_1: entered allmulticast mode [ 29.762753][ T3304] bridge_slave_1: entered promiscuous mode [ 29.776108][ T3301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.787435][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.794615][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.822405][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.853179][ T3301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.889117][ T3300] hsr_slave_0: entered promiscuous mode [ 29.897082][ T3300] hsr_slave_1: entered promiscuous mode [ 29.905519][ T3307] hsr_slave_0: entered promiscuous mode [ 29.911748][ T3307] hsr_slave_1: entered promiscuous mode [ 29.918786][ T3307] debugfs: 'hsr0' already exists in 'hsr' [ 29.924535][ T3307] Cannot create hsr debugfs directory [ 29.931042][ T3304] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.950443][ T3301] team0: Port device team_slave_0 added [ 29.958289][ T3301] team0: Port device team_slave_1 added [ 29.966778][ T3304] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.983145][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.991890][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.000286][ T3309] bridge_slave_0: entered allmulticast mode [ 30.007447][ T3309] bridge_slave_0: entered promiscuous mode [ 30.014654][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.022057][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.029637][ T3309] bridge_slave_1: entered allmulticast mode [ 30.037069][ T3309] bridge_slave_1: entered promiscuous mode [ 30.090074][ T3304] team0: Port device team_slave_0 added [ 30.096922][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.104109][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.130694][ T3301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.142587][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.149771][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.176579][ T3301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.188477][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.208648][ T3304] team0: Port device team_slave_1 added [ 30.215725][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.237986][ T3309] team0: Port device team_slave_0 added [ 30.254584][ T3309] team0: Port device team_slave_1 added [ 30.286120][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.293637][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.320809][ T3304] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.348863][ T3304] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.355985][ T3304] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.382674][ T3304] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.399255][ T3301] hsr_slave_0: entered promiscuous mode [ 30.405498][ T3301] hsr_slave_1: entered promiscuous mode [ 30.411326][ T3301] debugfs: 'hsr0' already exists in 'hsr' [ 30.417367][ T3301] Cannot create hsr debugfs directory [ 30.423357][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 30.430531][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.456819][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 30.483673][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 30.491342][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 30.519045][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.572956][ T3304] hsr_slave_0: entered promiscuous mode [ 30.579530][ T3304] hsr_slave_1: entered promiscuous mode [ 30.585848][ T3304] debugfs: 'hsr0' already exists in 'hsr' [ 30.591947][ T3304] Cannot create hsr debugfs directory [ 30.632618][ T3309] hsr_slave_0: entered promiscuous mode [ 30.639604][ T3309] hsr_slave_1: entered promiscuous mode [ 30.646294][ T3309] debugfs: 'hsr0' already exists in 'hsr' [ 30.652544][ T3309] Cannot create hsr debugfs directory [ 30.665417][ T3300] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.677466][ T3300] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.689082][ T3300] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.718165][ T3300] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.797497][ T3307] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.809756][ T3307] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.828393][ T3307] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.839110][ T3307] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.876076][ T3301] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.886844][ T3301] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.898464][ T3301] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.908685][ T3301] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.951524][ T3304] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.966313][ T3304] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.981956][ T3304] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.990887][ T3304] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 31.016437][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.026995][ T3309] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 31.036117][ T3309] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 31.045917][ T3309] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 31.054484][ T3309] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 31.086031][ T3300] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.106891][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.114228][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.127356][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.136269][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.143502][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.159347][ T3301] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.172768][ T3307] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.199160][ T3301] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.218877][ T2327] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.226308][ T2327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.236610][ T2327] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.243804][ T2327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.252648][ T2327] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.259810][ T2327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.270286][ T3304] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.292679][ T3304] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.325601][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.333139][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.347316][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.354882][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.364981][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.372036][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.398241][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 31.437754][ T3300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.450662][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.484541][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.492889][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.503022][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.510200][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.533011][ T3301] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.565293][ T3304] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.603448][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.640643][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.714717][ T3301] veth0_vlan: entered promiscuous mode [ 31.728797][ T3301] veth1_vlan: entered promiscuous mode [ 31.752903][ T3304] veth0_vlan: entered promiscuous mode [ 31.762941][ T3304] veth1_vlan: entered promiscuous mode [ 31.779880][ T3301] veth0_macvtap: entered promiscuous mode [ 31.801360][ T3301] veth1_macvtap: entered promiscuous mode [ 31.822541][ T3309] veth0_vlan: entered promiscuous mode [ 31.838957][ T3307] veth0_vlan: entered promiscuous mode [ 31.848398][ T3309] veth1_vlan: entered promiscuous mode [ 31.856451][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.869098][ T3300] veth0_vlan: entered promiscuous mode [ 31.879409][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.887270][ T3307] veth1_vlan: entered promiscuous mode [ 31.896641][ T3304] veth0_macvtap: entered promiscuous mode [ 31.904292][ T3304] veth1_macvtap: entered promiscuous mode [ 31.916516][ T3300] veth1_vlan: entered promiscuous mode [ 31.923375][ T778] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.939867][ T3309] veth0_macvtap: entered promiscuous mode [ 31.947128][ T778] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.959908][ T3309] veth1_macvtap: entered promiscuous mode [ 31.974047][ T778] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.985217][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.006545][ T3300] veth0_macvtap: entered promiscuous mode [ 32.013868][ T778] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.026547][ T3307] veth0_macvtap: entered promiscuous mode [ 32.034251][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.047987][ T3304] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.057283][ T3300] veth1_macvtap: entered promiscuous mode [ 32.066808][ T3307] veth1_macvtap: entered promiscuous mode [ 32.076016][ T41] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.089716][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.096570][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 32.096588][ T29] audit: type=1400 audit(1755729584.566:81): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/root/syzkaller.SnH5I5/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 32.135963][ T29] audit: type=1400 audit(1755729584.566:82): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 32.160221][ T29] audit: type=1400 audit(1755729584.566:83): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/root/syzkaller.SnH5I5/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 32.186182][ T29] audit: type=1400 audit(1755729584.566:84): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 32.209972][ T29] audit: type=1400 audit(1755729584.566:85): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/root/syzkaller.SnH5I5/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 32.237570][ T29] audit: type=1400 audit(1755729584.566:86): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/root/syzkaller.SnH5I5/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4694 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 32.266783][ T29] audit: type=1400 audit(1755729584.566:87): avc: denied { unmount } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 32.289367][ T29] audit: type=1400 audit(1755729584.766:88): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 32.316704][ T29] audit: type=1400 audit(1755729584.766:89): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="gadgetfs" ino=4695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 32.342500][ T3301] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 32.342723][ T41] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.375825][ T41] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.391459][ T29] audit: type=1400 audit(1755729584.846:90): avc: denied { read write } for pid=3301 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 32.394228][ T9] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=9 comm=kworker/0:0 [ 32.435599][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.445173][ T41] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.457478][ T3469] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 32.470415][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.489099][ T41] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.499573][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.511742][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.521803][ T41] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.541240][ T41] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.626094][ T41] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.627834][ T3477] loop0: detected capacity change from 0 to 1024 [ 32.642431][ T42] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.662504][ T42] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.685704][ T3477] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 32.697198][ T3477] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 32.715828][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.723529][ T3477] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #2: comm syz.0.7: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 2, max 1(4), depth 0(0) [ 32.749830][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.778690][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.789508][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.800258][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.811660][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.831679][ T3477] EXT4-fs (loop0): no journal found [ 32.868951][ T3477] SELinux: failed to load policy [ 32.939654][ T3502] process 'syz.3.11' launched '/dev/fd/5' with NULL argv: empty string added [ 32.994350][ T3507] mmap: syz.2.17 (3507) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 33.030131][ T3510] SELinux: failed to load policy [ 33.141975][ T3527] netlink: 'syz.2.26': attribute type 10 has an invalid length. [ 33.154628][ T3527] team0: Port device dummy0 added [ 33.177264][ T3527] netlink: 'syz.2.26': attribute type 10 has an invalid length. [ 33.189045][ T3529] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 33.189392][ T3527] team0: Port device dummy0 removed [ 33.209908][ T3527] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 33.250333][ T3527] syz.2.26 (3527) used greatest stack depth: 10472 bytes left [ 33.262839][ T3535] netlink: '+}[@': attribute type 10 has an invalid length. [ 33.272794][ T3535] team0: Device hsr_slave_0 failed to register rx_handler [ 33.379824][ T3547] SELinux: failed to load policy [ 33.402927][ T3549] binfmt_misc: register: failed to install interpreter file ./file2 [ 33.589203][ T3563] GUP no longer grows the stack in syz.2.44 (3563): 200000004000-20000000a000 (200000002000) [ 33.600705][ T3563] CPU: 0 UID: 0 PID: 3563 Comm: syz.2.44 Not tainted syzkaller #0 PREEMPT(voluntary) [ 33.600734][ T3563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 33.600748][ T3563] Call Trace: [ 33.600777][ T3563] [ 33.600785][ T3563] __dump_stack+0x1d/0x30 [ 33.600807][ T3563] dump_stack_lvl+0xe8/0x140 [ 33.600827][ T3563] dump_stack+0x15/0x1b [ 33.600842][ T3563] __get_user_pages+0x198d/0x1fa0 [ 33.600873][ T3563] ? __rcu_read_unlock+0x4f/0x70 [ 33.600895][ T3563] get_user_pages_remote+0x1d5/0x6d0 [ 33.600954][ T3563] __access_remote_vm+0x15c/0x590 [ 33.601029][ T3563] access_remote_vm+0x32/0x40 [ 33.601121][ T3563] proc_pid_cmdline_read+0x32b/0x6c0 [ 33.601157][ T3563] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 33.601205][ T3563] vfs_readv+0x3fb/0x690 [ 33.601243][ T3563] __x64_sys_preadv+0xfd/0x1c0 [ 33.601264][ T3563] x64_sys_call+0x282a/0x2ff0 [ 33.601284][ T3563] do_syscall_64+0xd2/0x200 [ 33.601334][ T3563] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 33.601354][ T3563] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 33.601431][ T3563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 33.601455][ T3563] RIP: 0033:0x7effbe6aebe9 [ 33.601472][ T3563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.601540][ T3563] RSP: 002b:00007effbd10f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 33.601563][ T3563] RAX: ffffffffffffffda RBX: 00007effbe8d5fa0 RCX: 00007effbe6aebe9 [ 33.601624][ T3563] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 33.601638][ T3563] RBP: 00007effbe731e19 R08: 0000000000000000 R09: 0000000000000000 [ 33.601649][ T3563] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 33.601661][ T3563] R13: 00007effbe8d6038 R14: 00007effbe8d5fa0 R15: 00007ffe9e028ef8 [ 33.601677][ T3563] [ 33.974689][ T3588] netlink: 56 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 34.070892][ T3604] 9pnet: p9_errstr2errno: server reported unknown error tat [ 34.077353][ T3603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.59'. [ 34.109086][ T3603] netlink: 4 bytes leftover after parsing attributes in process `syz.3.59'. [ 34.164189][ T3612] Zero length message leads to an empty skb [ 34.214423][ T3617] option changes via remount are deprecated (pid=3615 comm=syz.1.66) [ 34.293268][ T3626] Illegal XDP return value 4294967282 on prog (id 46) dev N/A, expect packet loss! [ 34.305899][ T3630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.73'. [ 34.370887][ T3636] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 34.407024][ T3640] netlink: 24 bytes leftover after parsing attributes in process `syz.1.78'. [ 34.599784][ T3666] netlink: 332 bytes leftover after parsing attributes in process `syz.3.91'. [ 34.652241][ T3671] netlink: 8 bytes leftover after parsing attributes in process `syz.3.93'. [ 35.188795][ T3719] loop2: detected capacity change from 0 to 128 [ 35.196976][ T3717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.108'. [ 35.207121][ T3717] netlink: 312 bytes leftover after parsing attributes in process `syz.0.108'. [ 35.216186][ T3717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.108'. [ 35.381717][ T3733] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 35.612017][ T3756] loop0: detected capacity change from 0 to 2048 [ 35.635804][ T3756] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.816186][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.338230][ T3833] netlink: 'syz.2.161': attribute type 1 has an invalid length. [ 36.563278][ T3856] loop1: detected capacity change from 0 to 512 [ 36.589496][ T3856] EXT4-fs: Ignoring removed i_version option [ 36.596122][ T3856] EXT4-fs: Ignoring removed nobh option [ 36.640170][ T3856] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 36.653937][ T3856] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 36.693632][ T3856] EXT4-fs (loop1): 1 truncate cleaned up [ 36.701815][ T3856] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.722955][ T3867] loop4: detected capacity change from 0 to 512 [ 36.783850][ T3867] ======================================================= [ 36.783850][ T3867] WARNING: The mand mount option has been deprecated and [ 36.783850][ T3867] and is ignored by this kernel. Remove the mand [ 36.783850][ T3867] option from the mount to silence this warning. [ 36.783850][ T3867] ======================================================= [ 36.837835][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.876067][ T3867] EXT4-fs (loop4): orphan cleanup on readonly fs [ 36.917070][ T3867] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.177: bg 0: block 248: padding at end of block bitmap is not set [ 37.002908][ T3867] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.177: Failed to acquire dquot type 1 [ 37.062296][ T29] kauditd_printk_skb: 376 callbacks suppressed [ 37.062310][ T29] audit: type=1400 audit(1755730357.579:465): avc: denied { setopt } for pid=3882 comm="syz.3.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 37.091060][ T3867] EXT4-fs (loop4): 1 truncate cleaned up [ 37.099113][ T29] audit: type=1326 audit(1755730357.579:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3894 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.118996][ T3867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 37.125303][ T29] audit: type=1326 audit(1755730357.579:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3894 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.163492][ T29] audit: type=1326 audit(1755730357.579:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3894 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.173027][ T3897] loop0: detected capacity change from 0 to 512 [ 37.189009][ T29] audit: type=1326 audit(1755730357.579:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3894 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.189075][ T29] audit: type=1326 audit(1755730357.579:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3894 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.189094][ T29] audit: type=1326 audit(1755730357.589:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3894 comm="syz.2.189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.254367][ T3897] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 37.289005][ T29] audit: type=1326 audit(1755730357.716:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3898 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.313528][ T29] audit: type=1326 audit(1755730357.716:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3898 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.314785][ T3867] syz.4.177 (3867) used greatest stack depth: 9280 bytes left [ 37.337346][ T29] audit: type=1326 audit(1755730357.716:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3898 comm="syz.2.191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 37.370591][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.431080][ T3897] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.453062][ T3897] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.519314][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.862303][ T3948] loop3: detected capacity change from 0 to 128 [ 38.065218][ T3948] syz.3.210: attempt to access beyond end of device [ 38.065218][ T3948] loop3: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 38.107718][ T3977] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 38.124289][ T3948] syz.3.210: attempt to access beyond end of device [ 38.124289][ T3948] loop3: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 38.142095][ T3948] syz.3.210: attempt to access beyond end of device [ 38.142095][ T3948] loop3: rw=2049, sector=177, nr_sectors = 8 limit=128 [ 38.161499][ T3948] syz.3.210: attempt to access beyond end of device [ 38.161499][ T3948] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 38.188743][ T3948] syz.3.210: attempt to access beyond end of device [ 38.188743][ T3948] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 38.212104][ T3948] syz.3.210: attempt to access beyond end of device [ 38.212104][ T3948] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 38.231782][ T3948] syz.3.210: attempt to access beyond end of device [ 38.231782][ T3948] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 38.264955][ T3948] syz.3.210: attempt to access beyond end of device [ 38.264955][ T3948] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 38.286599][ T3948] syz.3.210: attempt to access beyond end of device [ 38.286599][ T3948] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 38.304287][ T3948] syz.3.210: attempt to access beyond end of device [ 38.304287][ T3948] loop3: rw=2049, sector=289, nr_sectors = 8 limit=128 [ 38.445600][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 39.074909][ T4064] pim6reg: entered allmulticast mode [ 39.100516][ T4064] pim6reg: left allmulticast mode [ 39.108076][ T4066] __nla_validate_parse: 6 callbacks suppressed [ 39.108096][ T4066] netlink: 76 bytes leftover after parsing attributes in process `syz.2.262'. [ 39.334919][ T4088] loop3: detected capacity change from 0 to 1024 [ 39.369183][ T4088] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 39.380231][ T4088] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 39.415399][ T4088] JBD2: no valid journal superblock found [ 39.421614][ T4088] EXT4-fs (loop3): Could not load journal inode [ 39.465027][ T4088] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 39.478244][ T4098] loop4: detected capacity change from 0 to 512 [ 39.579575][ T4109] loop0: detected capacity change from 0 to 512 [ 39.630614][ T4109] EXT4-fs: Ignoring removed mblk_io_submit option [ 39.654946][ T4109] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 39.688382][ T4109] EXT4-fs (loop0): 1 truncate cleaned up [ 39.711449][ T4109] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.673720][ T4247] IPVS: stopping master sync thread 4249 ... [ 40.680280][ T4249] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 40.760194][ T4253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.307'. [ 40.769415][ T4253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.307'. [ 40.844384][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.957221][ T4276] loop4: detected capacity change from 0 to 512 [ 41.060319][ T4276] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.153494][ T4276] syz.4.317 (4276) used greatest stack depth: 9120 bytes left [ 41.175043][ T4292] netlink: 'syz.3.324': attribute type 13 has an invalid length. [ 41.182938][ T4292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.324'. [ 41.209326][ T4209] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.218441][ T4292] netlink: 'syz.3.324': attribute type 13 has an invalid length. [ 41.226332][ T4292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.324'. [ 41.236604][ T4209] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.267143][ T4209] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.278168][ T3300] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.297369][ T4209] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 41.425292][ T4296] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 41.523788][ T4313] netlink: 348 bytes leftover after parsing attributes in process `syz.4.334'. [ 41.553739][ T4319] syz.2.337 uses obsolete (PF_INET,SOCK_PACKET) [ 41.634905][ T4327] loop1: detected capacity change from 0 to 512 [ 41.699984][ T4327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.834486][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.898885][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 41.898900][ T29] audit: type=1400 audit(42.176:619): avc: denied { name_connect } for pid=4357 comm="syz.4.354" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 42.011034][ T29] audit: type=1400 audit(42.292:620): avc: denied { read write } for pid=4374 comm="syz.0.358" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.035415][ T29] audit: type=1400 audit(42.292:621): avc: denied { open } for pid=4374 comm="syz.0.358" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.061614][ T29] audit: type=1400 audit(42.344:622): avc: denied { ioctl } for pid=4374 comm="syz.0.358" path="/dev/virtual_nci" dev="devtmpfs" ino=132 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.087802][ T29] audit: type=1400 audit(42.344:623): avc: denied { read } for pid=4374 comm="syz.0.358" path="socket:[8217]" dev="sockfs" ino=8217 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 42.113114][ T4377] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 42.202163][ T29] audit: type=1400 audit(42.491:624): avc: denied { read write } for pid=4402 comm="syz.1.366" name="uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 42.203324][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 42.234320][ T29] audit: type=1400 audit(42.491:625): avc: denied { open } for pid=4402 comm="syz.1.366" path="/dev/uhid" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 42.242116][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 42.324564][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.332976][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.340703][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.348696][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.356594][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.365148][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.373437][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.381456][ T1052] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 42.406472][ T1052] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 42.475993][ T4420] fido_id[4420]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 42.628179][ T29] audit: type=1400 audit(42.943:626): avc: denied { create } for pid=4440 comm="syz.1.372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 43.006920][ T29] audit: type=1326 audit(43.342:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613e32ebe9 code=0x7ffc0000 [ 43.046507][ T29] audit: type=1326 audit(43.342:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4503 comm="syz.4.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613e32ebe9 code=0x7ffc0000 [ 43.122330][ T4508] llcp: llcp_sock_recvmsg: Recv datagram failed state 3 -6 0 [ 43.161037][ T4521] netlink: 24 bytes leftover after parsing attributes in process `syz.3.391'. [ 43.233799][ T4527] loop3: detected capacity change from 0 to 512 [ 43.267894][ T4527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.342663][ T4527] syz.3.394 (4527) used greatest stack depth: 8960 bytes left [ 43.360659][ T4536] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 43.379096][ T4536] SELinux: failed to load policy [ 43.380668][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.542495][ T4538] loop3: detected capacity change from 0 to 8192 [ 43.572716][ T4538] FAT-fs (loop3): bogus sectors per cluster 0 [ 43.579089][ T4538] FAT-fs (loop3): Can't find a valid FAT filesystem [ 44.037983][ T4573] loop2: detected capacity change from 0 to 8192 [ 44.097396][ T4573] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 44.173159][ T4583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.417'. [ 44.186253][ T4585] netlink: 180 bytes leftover after parsing attributes in process `syz.2.419'. [ 44.223661][ T4583] IPVS: Error joining to the multicast group [ 44.344801][ T4599] netlink: 128 bytes leftover after parsing attributes in process `syz.1.424'. [ 44.390849][ T4611] loop3: detected capacity change from 0 to 128 [ 44.399495][ T4611] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 44.443104][ T4214] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 44.879640][ T4698] loop3: detected capacity change from 0 to 512 [ 44.903111][ T4698] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.916954][ T4698] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.170367][ T4750] netlink: 12 bytes leftover after parsing attributes in process `syz.4.450'. [ 45.180043][ T4750] netlink: 28 bytes leftover after parsing attributes in process `syz.4.450'. [ 45.190383][ T4750] netlink: 12 bytes leftover after parsing attributes in process `syz.4.450'. [ 45.202988][ T4752] loop0: detected capacity change from 0 to 512 [ 45.212584][ T4750] netlink: 28 bytes leftover after parsing attributes in process `syz.4.450'. [ 45.221801][ T4750] netlink: 'syz.4.450': attribute type 6 has an invalid length. [ 45.266167][ T4752] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.332493][ T4770] loop3: detected capacity change from 0 to 128 [ 45.377902][ T4770] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 45.425503][ T4770] EXT4-fs (loop3): shut down requested (1) [ 45.427425][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.459299][ T3304] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 45.471648][ T4783] netlink: 67 bytes leftover after parsing attributes in process `syz.1.466'. [ 45.619506][ T4806] loop3: detected capacity change from 0 to 1024 [ 45.655351][ T4806] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.663157][ T4804] netlink: 20 bytes leftover after parsing attributes in process `syz.1.471'. [ 45.705830][ T4819] loop2: detected capacity change from 0 to 512 [ 45.718625][ T4806] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 45.735391][ T4806] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 45.757570][ T4806] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 63 with max blocks 65 with error 28 [ 45.770605][ T4806] EXT4-fs (loop3): This should not happen!! Data will be lost [ 45.770605][ T4806] [ 45.780632][ T4806] EXT4-fs (loop3): Total free blocks count 0 [ 45.786937][ T4806] EXT4-fs (loop3): Free/Dirty block details [ 45.793072][ T4806] EXT4-fs (loop3): free_blocks=20480 [ 45.798745][ T4806] EXT4-fs (loop3): dirty_blocks=96 [ 45.804032][ T4806] EXT4-fs (loop3): Block reservation details [ 45.810075][ T4806] EXT4-fs (loop3): i_reserved_data_blocks=6 [ 45.818194][ T4819] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.905909][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.940426][ T3454] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 46.127169][ T3408] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz1 [ 46.186354][ T4839] fido_id[4839]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 46.269182][ T4841] vhci_hcd: invalid port number 96 [ 46.274619][ T4841] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 46.548456][ T4858] loop2: detected capacity change from 0 to 512 [ 46.607470][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 46.643137][ T4858] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.695097][ T4867] netlink: 28 bytes leftover after parsing attributes in process `syz.0.496'. [ 46.767764][ T4875] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4875 comm=syz.4.500 [ 46.781404][ T4875] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4875 comm=syz.4.500 [ 46.817678][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.925173][ T4894] loop0: detected capacity change from 0 to 512 [ 46.959048][ T4900] loop1: detected capacity change from 0 to 128 [ 46.973396][ T4894] EXT4-fs: Ignoring removed nomblk_io_submit option [ 47.012701][ T4894] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 47.030337][ T4894] EXT4-fs (loop0): 1 truncate cleaned up [ 47.031466][ T4894] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.125607][ T29] kauditd_printk_skb: 182 callbacks suppressed [ 47.125623][ T29] audit: type=1400 audit(47.667:811): avc: denied { ioctl } for pid=4892 comm="syz.0.510" path="/100/file1/file1" dev="loop0" ino=15 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 47.226696][ T29] audit: type=1400 audit(47.761:812): avc: denied { read } for pid=4910 comm="syz.4.516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 47.310998][ T4915] pimreg: entered allmulticast mode [ 47.344411][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.364075][ T4920] pimreg: left allmulticast mode [ 47.421899][ T4919] loop1: detected capacity change from 0 to 1764 [ 47.462137][ T29] audit: type=1400 audit(48.013:813): avc: denied { mount } for pid=4918 comm="syz.1.521" name="/" dev="loop1" ino=1920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 47.534860][ T29] audit: type=1400 audit(48.097:814): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 47.599136][ T4926] loop3: detected capacity change from 0 to 8192 [ 47.662640][ T4926] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 47.744891][ T29] audit: type=1326 audit(48.318:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4941 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613e32ebe9 code=0x7ffc0000 [ 47.769172][ T29] audit: type=1326 audit(48.318:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4941 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f613e32ebe9 code=0x7ffc0000 [ 47.793424][ T29] audit: type=1326 audit(48.318:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4941 comm="syz.4.531" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613e32ebe9 code=0x7ffc0000 [ 47.826002][ T4947] loop3: detected capacity change from 0 to 512 [ 47.838618][ T29] audit: type=1326 audit(48.412:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4948 comm="syz.4.534" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f613e32ebe9 code=0x0 [ 47.972557][ T4947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.015125][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.134712][ T29] audit: type=1326 audit(48.727:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4974 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 48.180509][ T29] audit: type=1326 audit(48.748:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4974 comm="syz.2.542" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 48.205903][ T4977] loop2: detected capacity change from 0 to 1024 [ 48.235472][ T4977] EXT4-fs: Ignoring removed nobh option [ 48.241959][ T4977] EXT4-fs: Ignoring removed bh option [ 48.253810][ T4977] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.379566][ T4994] unsupported nla_type 65024 [ 48.405715][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.588530][ T5024] vhci_hcd: invalid port number 96 [ 48.593983][ T5024] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 48.690894][ T5049] netlink: 'syz.1.578': attribute type 3 has an invalid length. [ 48.754190][ T3408] IPVS: starting estimator thread 0... [ 48.836843][ T5062] IPVS: using max 2688 ests per chain, 134400 per kthread [ 49.062415][ T5101] loop0: detected capacity change from 0 to 512 [ 49.079472][ T5101] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 49.096608][ T5101] EXT4-fs (loop0): mount failed [ 49.123703][ T5113] __nla_validate_parse: 8 callbacks suppressed [ 49.123733][ T5113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.596'. [ 49.235020][ T5134] netlink: 32 bytes leftover after parsing attributes in process `syz.1.599'. [ 49.896121][ T5249] netlink: 180 bytes leftover after parsing attributes in process `syz.2.612'. [ 49.932181][ T5249] netlink: 180 bytes leftover after parsing attributes in process `syz.2.612'. [ 50.354290][ T5271] loop2: detected capacity change from 0 to 32768 [ 50.410636][ T5271] loop2: p1 p3 < > [ 50.958088][ T5309] loop4: detected capacity change from 0 to 1024 [ 50.965770][ T5309] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 50.976871][ T5309] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 50.988637][ T5309] JBD2: no valid journal superblock found [ 50.995026][ T5309] EXT4-fs (loop4): Could not load journal inode [ 51.014528][ T5309] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 51.063783][ T5321] loop1: detected capacity change from 0 to 512 [ 51.091811][ T5321] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.645: iget: bad i_size value: 38620345925642 [ 51.114603][ T5321] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.645: couldn't read orphan inode 15 (err -117) [ 51.133039][ T5321] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.184258][ T5321] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.645: bg 0: block 5: invalid block bitmap [ 51.290927][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.397896][ T5351] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 51.419096][ T5351] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 51.428804][ T5353] loop4: detected capacity change from 0 to 128 [ 51.448506][ T5351] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 51.458297][ T5351] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 51.476139][ T5353] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a842c018, mo2=0002] [ 51.490745][ T5353] System zones: 1-3, 19-19, 35-36 [ 51.504366][ T5353] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 51.544776][ T3300] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 51.635723][ T5368] loop0: detected capacity change from 0 to 512 [ 51.647648][ T5368] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 51.668093][ T5368] EXT4-fs (loop0): 1 truncate cleaned up [ 51.675246][ T5368] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.766010][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.857340][ T5381] netlink: 20 bytes leftover after parsing attributes in process `syz.2.675'. [ 51.880538][ T4209] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.932720][ T29] kauditd_printk_skb: 183 callbacks suppressed [ 51.932734][ T29] audit: type=1400 audit(52.706:1003): avc: denied { cpu } for pid=5389 comm="syz.2.680" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 51.962720][ T4209] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.979128][ T29] audit: type=1400 audit(52.758:1004): avc: denied { read write } for pid=5395 comm="syz.3.676" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.005576][ T29] audit: type=1400 audit(52.758:1005): avc: denied { open } for pid=5395 comm="syz.3.676" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.030490][ T29] audit: type=1400 audit(52.758:1006): avc: denied { mounton } for pid=5398 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 52.052800][ T29] audit: type=1400 audit(52.790:1007): avc: denied { sys_module } for pid=5398 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 52.076486][ T29] audit: type=1400 audit(52.790:1008): avc: denied { ioctl } for pid=5395 comm="syz.3.676" path="/dev/virtual_nci" dev="devtmpfs" ino=132 ioctlcmd=0x0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 52.103295][ T5399] syz.1.683 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 52.136868][ T4209] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.154883][ T29] audit: type=1400 audit(52.947:1009): avc: denied { watch watch_reads } for pid=5410 comm="syz.1.684" path="/165" dev="tmpfs" ino=858 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 52.180370][ T29] audit: type=1400 audit(52.968:1010): avc: denied { execute } for pid=5410 comm="syz.1.684" name="file0" dev="tmpfs" ino=863 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 52.202816][ T29] audit: type=1400 audit(52.968:1011): avc: denied { execute_no_trans } for pid=5410 comm="syz.1.684" path="/165/file0" dev="tmpfs" ino=863 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 52.237549][ T4209] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.258631][ T29] audit: type=1326 audit(53.052:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5416 comm="syz.2.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effbe6aebe9 code=0x7ffc0000 [ 52.294945][ T5414] ip6gre1: entered allmulticast mode [ 52.345891][ T5424] loop0: detected capacity change from 0 to 512 [ 52.359447][ T5424] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 52.376702][ T4209] bridge_slave_1: left allmulticast mode [ 52.382741][ T4209] bridge_slave_1: left promiscuous mode [ 52.389394][ T4209] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.401567][ T5424] EXT4-fs (loop0): 1 truncate cleaned up [ 52.407843][ T5424] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.422184][ T4209] bridge_slave_0: left allmulticast mode [ 52.428661][ T4209] bridge_slave_0: left promiscuous mode [ 52.434576][ T4209] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.437330][ T5433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 52.451592][ T5433] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 52.473354][ T3301] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.525485][ T4209] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 52.536770][ T4209] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 52.546904][ T4209] bond0 (unregistering): Released all slaves [ 52.587415][ T5398] chnl_net:caif_netlink_parms(): no params data found [ 52.605845][ T4209] hsr_slave_0: left promiscuous mode [ 52.612966][ T4209] hsr_slave_1: left promiscuous mode [ 52.624418][ T4209] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 52.633009][ T4209] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 52.643015][ T4209] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.650820][ T4209] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 52.662946][ T4209] veth1_macvtap: left promiscuous mode [ 52.668699][ T4209] veth0_macvtap: left promiscuous mode [ 52.674394][ T4209] veth1_vlan: left promiscuous mode [ 52.681632][ T4209] veth0_vlan: left promiscuous mode [ 52.757175][ T4209] team0 (unregistering): Port device team_slave_1 removed [ 52.772315][ T4209] team0 (unregistering): Port device team_slave_0 removed [ 52.900281][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.908134][ T5398] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.925585][ T5398] bridge_slave_0: entered allmulticast mode [ 52.933628][ T5398] bridge_slave_0: entered promiscuous mode [ 52.941441][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.949100][ T5398] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.967598][ T5398] bridge_slave_1: entered allmulticast mode [ 52.975757][ T5398] bridge_slave_1: entered promiscuous mode [ 52.985250][ T5470] atomic_op ffff88811a5a8528 conn xmit_atomic 0000000000000000 [ 53.006531][ T5398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.034529][ T5398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.082418][ T5398] team0: Port device team_slave_0 added [ 53.092312][ T5398] team0: Port device team_slave_1 added [ 53.127039][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.135021][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.161866][ T5398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.176820][ T5495] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5495 comm=syz.1.720 [ 53.189510][ T5495] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5495 comm=syz.1.720 [ 53.214941][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.222236][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.248643][ T5398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.290825][ T5503] loop1: detected capacity change from 0 to 512 [ 53.304510][ T5503] EXT4-fs: Ignoring removed mblk_io_submit option [ 53.320843][ T5398] hsr_slave_0: entered promiscuous mode [ 53.326890][ T5503] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 53.327245][ T5398] hsr_slave_1: entered promiscuous mode [ 53.400640][ T5503] EXT4-fs (loop1): 1 truncate cleaned up [ 53.406906][ T5503] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.719194][ T5398] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 53.728420][ T5398] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 53.737994][ T5398] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 53.747806][ T5398] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 53.757462][ T5469] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 53.765843][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.766544][ T5469] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 53.773424][ T5398] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.773522][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.796298][ T5398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.814245][ T5516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.734'. [ 53.838211][ T3454] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.846151][ T3454] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.865857][ T5518] loop2: detected capacity change from 0 to 4096 [ 53.930100][ T5518] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.931876][ T5398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.974852][ T5398] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.985200][ T3454] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.995919][ T3454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.010017][ T4209] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.017460][ T4209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.035198][ T5518] 9pnet_fd: Insufficient options for proto=fd [ 54.063259][ T5398] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.074121][ T5398] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.118721][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.237322][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.239615][ T5398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.426244][ T5398] veth0_vlan: entered promiscuous mode [ 54.445342][ T5398] veth1_vlan: entered promiscuous mode [ 54.459379][ T5576] loop2: detected capacity change from 0 to 512 [ 54.466400][ T5576] EXT4-fs: Ignoring removed mblk_io_submit option [ 54.472325][ T5398] veth0_macvtap: entered promiscuous mode [ 54.484136][ T5576] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 54.499164][ T5398] veth1_macvtap: entered promiscuous mode [ 54.510900][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.513347][ T5579] loop0: detected capacity change from 0 to 4096 [ 54.525461][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.530434][ T5579] EXT4-fs: test_dummy_encryption option not supported [ 54.537225][ T5576] EXT4-fs (loop2): 1 truncate cleaned up [ 54.549664][ T5576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.580433][ T41] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.590988][ T3454] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.600469][ T41] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.617140][ T41] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.704208][ T5600] __nla_validate_parse: 1 callbacks suppressed [ 54.704222][ T5600] netlink: 28 bytes leftover after parsing attributes in process `syz.1.753'. [ 54.868842][ T5618] ref_ctr_offset mismatch. inode: 0x3c6 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000 [ 55.172138][ T5631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.769'. [ 55.341765][ T3307] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.384902][ T5648] loop3: detected capacity change from 0 to 1024 [ 55.391850][ T5648] EXT4-fs: Ignoring removed orlov option [ 55.399853][ T5648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.574424][ T5673] loop4: detected capacity change from 0 to 512 [ 55.581592][ T5673] EXT4-fs: Ignoring removed mblk_io_submit option [ 55.590866][ T5673] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 55.619666][ T5674] netlink: 'syz.0.786': attribute type 13 has an invalid length. [ 55.628365][ T5674] netlink: 'syz.0.786': attribute type 17 has an invalid length. [ 55.649307][ T5673] EXT4-fs (loop4): 1 truncate cleaned up [ 55.666157][ T5671] bridge0: port 3(batadv1) entered blocking state [ 55.672767][ T5671] bridge0: port 3(batadv1) entered disabled state [ 55.683223][ T5673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.722150][ T5671] batadv1: entered allmulticast mode [ 55.742766][ T5671] batadv1: entered promiscuous mode [ 55.817375][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.855567][ T5674] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 55.977701][ T5694] netlink: 8 bytes leftover after parsing attributes in process `gtp'. [ 56.104762][ T42] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 56.114502][ T42] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 56.128637][ T4209] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.225927][ T4209] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.257134][ T5713] netlink: 'syz.0.805': attribute type 4 has an invalid length. [ 56.295024][ T5713] netlink: 'syz.0.805': attribute type 4 has an invalid length. [ 56.312543][ T4209] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.365499][ T4209] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 56.463289][ T5398] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.503241][ T4209] bridge_slave_1: left allmulticast mode [ 56.509377][ T4209] bridge_slave_1: left promiscuous mode [ 56.515532][ T4209] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.533903][ T4209] bridge_slave_0: left allmulticast mode [ 56.539717][ T4209] bridge_slave_0: left promiscuous mode [ 56.545922][ T4209] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.632371][ T4209] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 56.643184][ T4209] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 56.654552][ T4209] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 56.664906][ T4209] bond0 (unregistering): Released all slaves [ 56.742740][ T4209] hsr_slave_0: left promiscuous mode [ 56.750998][ T4209] hsr_slave_1: left promiscuous mode [ 56.757292][ T4209] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.765155][ T4209] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.774782][ T4209] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.782508][ T4209] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 56.793843][ T4209] veth1_macvtap: left promiscuous mode [ 56.799677][ T4209] veth0_macvtap: left promiscuous mode [ 56.805354][ T4209] veth1_vlan: left promiscuous mode [ 56.811245][ T4209] veth0_vlan: left promiscuous mode [ 56.819569][ T29] kauditd_printk_skb: 142 callbacks suppressed [ 56.819586][ T29] audit: type=1326 audit(57.839:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5726 comm="syz.3.807" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feabaf3ebe9 code=0x0 [ 56.913279][ T4209] team0 (unregistering): Port device team_slave_1 removed [ 56.923376][ T4209] team0 (unregistering): Port device team_slave_0 removed [ 56.938974][ T29] audit: type=1400 audit(57.965:1156): avc: denied { bind } for pid=5739 comm="syz.1.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.959076][ T29] audit: type=1400 audit(57.965:1157): avc: denied { setopt } for pid=5739 comm="syz.1.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.996992][ T5740] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.014164][ T5714] chnl_net:caif_netlink_parms(): no params data found [ 57.030741][ T29] audit: type=1400 audit(58.060:1158): avc: denied { bind } for pid=5742 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.050075][ T29] audit: type=1400 audit(58.060:1159): avc: denied { write } for pid=5742 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 57.094660][ T5740] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.122476][ T5714] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.129939][ T5714] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.137791][ T5714] bridge_slave_0: entered allmulticast mode [ 57.145076][ T5714] bridge_slave_0: entered promiscuous mode [ 57.152234][ T5714] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.159493][ T5714] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.167196][ T5714] bridge_slave_1: entered allmulticast mode [ 57.174310][ T5714] bridge_slave_1: entered promiscuous mode [ 57.205426][ T5740] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.226166][ T5714] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.237527][ T5714] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.259646][ T5740] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 57.283534][ T5714] team0: Port device team_slave_0 added [ 57.291273][ T5714] team0: Port device team_slave_1 added [ 57.321073][ T5714] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.328834][ T5714] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.355631][ T5714] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.373443][ T4461] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.390360][ T4461] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.403109][ T5714] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.410259][ T5714] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.436547][ T5714] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.461534][ T4461] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.483316][ T4461] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.494802][ T5714] hsr_slave_0: entered promiscuous mode [ 57.501772][ T5714] hsr_slave_1: entered promiscuous mode [ 57.508064][ T5714] debugfs: 'hsr0' already exists in 'hsr' [ 57.513827][ T5714] Cannot create hsr debugfs directory [ 57.616221][ T5714] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 57.630328][ T5814] loop3: detected capacity change from 0 to 512 [ 57.639987][ T5814] EXT4-fs: Ignoring removed mblk_io_submit option [ 57.649061][ T5714] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 57.656742][ T5814] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 57.670378][ T5714] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 57.688636][ T5814] EXT4-fs (loop3): 1 truncate cleaned up [ 57.699503][ T5814] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.708192][ T5714] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 57.739693][ T29] audit: type=1326 audit(58.784:1160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.4.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f3d9ebe9 code=0x7ffc0000 [ 57.763756][ T29] audit: type=1326 audit(58.784:1161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.4.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03f3d9ebe9 code=0x7ffc0000 [ 57.787475][ T29] audit: type=1326 audit(58.784:1162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.4.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f3d9ebe9 code=0x7ffc0000 [ 57.810743][ T29] audit: type=1326 audit(58.795:1163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.4.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f03f3d9ebe9 code=0x7ffc0000 [ 57.834741][ T29] audit: type=1326 audit(58.795:1164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5824 comm="syz.4.820" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03f3d9ebe9 code=0x7ffc0000 [ 57.878942][ T5836] loop1: detected capacity change from 0 to 1024 [ 58.003338][ T5836] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.064300][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.064941][ T5714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 58.092398][ T5714] 8021q: adding VLAN 0 to HW filter on device team0 [ 58.105950][ T3454] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.113986][ T3454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.142677][ T3454] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.150237][ T3454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.193058][ T5714] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 58.215833][ T5883] bridge: RTM_NEWNEIGH with invalid ether address [ 58.327197][ T5714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.491840][ T5914] netlink: 8 bytes leftover after parsing attributes in process `syz.4.840'. [ 58.554087][ T3304] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.589698][ T5925] sctp: [Deprecated]: syz.1.844 (pid 5925) Use of struct sctp_assoc_value in delayed_ack socket option. [ 58.589698][ T5925] Use struct sctp_sack_info instead [ 58.622726][ T5714] veth0_vlan: entered promiscuous mode [ 58.650685][ T5714] veth1_vlan: entered promiscuous mode [ 58.691925][ T5714] veth0_macvtap: entered promiscuous mode [ 58.724184][ T5714] veth1_macvtap: entered promiscuous mode [ 58.754971][ T5714] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.793784][ T5714] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.806927][ T41] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.835249][ T41] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.851149][ T41] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.863391][ T4226] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.876410][ T5960] netlink: 12 bytes leftover after parsing attributes in process `syz.1.859'. [ 58.898619][ T5960] vlan2: entered promiscuous mode [ 58.903744][ T5960] gretap0: entered promiscuous mode [ 58.929719][ T5968] loop4: detected capacity change from 0 to 2048 [ 58.947311][ T5968] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.986829][ T5398] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.097006][ T5999] netlink: 28 bytes leftover after parsing attributes in process `syz.1.875'. [ 59.106797][ T5999] netlink: 28 bytes leftover after parsing attributes in process `syz.1.875'. [ 59.122362][ T6001] serio: Serial port ptm0 [ 59.290520][ T6020] netlink: 36 bytes leftover after parsing attributes in process `syz.1.885'. [ 59.394966][ T6026] loop1: detected capacity change from 0 to 1024 [ 59.404407][ T6026] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 59.416207][ T6026] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 59.428337][ T6026] JBD2: no valid journal superblock found [ 59.434463][ T6026] EXT4-fs (loop1): Could not load journal inode [ 59.445586][ T6026] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 59.498210][ T6030] loop1: detected capacity change from 0 to 1024 [ 59.526161][ T6030] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.554626][ T3309] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.486800][ T6082] loop5: detected capacity change from 0 to 512 [ 60.494071][ T6082] EXT4-fs: Ignoring removed mblk_io_submit option [ 60.504092][ T6082] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 60.521266][ T6082] EXT4-fs (loop5): 1 truncate cleaned up [ 60.528364][ T6082] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.487267][ T5714] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.499684][ T6144] loop9: detected capacity change from 0 to 7 [ 61.592683][ T6162] netlink: 128 bytes leftover after parsing attributes in process `syz.0.948'. [ 61.676043][ T29] kauditd_printk_skb: 181 callbacks suppressed [ 61.676058][ T29] audit: type=1400 audit(62.931:1346): avc: denied { write } for pid=6167 comm="syz.0.950" name="nvram" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 61.715910][ T6170] netlink: 180 bytes leftover after parsing attributes in process `syz.5.951'. [ 61.752006][ T6179] loop5: detected capacity change from 0 to 512 [ 61.767703][ T6179] EXT4-fs: Ignoring removed mblk_io_submit option [ 61.774933][ T6179] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 61.786093][ T6179] EXT4-fs (loop5): 1 truncate cleaned up [ 61.793128][ T6179] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.872328][ T29] audit: type=1326 audit(63.141:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 61.896522][ T29] audit: type=1326 audit(63.141:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 61.932664][ T29] audit: type=1400 audit(63.141:1349): avc: denied { create } for pid=6185 comm="syz.0.955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 61.953475][ T29] audit: type=1326 audit(63.151:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 61.977339][ T29] audit: type=1326 audit(63.162:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 62.002392][ T29] audit: type=1326 audit(63.162:1352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 62.025384][ T29] audit: type=1326 audit(63.162:1353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 62.049200][ T29] audit: type=1326 audit(63.162:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6185 comm="syz.0.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 62.079465][ T29] audit: type=1326 audit(63.361:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6190 comm="syz.0.957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce8d49ebe9 code=0x7ffc0000 [ 62.226608][ T6179] ================================================================== [ 62.237150][ T6179] BUG: KCSAN: data-race in __mark_inode_dirty / __writeback_single_inode [ 62.245934][ T6179] [ 62.248346][ T6179] read-write to 0xffff88811a0701a0 of 4 bytes by task 6187 on cpu 0: [ 62.257148][ T6179] __writeback_single_inode+0x1e3/0x7c0 [ 62.262980][ T6179] writeback_single_inode+0x167/0x3e0 [ 62.268812][ T6179] sync_inode_metadata+0x5b/0x90 [ 62.273860][ T6179] generic_buffers_fsync_noflush+0xd9/0x120 [ 62.279813][ T6179] ext4_sync_file+0x1ab/0x690 [ 62.284732][ T6179] vfs_fsync_range+0x10d/0x130 [ 62.289649][ T6179] ext4_buffered_write_iter+0x34f/0x3c0 [ 62.295570][ T6179] ext4_file_write_iter+0xdbf/0xf00 [ 62.300874][ T6179] iter_file_splice_write+0x663/0xa60 [ 62.306416][ T6179] direct_splice_actor+0x153/0x2a0 [ 62.311574][ T6179] splice_direct_to_actor+0x30f/0x680 [ 62.317018][ T6179] do_splice_direct+0xda/0x150 [ 62.321793][ T6179] do_sendfile+0x380/0x650 [ 62.326233][ T6179] __x64_sys_sendfile64+0x105/0x150 [ 62.332033][ T6179] x64_sys_call+0x2bb0/0x2ff0 [ 62.337154][ T6179] do_syscall_64+0xd2/0x200 [ 62.341840][ T6179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.348845][ T6179] [ 62.351566][ T6179] read to 0xffff88811a0701a0 of 4 bytes by task 6179 on cpu 1: [ 62.360041][ T6179] __mark_inode_dirty+0x191/0x750 [ 62.365509][ T6179] mark_buffer_dirty+0x133/0x210 [ 62.370768][ T6179] block_write_end+0x12d/0x210 [ 62.376050][ T6179] ext4_write_end+0x134/0x730 [ 62.381609][ T6179] generic_perform_write+0x312/0x490 [ 62.387841][ T6179] ext4_buffered_write_iter+0x1ee/0x3c0 [ 62.394097][ T6179] ext4_file_write_iter+0xdbf/0xf00 [ 62.399863][ T6179] iter_file_splice_write+0x663/0xa60 [ 62.405525][ T6179] direct_splice_actor+0x153/0x2a0 [ 62.410894][ T6179] splice_direct_to_actor+0x30f/0x680 [ 62.416630][ T6179] do_splice_direct+0xda/0x150 [ 62.421582][ T6179] do_sendfile+0x380/0x650 [ 62.426016][ T6179] __x64_sys_sendfile64+0x105/0x150 [ 62.431561][ T6179] x64_sys_call+0x2bb0/0x2ff0 [ 62.436267][ T6179] do_syscall_64+0xd2/0x200 [ 62.440833][ T6179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 62.447151][ T6179] [ 62.449553][ T6179] value changed: 0x0000003a -> 0x00000022 [ 62.457068][ T6179] [ 62.459679][ T6179] Reported by Kernel Concurrency Sanitizer on: [ 62.466982][ T6179] CPU: 1 UID: 0 PID: 6179 Comm: syz.5.953 Not tainted syzkaller #0 PREEMPT(voluntary) [ 62.477009][ T6179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 62.487846][ T6179] ================================================================== [ 62.552570][ T6209] serio: Serial port ptm0 [ 62.632626][ T5714] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.668420][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog