last executing test programs: 3.337327394s ago: executing program 0 (id=64): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07, 0x400}, @generic={0x0, 0xffffffffffffff53, "d588380003c1"}]}}}}}}, 0xfd6c) 3.122521432s ago: executing program 0 (id=67): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) io_setup(0x239f, 0x0) unshare(0x2a020400) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x6, {0x2, 0x8, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x24) 3.070099424s ago: executing program 0 (id=68): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x106200, 0x10004, 0x40, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000008}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) 1.272517636s ago: executing program 1 (id=116): r0 = socket(0x10, 0x803, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x3c}}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=@newtfilter={0x94, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x60, 0x2, [@TCA_U32_ACT={0x54, 0x7, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xf, 0x3}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x6, 0x9, 0x20000000, 0x1, 0xd6}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_U32_HASH={0x6, 0x2, 0xc3}]}}, @TCA_CHAIN={0x8, 0xb, 0x6ad}]}, 0x94}, 0x1, 0x0, 0x0, 0x1}, 0x24040084) 1.244519367s ago: executing program 1 (id=119): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth1_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x2c, &(0x7f0000000000)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r2, {0xfff1, 0xf}, {}, {0xc, 0xfff3}}, [@filter_kind_options=@f_fw={{0x7}, {0x20, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x4}}, @TCA_FW_MASK={0x5, 0x5, 0x6}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x200c8080) 1.216095128s ago: executing program 1 (id=120): syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x204004, &(0x7f0000000440)={[{@grpquota}]}, 0x1, 0xbac, &(0x7f0000002dc0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000940)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4001}, 0x404c004) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) 1.203726448s ago: executing program 2 (id=121): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.1541978s ago: executing program 2 (id=123): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20081, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_bp={0x0, 0x8}, 0x2, 0x0, 0x10ffe, 0x0, 0x2, 0x80000011, 0x1, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x9) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x8040) readv(r0, &(0x7f0000001300)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001340)={0x53, 0xfffffffffffffffd, 0x6, 0x2, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)='\b\x00\x00\x00\x00\x00', 0x0, 0x7, 0x0, 0x0, 0x0}) 1.084735712s ago: executing program 1 (id=125): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_config_ext={0x8, 0x3}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000003, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffb, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x5707}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x24000000) 900.743049ms ago: executing program 3 (id=129): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff8, @ipv4}, 0x1c) 888.318499ms ago: executing program 0 (id=130): perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x45, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0xff, 0x30000000000}, 0x12122, 0x10000, 0xfffffffe, 0x5, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x47, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x30040, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x182, 0x6}, 0x6025, 0x4005, 0x4, 0x0, 0x80000000, 0x1, 0xa, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) 882.02792ms ago: executing program 3 (id=131): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000180)=""/175, 0x27}], 0x1, &(0x7f0000001fc0)=""/65, 0xffffffffffffff4b}, 0x40000001}], 0x1, 0x40002122, 0x0) sendmsg$tipc(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x1, 0x1, 0x2}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000003c0)="4a7b8798bfca141841", 0x9}], 0x1}, 0x2000c8c0) 794.796422ms ago: executing program 3 (id=132): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) close(r0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) recvmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000100)=""/111, 0x6f}], 0x1}, 0x40012150) 775.084743ms ago: executing program 3 (id=133): bind$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x7, 0x34328, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0, 0x2}, 0x10026, 0x10003, 0xfffffff8, 0x3, 0x100008, 0x20005, 0x9, 0x0, 0x0, 0x0, 0xe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x10c000) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000000)=@usbdevfs_driver={0x0, 0x8e0000, 0x0}) 755.321254ms ago: executing program 0 (id=134): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=ANY=[@ANYBLOB="12000000030000000400000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f00000001c0)=r0}, 0x20) 736.712774ms ago: executing program 0 (id=135): timer_create(0x3, 0x0, &(0x7f0000bbdffc)=0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc7) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_gettime(r0, 0x0) timer_gettime(r0, &(0x7f0000000040)) 713.546005ms ago: executing program 3 (id=136): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x20973, 0x1c080, 0x0, 0x37}) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000097ff8208109bc100000008000012b70885b32b0009048f0000bf57"], 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 712.717175ms ago: executing program 1 (id=137): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000002000000e0"], 0x190) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000002000000e001"], 0x190) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000001080)={0x2, {{0x2, 0x4e21, @multicast1}}, {{0x2, 0x4e1f, @dev={0xac, 0x14, 0x14, 0x43}}}}, 0x108) 694.742026ms ago: executing program 1 (id=138): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') fchdir(r0) exit(0xfffffffffffffffd) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000100)={0x1400, 0x10ffff, 0xfffffffd, 0x0, 0x0, 0x18000}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) 440.187125ms ago: executing program 4 (id=142): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0xd, 0x0, 0x0, 0x6}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r1, 0xfffffff9, 0x9, 0x80000000}, 0x10) 439.819965ms ago: executing program 4 (id=143): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x800000000, 0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3dc38396}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x9) syz_emit_ethernet(0x52, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa8608119827c186dd60a2bf00001c3a41fc020000000000000000000000000000ff020000000000000000000000200001820090780000fcfffe8000000000000000000000000000aa"], 0x0) getsockopt$inet_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000100)=""/211, &(0x7f00000000c0)=0xd3) 426.392795ms ago: executing program 4 (id=144): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0x5f86, &(0x7f0000000180)={0x0, 0x2a97, 0x10000, 0x1, 0x3b7}, &(0x7f0000001040), &(0x7f0000000080), &(0x7f0000000000)) io_uring_enter(r0, 0x7b20, 0xe93c, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES2(r0, 0xd, &(0x7f00000002c0)={0x5f, 0x0, 0x0, 0x0, 0x0}, 0x20) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0xf5c}, 0xffffffffffffff8c) 265.855561ms ago: executing program 2 (id=145): perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8006, 0x6}, 0x400, 0x10001, 0xda, 0x9, 0xa, 0x20005, 0xa, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd97(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r1 = dup(r0) write$binfmt_elf32(r1, &(0x7f0000000a40)=ANY=[@ANYBLOB="7f454c464a030103ff07004e000000000200030054090220f70ca8b7e3040000003e0300006c000000d6000200b5000000fe03200001fe058c093ff44ab9252a73158893eeab328e6d4622168e286aadc0a2e88e00a733d7ec92a121ad3a4f1976e19d4a7523a23afdb208b0067ab1b7e31df36dcc000000"], 0x79) execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 219.539823ms ago: executing program 4 (id=146): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffe}, 0x0, &(0x7f0000000240)={0x1f, 0xfffffffffffffffe, 0xe, 0x0, 0x7, 0x4, 0x0, 0xfffffffffffffffc}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, 0x0) 200.593923ms ago: executing program 2 (id=147): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f6558", 0x12}, {&(0x7f0000000280)="76cd9eebff8fd168e7f893336558", 0xe}], 0x2) 153.806875ms ago: executing program 2 (id=148): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000080000000b00000000"], 0x50) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, &(0x7f0000000640)=0xcbb9, 0x6, 0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 139.221675ms ago: executing program 2 (id=149): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x10000, &(0x7f0000000380)={[{@noauto_da_alloc}]}, 0x1, 0x4bc, &(0x7f0000000a40)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7UjTSh2p81DjPDRqMjObWc3MotJoKrEBqYTEDSVOHMVOaaIuUth1wQKBQEIs2PMXsKErKiTEGvaIBSqCEiRAQjK613abOHGwII1p7u8n3ebch/2dU+s7Ovf4Xt8AMuts8k8uYjgiPoyIo43VrQecbfzZuH9zJllyUa9f/iKXHpestw5tve5IRKxHxEBE/P/fEc/ktsetrq7NT5fLpeXmerG2sFSsrq5duLYwPVeaKy2OTV6cmpocnRif2rO23n7puduX3vlv/9vfvHjv7svvvZtUa7i5b3M79lKj6X1xfNO2QxHxz0cRrAcKzfYM9roi/CTJ5/ebiDiX5v/RKKSfJpAF9Xq9/n39cKfd63XgwMqnY+BcfiQiGuV8fmSkMYb/bQzly5Vq7a9XKyuLs42x8rHoy1+9Vi6NNs8VjkVfLlkfS8sP18fb1ici0jHwK4XBdH1kplKe3d+uDmhzpC3/vy408h/ICKf8kF3yH7JL/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv+QXfIfskv+Qyb979KlZKm37n+fvb66Ml+5fmG2VJ0fWViZGZmpLC+NzFUqc+k9Ows/9n7lSmVp7G+xcqNYK1Vrxerq2pWFyspi7Up6X/+VUt++tAroxvEzdz7ORcT63wfTJdHf3CdX4WCr13PR63uQgd4o9LoDAnrG1B9kl3N8oP0netvHBQOdXrj0cL4QeLzke10BoGfOn/L9H2SV+X/ILvP/kF3G+MAOj+jbYrf5f+DxZP4fsmu4w/O/frXp2V2jEfHriPio0He49awv4CDIf5Zrjv/PH/3jcPve/ty36VcE/RHx/BuXX7sxXastjyXbv3ywvfZ6c/v4phd2PGEAeqWVp608BgCya+P+zZnWsp9xP/9X4yKE7fEPNecmB9LvKIc2cluuVcjt0bUL67ci4uRO8XPN5503TmSGNgrb4p9o/s013iKt76H0uen7E//Upvh/2BT/9M/+X4FsuJP0P6M75V8+zel4kH9b+5/hPbp2onP/l3/Q/xU69H9nuozx7JsvfNox/q2I0zvGb8UbSGO1x0/qdr7L+PeeeuJ3nfbV32q8z07xW5JSsbawVKyurl1If0durrQ4NnlxampydGJ8qpjOURdbM9Xb/ePkB3d3a/9Qh/i7tT/Z9ucu2//d799/8uwu8f90bufP/8Qu8Qcj4i9dxv9q/JOnO+1L4s92aH9+l/jJtoku41df/c/hLg8FAPZBdXVtfrpcLi0rKCj0pHDrl1GNtkKveybgUauuJqfmSdL3uiYAAAAAAAAAAABAt/bjcuJetxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CD4IQAA//9HcdTQ") sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xfffffe57}], 0x1, 0x5405, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x7a680000) 115.117996ms ago: executing program 4 (id=150): syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./bus\x00', 0x8, &(0x7f0000000180)=ANY=[@ANYRES16=0x0], 0x4, 0x29d, &(0x7f00000009c0)="$eJzs209PE08cx/EPtD/+/mCrKArGONGLXjZQLyaeGgKJsYkGqfFPYrLIVpsuLXYbTI0RPHn1cRCP3kyMT4CLj8CDNy4eORjXsG2lLSWSCG6l79dlpzv72c70O5vMobt17+1yPuvbWaes3h6juNSnbSmhXsVU1VM79obtPjVa15Wx9Jfzd+4/uJlKp2fnjZlLLVxNGmNGL3x8/vLdxU/l4bvvRz/0azPxaOtb8uvm+ObE1o+Fpznf5HxTKJaNYxaLxbKz6LlmKefnbWNue67juyZX8N1SU3/WK66sVIxTWBoZWim5vm+cQsXk3YopF025VDHOEydXMLZtm5Eh4XcyG/PzTirqUeBolUopZ0bS5J6ezEYkAwIAAJFqs/9fZ//fLdj/H3fx2v7/Ye35bcb+HwAAAAAAAAAAAAAAAAAAAACAf8F2EFhBEFj1439S+IZPUPs8KGlI0rCk/yWNSBqVZElKSDoh6aSkMUmnJJ2WNC7pjKSzkiYa7hX1XLHXfvWPHWn9r0c5ZTTg+e9u1L+7Nby4OyAtv1nNrGaqx2p/KqucPLmakqXvYS1rqu25G+nZKRNK6NzyWi2/tpqJNeenZe0smHb56WreNOf7w3X3K5+UtbPA2uWTbfMDunypIW/L0ufHKsrTUrgmd/Ovpo2ZuZVuyU+G1x139s4P91rSPvWzbVPX0l/NH2B9BFNt6xPXZDzauUPyKy/yjue5pcNpPGs5U38Jv+niwUP+0g5u6FpHDONPGjqsGw52xHRoHLTu6AK7Ra+fiUU7IAAAAAAAAAAAAAAAAADAgfyNvxNGPUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFr9DAAA//9A/FqF") fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.current\x00', 0x275a, 0x0) creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 47.547669ms ago: executing program 3 (id=151): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000340)={0x5, 0x0, 0xfffffe3f, 0xfffffffc, 0x9, "4d6b55f67e02bfc6aafbd98ec07c05a8765ccb", 0x0, 0x800}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a40)) ioctl$TIOCGDEV(0xffffffffffffffff, 0x80045432, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/16, 0x10}], 0x1) 0s ago: executing program 4 (id=152): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in=@rand_addr=0x64010102, @in6=@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x84}, {0x400000000, 0x7, 0x0, 0x4, 0x3, 0x0, 0x200, 0x6}, {0x0, 0x2, 0x200000000004}, 0x0, 0x0, 0x1, 0x0, 0x3}, [@tmpl={0x44, 0x5, [{{@in6=@dev={0xfe, 0x80, '\x00', 0x26}, 0x2, 0x6c}, 0xa, @in6=@empty, 0x0, 0x4, 0x0, 0x5}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=ANY=[@ANYBLOB="10010000160001000000000000000000fe8000000000000000000000000000aaff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe880000000000000000000000000001000000006c000000ffffffff00000000000000000000000000000000000000000900000000000000000000000000000000000000000000000800000000000000000000000000000003000000000000000800000000000000000000000000000000000000000000000000000000040000090000000000000000000000010000000000000000000000000000000a080000000000000000000000000000000000000c0015"], 0x110}, 0x1, 0x0, 0x0, 0xc1}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts. [ 25.288606][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 25.288620][ T28] audit: type=1400 audit(1775082320.686:70): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.317657][ T28] audit: type=1400 audit(1775082320.706:71): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.318452][ T3301] cgroup: Unknown subsys name 'net' [ 25.345263][ T28] audit: type=1400 audit(1775082320.736:72): avc: denied { unmount } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.458818][ T3301] cgroup: Unknown subsys name 'cpuset' [ 25.464801][ T3301] cgroup: Unknown subsys name 'rlimit' [ 25.574002][ T28] audit: type=1400 audit(1775082320.966:73): avc: denied { setattr } for pid=3301 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 25.605077][ T28] audit: type=1400 audit(1775082320.966:74): avc: denied { create } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.625672][ T28] audit: type=1400 audit(1775082320.966:75): avc: denied { write } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.632782][ T3303] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 25.646363][ T28] audit: type=1400 audit(1775082320.966:76): avc: denied { read } for pid=3301 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 25.674893][ T28] audit: type=1400 audit(1775082320.966:77): avc: denied { mounton } for pid=3301 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 25.699884][ T28] audit: type=1400 audit(1775082320.966:78): avc: denied { mount } for pid=3301 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 25.723146][ T28] audit: type=1400 audit(1775082320.996:79): avc: denied { read } for pid=3040 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 25.751697][ T3301] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.771020][ T3312] chnl_net:caif_netlink_parms(): no params data found [ 26.852291][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.859471][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.866511][ T3312] bridge_slave_0: entered allmulticast mode [ 26.873238][ T3312] bridge_slave_0: entered promiscuous mode [ 26.887901][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 26.898985][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.906130][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.913196][ T3312] bridge_slave_1: entered allmulticast mode [ 26.919691][ T3312] bridge_slave_1: entered promiscuous mode [ 26.942035][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 26.982462][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.001732][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.031929][ T3320] chnl_net:caif_netlink_parms(): no params data found [ 27.050542][ T3312] team0: Port device team_slave_0 added [ 27.056198][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.063309][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.070552][ T3317] bridge_slave_0: entered allmulticast mode [ 27.076869][ T3317] bridge_slave_0: entered promiscuous mode [ 27.087567][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.094628][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.101752][ T3317] bridge_slave_1: entered allmulticast mode [ 27.108093][ T3317] bridge_slave_1: entered promiscuous mode [ 27.124965][ T3312] team0: Port device team_slave_1 added [ 27.142438][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 27.155308][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.162511][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.169612][ T3315] bridge_slave_0: entered allmulticast mode [ 27.175893][ T3315] bridge_slave_0: entered promiscuous mode [ 27.192584][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.201667][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.208891][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.215964][ T3315] bridge_slave_1: entered allmulticast mode [ 27.222210][ T3315] bridge_slave_1: entered promiscuous mode [ 27.228823][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.235741][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.261636][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.279670][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.297438][ T3317] team0: Port device team_slave_0 added [ 27.307496][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.314520][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.340497][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.357804][ T3317] team0: Port device team_slave_1 added [ 27.385883][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.401881][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.408816][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.434691][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.446448][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.455851][ T3320] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.462985][ T3320] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.470105][ T3320] bridge_slave_0: entered allmulticast mode [ 27.476482][ T3320] bridge_slave_0: entered promiscuous mode [ 27.487234][ T3320] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.494372][ T3320] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.501527][ T3320] bridge_slave_1: entered allmulticast mode [ 27.507909][ T3320] bridge_slave_1: entered promiscuous mode [ 27.517208][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.524153][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.550035][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.590669][ T3312] hsr_slave_0: entered promiscuous mode [ 27.596676][ T3312] hsr_slave_1: entered promiscuous mode [ 27.608362][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.617553][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.624631][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.631858][ T3314] bridge_slave_0: entered allmulticast mode [ 27.638150][ T3314] bridge_slave_0: entered promiscuous mode [ 27.645989][ T3315] team0: Port device team_slave_0 added [ 27.652450][ T3315] team0: Port device team_slave_1 added [ 27.662869][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.676042][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.683134][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.690233][ T3314] bridge_slave_1: entered allmulticast mode [ 27.696379][ T3314] bridge_slave_1: entered promiscuous mode [ 27.739850][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 27.749539][ T3320] team0: Port device team_slave_0 added [ 27.755806][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 27.771678][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.778732][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.804790][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 27.815896][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 27.822846][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.848720][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 27.861609][ T3317] hsr_slave_0: entered promiscuous mode [ 27.867557][ T3317] hsr_slave_1: entered promiscuous mode [ 27.873394][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 27.879123][ T3317] Cannot create hsr debugfs directory [ 27.897127][ T3320] team0: Port device team_slave_1 added [ 27.920918][ T3314] team0: Port device team_slave_0 added [ 27.948656][ T3314] team0: Port device team_slave_1 added [ 27.963388][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 27.970327][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 27.996287][ T3320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.009456][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.016386][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.042273][ T3320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.075674][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.082830][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.108751][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.121136][ T3315] hsr_slave_0: entered promiscuous mode [ 28.127157][ T3315] hsr_slave_1: entered promiscuous mode [ 28.132946][ T3315] debugfs: 'hsr0' already exists in 'hsr' [ 28.138664][ T3315] Cannot create hsr debugfs directory [ 28.155265][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.162262][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 28.188191][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.236220][ T3320] hsr_slave_0: entered promiscuous mode [ 28.242140][ T3320] hsr_slave_1: entered promiscuous mode [ 28.248011][ T3320] debugfs: 'hsr0' already exists in 'hsr' [ 28.253762][ T3320] Cannot create hsr debugfs directory [ 28.296172][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 28.307054][ T3314] hsr_slave_0: entered promiscuous mode [ 28.313217][ T3314] hsr_slave_1: entered promiscuous mode [ 28.319065][ T3314] debugfs: 'hsr0' already exists in 'hsr' [ 28.324765][ T3314] Cannot create hsr debugfs directory [ 28.335243][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 28.343885][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 28.365734][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 28.426004][ T3317] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 28.446451][ T3317] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 28.456958][ T3317] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 28.465661][ T3317] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 28.498715][ T3315] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 28.507412][ T3315] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 28.516473][ T3315] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 28.525329][ T3315] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 28.566885][ T3320] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 28.576929][ T3320] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 28.589019][ T3320] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 28.605922][ T3320] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 28.633887][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.663930][ T3314] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 28.673455][ T3314] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 28.684127][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.692115][ T3314] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 28.700847][ T3314] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 28.713920][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.724215][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.731338][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.746036][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.753068][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.765058][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.789434][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.797640][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.805604][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.812682][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.824490][ T333] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.831584][ T333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.864516][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.880063][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 28.895312][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.902365][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.928768][ T3317] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 28.943424][ T333] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.950542][ T333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.961544][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.968589][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.987101][ T3315] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 28.997777][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.016659][ T70] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.023744][ T70] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.057947][ T3320] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 29.073113][ T3320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.087947][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.109365][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.123096][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 29.136024][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.153510][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.160646][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.176871][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.189264][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.196311][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.229456][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.276500][ T3314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 29.313647][ T3312] veth0_vlan: entered promiscuous mode [ 29.341642][ T3317] veth0_vlan: entered promiscuous mode [ 29.350461][ T3312] veth1_vlan: entered promiscuous mode [ 29.373627][ T3312] veth0_macvtap: entered promiscuous mode [ 29.388742][ T3312] veth1_macvtap: entered promiscuous mode [ 29.408068][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 29.418202][ T3317] veth1_vlan: entered promiscuous mode [ 29.427503][ T3315] veth0_vlan: entered promiscuous mode [ 29.441797][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.466109][ T3317] veth0_macvtap: entered promiscuous mode [ 29.479887][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.497728][ T3315] veth1_vlan: entered promiscuous mode [ 29.508004][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.517560][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.531722][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.540845][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.551113][ T3317] veth1_macvtap: entered promiscuous mode [ 29.562088][ T3315] veth0_macvtap: entered promiscuous mode [ 29.580851][ T3315] veth1_macvtap: entered promiscuous mode [ 29.601464][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.612866][ T3314] veth0_vlan: entered promiscuous mode [ 29.628871][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.641601][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.649905][ T3320] veth0_vlan: entered promiscuous mode [ 29.656245][ T3312] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.657832][ T3314] veth1_vlan: entered promiscuous mode [ 29.680341][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 29.696815][ T3314] veth0_macvtap: entered promiscuous mode [ 29.705056][ T70] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.714541][ T3320] veth1_vlan: entered promiscuous mode [ 29.745572][ T70] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.754493][ T70] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.774170][ T3314] veth1_macvtap: entered promiscuous mode [ 29.791316][ T3402] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 29.797664][ T70] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.815784][ T3402] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 29.837060][ T70] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.855718][ T3320] veth0_macvtap: entered promiscuous mode [ 29.873702][ T70] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.890508][ T3320] veth1_macvtap: entered promiscuous mode [ 29.898233][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.909597][ T70] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.927646][ T70] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 29.964586][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 29.985383][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.008016][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.028196][ T40] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.037814][ T40] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.053828][ T40] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.071075][ T3495] loop2: detected capacity change from 0 to 512 [ 30.071283][ T40] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.090226][ T3495] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.104863][ T40] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.117194][ T3495] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 30.130337][ T3495] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.145383][ T3495] vcan0: tx address claim with different name [ 30.163765][ T40] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.164405][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 30.172813][ T40] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.208631][ T40] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 30.300575][ T28] kauditd_printk_skb: 56 callbacks suppressed [ 30.300590][ T28] audit: type=1400 audit(1775082325.696:136): avc: denied { ioctl } for pid=3504 comm="syz.1.2" path="socket:[4886]" dev="sockfs" ino=4886 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 30.341371][ T3510] loop2: detected capacity change from 0 to 2048 [ 30.349393][ T28] audit: type=1400 audit(1775082325.726:137): avc: denied { ioctl } for pid=3509 comm="syz.4.5" path="socket:[3929]" dev="sockfs" ino=3929 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 30.402276][ T3510] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 30.434606][ T28] audit: type=1400 audit(1775082325.826:138): avc: denied { add_name } for pid=3507 comm="syz.2.11" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.435790][ T3510] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 30.455921][ T28] audit: type=1400 audit(1775082325.826:139): avc: denied { create } for pid=3507 comm="syz.2.11" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.490440][ T28] audit: type=1400 audit(1775082325.826:140): avc: denied { read write } for pid=3507 comm="syz.2.11" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 30.494103][ T3510] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 20 with max blocks 1 with error 28 [ 30.513899][ T28] audit: type=1400 audit(1775082325.826:141): avc: denied { open } for pid=3507 comm="syz.2.11" path="/4/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 30.563817][ T3510] EXT4-fs (loop2): This should not happen!! Data will be lost [ 30.563817][ T3510] [ 30.576387][ T3522] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 30.579956][ T28] audit: type=1400 audit(1775082325.966:142): avc: denied { mount } for pid=3520 comm="syz.1.14" name="/" dev="ramfs" ino=3953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 30.618621][ T3510] EXT4-fs (loop2): Total free blocks count 0 [ 30.624615][ T3510] EXT4-fs (loop2): Free/Dirty block details [ 30.649012][ T3522] EXT4-fs (loop2): This should not happen!! Data will be lost [ 30.649012][ T3522] [ 30.649939][ T28] audit: type=1400 audit(1775082326.026:143): avc: denied { unmount } for pid=3314 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 30.673940][ T3510] EXT4-fs (loop2): free_blocks=4096 [ 30.717009][ T3522] EXT4-fs (loop2): Total free blocks count 0 [ 30.723392][ T3522] EXT4-fs (loop2): Free/Dirty block details [ 30.728790][ T28] audit: type=1400 audit(1775082326.046:144): avc: denied { setopt } for pid=3523 comm="syz.1.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 30.775558][ T28] audit: type=1400 audit(1775082326.076:145): avc: denied { read write } for pid=3525 comm="syz.3.15" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 30.834587][ T3510] syz.2.11 (3510) used greatest stack depth: 9440 bytes left [ 30.880425][ T3317] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 30.965018][ T3552] netlink: 36 bytes leftover after parsing attributes in process `syz.1.28'. [ 31.042263][ C0] hrtimer: interrupt took 36124 ns [ 31.107354][ T3563] Zero length message leads to an empty skb [ 31.211588][ T3568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.35'. [ 31.285375][ T3570] hsr0: entered promiscuous mode [ 31.380512][ T3544] loop4: detected capacity change from 0 to 1024 [ 31.394937][ T3544] EXT4-fs: Ignoring removed nomblk_io_submit option [ 31.429354][ T3544] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 31.441815][ T3544] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e054c018, mo2=0002] [ 31.450342][ T3544] System zones: 0-1, 3-36 [ 31.475024][ T3544] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 31.607035][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 31.835909][ T3588] sctp: [Deprecated]: syz.3.45 (pid 3588) Use of int in max_burst socket option. [ 31.835909][ T3588] Use struct sctp_assoc_value instead [ 31.863453][ T3590] loop4: detected capacity change from 0 to 512 [ 31.879892][ T3590] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 31.893573][ T3590] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 31.907589][ T3590] EXT4-fs (loop4): 1 truncate cleaned up [ 31.932822][ T3590] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 31.958139][ T3598] loop1: detected capacity change from 0 to 512 [ 32.029609][ T3598] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.052206][ T3598] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.202611][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.271334][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 32.367815][ T3611] netlink: 4 bytes leftover after parsing attributes in process `syz.4.52'. [ 32.494611][ T3613] batadv_slave_1: entered promiscuous mode [ 32.514885][ T3613] batadv_slave_1: left promiscuous mode [ 32.654276][ T3622] af_packet: tpacket_rcv: packet too big, clamped from 184 to 4294967272. macoff=96 [ 32.963140][ T3636] netlink: 12 bytes leftover after parsing attributes in process `syz.0.62'. [ 33.135041][ T3641] syz.0.64 uses obsolete (PF_INET,SOCK_PACKET) [ 33.168508][ T3643] loop2: detected capacity change from 0 to 128 [ 33.220675][ T3646] loop2: detected capacity change from 0 to 1024 [ 33.232852][ T3646] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 33.244348][ T3646] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 33.260215][ T3646] EXT4-fs (loop2): orphan cleanup on readonly fs [ 33.274583][ T3646] EXT4-fs error (device loop2): ext4_free_blocks:6724: comm syz.2.66: Freeing blocks not in datazone - block = 0, count = 4096 [ 33.288195][ T3646] loop2: lost filesystem error report for type 5 error -117 [ 33.288320][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 33.302036][ C0] EXT4-fs (loop2): initial error at time 1775082328: ext4_free_blocks:6724 [ 33.310672][ C0] EXT4-fs (loop2): last error at time 1775082328: ext4_free_blocks:6724 [ 33.319950][ T3646] EXT4-fs (loop2): Remounting filesystem read-only [ 33.326486][ T3646] EXT4-fs (loop2): 1 orphan inode deleted [ 33.332796][ T3646] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 33.348081][ T3646] EXT4-fs (loop2): shut down requested (2) [ 33.391447][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.420009][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 33.645587][ T3664] xt_HMARK: proto mask must be zero with L3 mode [ 33.686499][ T3670] loop1: detected capacity change from 0 to 256 [ 33.778781][ T3682] loop4: detected capacity change from 0 to 512 [ 33.787271][ T3682] EXT4-fs: Ignoring removed oldalloc option [ 33.801393][ T3682] EXT4-fs (loop4): 1 truncate cleaned up [ 33.807613][ T3682] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.845145][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.166819][ T3712] loop4: detected capacity change from 0 to 128 [ 34.190394][ T3712] syz.4.95: attempt to access beyond end of device [ 34.190394][ T3712] loop4: rw=2049, sector=138, nr_sectors = 16 limit=128 [ 34.204332][ T3712] syz.4.95: attempt to access beyond end of device [ 34.204332][ T3712] loop4: rw=2049, sector=170, nr_sectors = 16 limit=128 [ 34.217788][ T3712] syz.4.95: attempt to access beyond end of device [ 34.217788][ T3712] loop4: rw=2049, sector=202, nr_sectors = 16 limit=128 [ 34.231265][ T3712] syz.4.95: attempt to access beyond end of device [ 34.231265][ T3712] loop4: rw=2049, sector=234, nr_sectors = 8 limit=128 [ 34.256461][ T70] kworker/u8:4: attempt to access beyond end of device [ 34.256461][ T70] loop4: rw=1, sector=138, nr_sectors = 2 limit=128 [ 34.800904][ T3719] EXT4-fs: Ignoring removed nomblk_io_submit option [ 34.836798][ T3719] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 34.861857][ T3733] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.872419][ T3733] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.872827][ T3719] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e054c018, mo2=0002] [ 34.927593][ T3719] System zones: 0-1, 3-36 [ 34.990350][ T3719] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.069029][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.178005][ T3759] netlink: 'syz.1.116': attribute type 2 has an invalid length. [ 35.203266][ T3764] netlink: 'syz.1.119': attribute type 5 has an invalid length. [ 35.246967][ T3768] set_capacity_and_notify: 2 callbacks suppressed [ 35.247007][ T3768] loop1: detected capacity change from 0 to 4096 [ 35.274052][ T3768] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.319717][ T28] kauditd_printk_skb: 74 callbacks suppressed [ 35.319732][ T28] audit: type=1400 audit(1775082330.716:220): avc: denied { create } for pid=3767 comm="syz.1.120" name=4009 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 35.359549][ T28] audit: type=1400 audit(1775082330.756:221): avc: denied { create } for pid=3777 comm="syz.3.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 35.359685][ C1] sd 0:0:1:0: [sda] tag#3028 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 35.389910][ C1] sd 0:0:1:0: [sda] tag#3028 CDB: Read(6) 08 00 00 00 00 00 [ 35.397511][ T28] audit: type=1400 audit(1775082330.776:222): avc: denied { write } for pid=3777 comm="syz.3.124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 35.407876][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.448217][ T28] audit: type=1400 audit(1775082330.836:223): avc: denied { bpf } for pid=3782 comm="syz.3.127" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 35.469239][ T28] audit: type=1400 audit(1775082330.846:224): avc: denied { perfmon } for pid=3782 comm="syz.3.127" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 35.495333][ T3623] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 35.501566][ T3654] Bluetooth: hci0: command 0x1003 tx timeout [ 35.518147][ T28] audit: type=1400 audit(1775082330.896:225): avc: denied { mounton } for pid=3784 comm="syz.3.128" path="/31/file0" dev="tmpfs" ino=173 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 35.569003][ T3787] ip6gretap0: entered promiscuous mode [ 35.579477][ T3787] macvtap1: entered promiscuous mode [ 35.585108][ T3787] macvtap1: entered allmulticast mode [ 35.590656][ T3787] ip6gretap0: entered allmulticast mode [ 35.590699][ T28] audit: type=1400 audit(1775082330.976:226): avc: denied { map } for pid=3790 comm="syz.0.130" path="socket:[6285]" dev="sockfs" ino=6285 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.622761][ T28] audit: type=1400 audit(1775082330.976:227): avc: denied { read write } for pid=3790 comm="syz.0.130" path="socket:[6285]" dev="sockfs" ino=6285 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 35.646795][ T3787] ip6gretap0: left allmulticast mode [ 35.652429][ T3787] ip6gretap0: left promiscuous mode [ 35.751408][ T28] audit: type=1400 audit(1775082331.146:228): avc: denied { read write } for pid=3805 comm="syz.3.136" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.752675][ T3806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 35.776394][ T28] audit: type=1400 audit(1775082331.146:229): avc: denied { open } for pid=3805 comm="syz.3.136" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.798702][ T3806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 35.942041][ T3816] netlink: 'syz.4.141': attribute type 21 has an invalid length. [ 35.949974][ T3816] netlink: 132 bytes leftover after parsing attributes in process `syz.4.141'. [ 36.189770][ T3827] process 'syz.2.145' launched '/dev/fd/5' with NULL argv: empty string added [ 36.309503][ T3836] loop2: detected capacity change from 0 to 512 [ 36.338499][ T3836] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.356312][ T3841] loop4: detected capacity change from 0 to 128 [ 36.360170][ T3836] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.447942][ T3836] ================================================================== [ 36.456046][ T3836] BUG: KCSAN: data-race in __xa_clear_mark / xas_find_marked [ 36.463434][ T3836] [ 36.465748][ T3836] read-write to 0xffff88811b08e908 of 8 bytes by task 559 on cpu 1: [ 36.473720][ T3836] __xa_clear_mark+0xf5/0x1e0 [ 36.478396][ T3836] __folio_end_writeback+0xf4/0x360 [ 36.483593][ T3836] folio_end_writeback_no_dropbehind+0x6d/0x1d0 [ 36.489826][ T3836] folio_end_writeback+0x1c/0x70 [ 36.494753][ T3836] ext4_finish_bio+0x459/0x8b0 [ 36.499515][ T3836] ext4_release_io_end+0x9f/0x1f0 [ 36.504536][ T3836] ext4_end_io_end+0x18d/0x240 [ 36.509298][ T3836] ext4_end_io_rsv_work+0x15b/0x1f0 [ 36.514492][ T3836] process_scheduled_works+0x513/0xa10 [ 36.519951][ T3836] worker_thread+0x58a/0x780 [ 36.524538][ T3836] kthread+0x22a/0x280 [ 36.528592][ T3836] ret_from_fork+0x150/0x360 [ 36.533180][ T3836] ret_from_fork_asm+0x1a/0x30 [ 36.537940][ T3836] [ 36.540249][ T3836] read to 0xffff88811b08e908 of 8 bytes by task 3836 on cpu 0: [ 36.547773][ T3836] xas_find_marked+0x213/0x620 [ 36.552534][ T3836] filemap_get_folios_tag+0xfa/0x510 [ 36.557811][ T3836] file_write_and_wait_range+0x20c/0x2f0 [ 36.563429][ T3836] generic_buffers_fsync_noflush+0x45/0x130 [ 36.569317][ T3836] ext4_sync_file+0x1e4/0x710 [ 36.573982][ T3836] vfs_fsync_range+0xc5/0xe0 [ 36.578562][ T3836] ext4_buffered_write_iter+0x34f/0x3c0 [ 36.584097][ T3836] ext4_file_write_iter+0x380/0xfa0 [ 36.589283][ T3836] do_iter_readv_writev+0x4fd/0x5a0 [ 36.594467][ T3836] vfs_writev+0x2e1/0x900 [ 36.598790][ T3836] __se_sys_pwritev2+0xfc/0x1c0 [ 36.603629][ T3836] __x64_sys_pwritev2+0x67/0x80 [ 36.608468][ T3836] x64_sys_call+0xe07/0x3020 [ 36.613054][ T3836] do_syscall_64+0x12c/0x370 [ 36.617635][ T3836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 36.623515][ T3836] [ 36.625820][ T3836] value changed: 0x007fffffffffffe0 -> 0x007fffffffffff00 [ 36.632911][ T3836] [ 36.635217][ T3836] Reported by Kernel Concurrency Sanitizer on: [ 36.641367][ T3836] CPU: 0 UID: 0 PID: 3836 Comm: syz.2.149 Not tainted syzkaller #0 PREEMPT(full) [ 36.650550][ T3836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 36.660590][ T3836] ================================================================== [ 36.715719][ T3847] netlink: 12 bytes leftover after parsing attributes in process `syz.4.152'. [ 36.725733][ T3847] netlink: 12 bytes leftover after parsing attributes in process `syz.4.152'. [ 36.756939][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.