last executing test programs: 2.020232338s ago: executing program 3 (id=1188): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x40000) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000380)=""/79, 0x4f}], 0x1) 1.335443646s ago: executing program 2 (id=1233): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000840)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="240000002000010327bd7000ffdbdf2502000000000000011e000000080017"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) 1.305250855s ago: executing program 2 (id=1244): syz_usbip_server_init(0x1) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2004de, &(0x7f0000000500)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x203}}, {@mblk_io_submit}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) io_setup(0x2, &(0x7f0000002380)=0x0) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x200a00, 0xc00}]) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0xc}}, 0x20) 1.165276217s ago: executing program 3 (id=1250): r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a00000004000000f100000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r2}, 0x10) close(r0) 1.038206498s ago: executing program 3 (id=1241): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff000000000000000458000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) 1.036569658s ago: executing program 0 (id=1243): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @remote}, 0x10) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmmsg$unix(r0, &(0x7f0000007b80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2404c054}}], 0x1, 0x2000c080) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x33, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x584}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 993.915949ms ago: executing program 0 (id=1246): r0 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_NON_HH_WEIGHT={0x8}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) 971.457309ms ago: executing program 0 (id=1247): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffdfffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7, 0x0, 0x6}, {}, 0x0, 0x0, 0x0, 0x1, 0x3}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 933.887399ms ago: executing program 0 (id=1249): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1800403, &(0x7f0000000bc0)={[{@nobh}, {@data_writeback}], [{@dont_hash}, {@audit}]}, 0x1, 0x5ad, &(0x7f0000000180)="$eJzs3c1vVFUbAPDnzkwLpe9rKzEqLkyjIZAoLS1g8GMBe0LwY+fGSgtBho/QGi2aWBLcmBg3LkhcuRD/CyW6dWXiwoUbV4akGsNGY3TMnbkzDO1MOy0dbu39/ZLbOeeeOz3nQp85Z+49ZyaAwhpLf5Qi9kTE5SRipK2sElnhWOO4O7+/fzrdkqjVXv0tiSTb1zw+yR6Hsyf/PRLx/TdJ7C6vrHdu4er56Wp19kqWn5i/cHlibuHqgXMXps/Onp29OPXc1NEjh48cnTx4X+dXakufuP7WOyMfnXz9i8/+Sia//OlkEsfi1zONsvbz2CxjMRZ/1GofLN+f/rse3ezKclJu/Z3clSzfwZZVyWJkMCIei5Eot/1vjsSHL+faOKCvaklEDSioRPxDQTXHAc339r29Dy71eVQCPAhLx9OfAx3iv9K4NhijMRARe5c9r8MlvQ1J6/ju25PX0y36dB0O6Gzx2o4stTz+k3psjsbOem7XndI913nTEcCp7DHd/8oG6x9blhf/8OAsXouIxzuN/9eO/zfa4v/NDdYv/gEAAAAAAGDz3DoeEc92uv9Xyu7N7Yyn6vf/ksb9vx/urhA8tgn1r33/r3R7E6oBOlg6HvFSx/m/rTm+o+Us9//GbMDkzLnq7MGIeCgi9sfAjjQ/uUodBz7efaNbWfv8v3RL62/OBczacbuy497nzEzPT9/POQMNS9cinqh0n/+T9v9Je/+fSV8PLvdYx+69N091K1s7/oF+qX0esa9j/5+0jklW/3yOifp4YKI5Kljpyfc++apb/eIf8pP2/7tWj//RpP3zeubW9/sHI+LQQqXWrXyj4//B5LVy8/en3p2en78yGTGYnFi5f2p9bYbtqhkPzXhJ43//06tf/2uN/9vicCgiFnus89F/hn/uVqb/h/yk8T+zrv5//Ympm6Nfd6u/t/7/cL1P35/tcf0PVtdrgObdTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4LypFxP8iKY230qXS+HjEcEQ8ErtK1Utz88+cufT2xZm0rP79/6XmN/2ONPJJ8/v/R9vyU8vyhyLi4Yj4tDxUz4+fvlSdyfvkAQAAAAAAAAAAAAAAAAAAYIsY7rL+P/VLOe/WAX1XyR7FOxRPJe8GALkR/1Bc4h+KS/xDcYl/KK4Nxr/bBbAN6P+hqAZ6O2xnv9sB5EH/DwAAAAAA28qtF5+/kUTE4gtD9S01mJW1bgwO5dU6oJ9KeTcAyI05vFBcpv5AcfU4+RfYxpJW6s9ap/Lus/+T/jQIAAAAAAAAAAAAAFhh355bP665/h/Ylqz/h+Ky/h+Ky/p/KC7v8YG1VvFb/w8AAAAAAAAAAAAA+ZtbuHp+ulqdvSIhsdUSAxGxBZqRQ2Iw//DM+YUJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo+TcAAP//Swsk/Q==") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000100001000000f5ffffffffffffff000a14000000060a0000000000000000000002"], 0x3c}}, 0x0) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, &(0x7f0000000000)='\x06\x00\x00\x00\x04\xb0\xfe\x98\x9a!s\x91]\xab\xc9\xa2IV\xb6-\xd9z\x81\x91\x8aP}I\xc6\x0e\xd9\v\xda\xbfS\x16 \x04\r\xcd\xdb\x9a\xd4\xaf\r\x11\xa0\xd7\xd7\xb6\x9bz\x99\xaf\xfd\x87fN\xad\x90U\xb4A\xdf\xabB\xbba\x7f\xb8\x96\x1a\xe7\xc1\xab\x16\x02\x000x0}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r2, @in6={{0xa, 0x0, 0x5, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c) 786.110842ms ago: executing program 1 (id=1258): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c000480480001800800010066696200"], 0x122}}, 0x10) 749.849722ms ago: executing program 4 (id=1259): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="30000000010101030000000000000000000000000c001980"], 0x30}}, 0x0) 698.396372ms ago: executing program 1 (id=1260): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000066000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) lsetxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x2) 697.811392ms ago: executing program 1 (id=1270): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x18}, 0x15, 0x3, 'none\x00', 0x19, 0x4, 0x10072}, 0x2c) unshare(0x22020400) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000140)={{0x84, @initdev={0xac, 0x1e, 0x4, 0x0}, 0x4e21, 0x3, 'lc\x00', 0x2, 0x7, 0x37}, {@remote, 0x4e23, 0x10000, 0xc3, 0x12d5c, 0x12d58}}, 0x44) 697.213802ms ago: executing program 4 (id=1271): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r2, &(0x7f00000004c0)=[{&(0x7f0000000500)="aefdcd9d240200005a90f57f077029eff0f64ebbee07942c22595943bb05e374cbee8ad1b7244232b0772e11b44e65d766", 0x31}], 0x1) bpf$MAP_LOOKUP_ELEM(0x2, 0x0, 0x0) 202.319757ms ago: executing program 3 (id=1261): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)={0x3c}, 0x8) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 202.036937ms ago: executing program 4 (id=1262): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') mkdir(&(0x7f00000000c0)='./control\x00', 0x10) mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0) 199.737328ms ago: executing program 1 (id=1273): unshare(0x68040200) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000009c0)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000500, 0x0, 0x0, 0x200000000530, 0x200000000560], 0x0, 0x0, &(0x7f0000000500)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}]}, 0x108) 199.534268ms ago: executing program 2 (id=1263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) dup2(r0, r1) 167.498198ms ago: executing program 4 (id=1264): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=") chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x401c5820, &(0x7f0000000000)=@v1={0x8, @aes256, 0x0, @desc3}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000600)={0xa, 0xcf, 0xccb}) 94.267569ms ago: executing program 3 (id=1265): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x511e36599023629, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f00000004c0)={{0x80}, 'port1\x00', 0x0, 0x120000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) 91.984349ms ago: executing program 2 (id=1278): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000000)={0x1, 0x0, 0x0, 0xfffffffffffffffc}) 66.628229ms ago: executing program 4 (id=1266): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ftruncate(r0, 0x2000009) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) 65.807429ms ago: executing program 2 (id=1267): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) 42.426899ms ago: executing program 3 (id=1268): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000c80)='kfree\x00', r1}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) syz_io_uring_setup(0x3c0c, &(0x7f0000000400)={0x0, 0xc890, 0x4002}, 0x0, 0x0) 286.69µs ago: executing program 1 (id=1269): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0x260, 0x260, 0xe8, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518) 0s ago: executing program 2 (id=1272): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x20, r3, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x8, 0x22}}}}}, 0x20}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.6' (ED25519) to the list of known hosts. [ 28.397401][ T29] audit: type=1400 audit(1746733800.058:65): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 28.398460][ T3305] cgroup: Unknown subsys name 'net' [ 28.420167][ T29] audit: type=1400 audit(1746733800.058:66): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.447565][ T29] audit: type=1400 audit(1746733800.098:67): avc: denied { unmount } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.565812][ T3305] cgroup: Unknown subsys name 'cpuset' [ 28.572077][ T3305] cgroup: Unknown subsys name 'rlimit' [ 28.702962][ T29] audit: type=1400 audit(1746733800.358:68): avc: denied { setattr } for pid=3305 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.726271][ T29] audit: type=1400 audit(1746733800.358:69): avc: denied { create } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.746761][ T29] audit: type=1400 audit(1746733800.358:70): avc: denied { write } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.767184][ T29] audit: type=1400 audit(1746733800.368:71): avc: denied { read } for pid=3305 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.775338][ T3307] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 28.787469][ T29] audit: type=1400 audit(1746733800.368:72): avc: denied { mounton } for pid=3305 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.821131][ T29] audit: type=1400 audit(1746733800.368:73): avc: denied { mount } for pid=3305 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 28.844529][ T29] audit: type=1400 audit(1746733800.468:74): avc: denied { relabelto } for pid=3307 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.908867][ T3305] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 30.557915][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 30.663418][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 30.719662][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.726787][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.734012][ T3315] bridge_slave_0: entered allmulticast mode [ 30.740637][ T3315] bridge_slave_0: entered promiscuous mode [ 30.749234][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.756343][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.763632][ T3315] bridge_slave_1: entered allmulticast mode [ 30.770813][ T3315] bridge_slave_1: entered promiscuous mode [ 30.779596][ T3320] chnl_net:caif_netlink_parms(): no params data found [ 30.814503][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 30.824404][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 30.836307][ T3323] chnl_net:caif_netlink_parms(): no params data found [ 30.853114][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 30.910951][ T3315] team0: Port device team_slave_0 added [ 30.921551][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.928723][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.935933][ T3314] bridge_slave_0: entered allmulticast mode [ 30.942530][ T3314] bridge_slave_0: entered promiscuous mode [ 30.954541][ T3315] team0: Port device team_slave_1 added [ 30.974880][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.981967][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.989274][ T3314] bridge_slave_1: entered allmulticast mode [ 30.995935][ T3314] bridge_slave_1: entered promiscuous mode [ 31.002059][ T3320] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.009150][ T3320] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.017088][ T3320] bridge_slave_0: entered allmulticast mode [ 31.023714][ T3320] bridge_slave_0: entered promiscuous mode [ 31.049520][ T3320] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.056637][ T3320] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.063876][ T3320] bridge_slave_1: entered allmulticast mode [ 31.070305][ T3320] bridge_slave_1: entered promiscuous mode [ 31.076809][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.083794][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.109761][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.126158][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.133314][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.140551][ T3323] bridge_slave_0: entered allmulticast mode [ 31.146989][ T3323] bridge_slave_0: entered promiscuous mode [ 31.162438][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.169561][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.195556][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.206365][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.213477][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.220680][ T3322] bridge_slave_0: entered allmulticast mode [ 31.227176][ T3322] bridge_slave_0: entered promiscuous mode [ 31.233631][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.240884][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.248094][ T3323] bridge_slave_1: entered allmulticast mode [ 31.254421][ T3323] bridge_slave_1: entered promiscuous mode [ 31.261649][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.279523][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.288747][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.295889][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.303210][ T3322] bridge_slave_1: entered allmulticast mode [ 31.310034][ T3322] bridge_slave_1: entered promiscuous mode [ 31.322109][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.337107][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.347842][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.362547][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.397060][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.416130][ T3314] team0: Port device team_slave_0 added [ 31.427238][ T3323] team0: Port device team_slave_0 added [ 31.438880][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.454234][ T3320] team0: Port device team_slave_0 added [ 31.460554][ T3314] team0: Port device team_slave_1 added [ 31.466828][ T3323] team0: Port device team_slave_1 added [ 31.474708][ T3315] hsr_slave_0: entered promiscuous mode [ 31.480696][ T3315] hsr_slave_1: entered promiscuous mode [ 31.491825][ T3320] team0: Port device team_slave_1 added [ 31.516667][ T3322] team0: Port device team_slave_0 added [ 31.532918][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.539943][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.565932][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.577038][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.583999][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.609950][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.621499][ T3322] team0: Port device team_slave_1 added [ 31.627455][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.634518][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.660503][ T3320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.676347][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.683330][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.709314][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.726410][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.733389][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.759344][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.775698][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.782669][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.808689][ T3320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.847389][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.854378][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.880441][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 31.891837][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 31.898824][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 31.924849][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 31.971473][ T3314] hsr_slave_0: entered promiscuous mode [ 31.978335][ T3314] hsr_slave_1: entered promiscuous mode [ 31.984125][ T3314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 31.991729][ T3314] Cannot create hsr debugfs directory [ 32.004841][ T3320] hsr_slave_0: entered promiscuous mode [ 32.010924][ T3320] hsr_slave_1: entered promiscuous mode [ 32.017054][ T3320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 32.024648][ T3320] Cannot create hsr debugfs directory [ 32.037060][ T3323] hsr_slave_0: entered promiscuous mode [ 32.043166][ T3323] hsr_slave_1: entered promiscuous mode [ 32.048955][ T3323] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 32.056598][ T3323] Cannot create hsr debugfs directory [ 32.096702][ T3322] hsr_slave_0: entered promiscuous mode [ 32.103812][ T3322] hsr_slave_1: entered promiscuous mode [ 32.109956][ T3322] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 32.117598][ T3322] Cannot create hsr debugfs directory [ 32.261703][ T3315] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 32.278824][ T3315] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 32.289635][ T3315] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 32.308158][ T3315] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 32.326721][ T3314] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 32.336024][ T3314] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 32.345619][ T3314] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 32.359250][ T3314] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 32.388228][ T3320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 32.403420][ T3320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 32.412886][ T3320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 32.424033][ T3320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 32.452935][ T3323] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 32.462445][ T3323] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 32.479065][ T3323] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 32.494517][ T3323] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 32.513268][ T3322] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 32.522441][ T3322] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 32.542106][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.549347][ T3322] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 32.557977][ T3322] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 32.570069][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.588031][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.607508][ T557] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.614655][ T557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.631159][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.640910][ T557] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.648025][ T557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.666957][ T557] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.674025][ T557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.691051][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.699288][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.706386][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.726017][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.755530][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.771719][ T3323] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.782787][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.789959][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.798530][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.805612][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.822952][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.830120][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.839669][ T147] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.846726][ T147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.864170][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.873123][ T3315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.904200][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.922475][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.929665][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.963215][ T3322] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.973645][ T3322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.994602][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.001719][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.030856][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.056022][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.126121][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.149912][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.174824][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.217056][ T3315] veth0_vlan: entered promiscuous mode [ 33.252617][ T3314] veth0_vlan: entered promiscuous mode [ 33.260814][ T3315] veth1_vlan: entered promiscuous mode [ 33.270920][ T3314] veth1_vlan: entered promiscuous mode [ 33.318420][ T3315] veth0_macvtap: entered promiscuous mode [ 33.326142][ T3315] veth1_macvtap: entered promiscuous mode [ 33.337119][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.358278][ T3314] veth0_macvtap: entered promiscuous mode [ 33.367275][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.381101][ T3322] veth0_vlan: entered promiscuous mode [ 33.392491][ T3315] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.401288][ T3315] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.410008][ T3315] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.418743][ T3315] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.435382][ T3322] veth1_vlan: entered promiscuous mode [ 33.446716][ T3314] veth1_macvtap: entered promiscuous mode [ 33.453219][ T3320] veth0_vlan: entered promiscuous mode [ 33.469337][ T3320] veth1_vlan: entered promiscuous mode [ 33.485091][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 33.485116][ T29] audit: type=1400 audit(1746733805.148:84): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hUFI6w/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 33.488730][ T3314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.499137][ T29] audit: type=1400 audit(1746733805.148:85): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 33.515332][ T3314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.525754][ T29] audit: type=1400 audit(1746733805.148:86): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hUFI6w/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 33.550171][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.557544][ T29] audit: type=1400 audit(1746733805.148:87): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 33.586672][ T3322] veth0_macvtap: entered promiscuous mode [ 33.589848][ T29] audit: type=1400 audit(1746733805.148:88): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hUFI6w/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 33.626711][ T3322] veth1_macvtap: entered promiscuous mode [ 33.643885][ T29] audit: type=1400 audit(1746733805.148:89): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/root/syzkaller.hUFI6w/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3668 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 33.657457][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.676948][ T29] audit: type=1400 audit(1746733805.148:90): avc: denied { unmount } for pid=3315 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 33.687369][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.687381][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 33.687393][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.689994][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.712490][ T29] audit: type=1400 audit(1746733805.378:91): avc: denied { mounton } for pid=3315 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 33.720814][ T3320] veth0_macvtap: entered promiscuous mode [ 33.727215][ T29] audit: type=1400 audit(1746733805.378:92): avc: denied { mount } for pid=3315 comm="syz-executor" name="/" dev="gadgetfs" ino=3669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 33.751264][ T3314] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.805625][ T3314] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.823552][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.833514][ T3323] veth0_vlan: entered promiscuous mode [ 33.840800][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 33.841913][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.865947][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.875798][ T3322] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 33.886332][ T3322] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 33.896872][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.911012][ T3314] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.919893][ T3314] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.928635][ T3314] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.937477][ T3314] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.950387][ T3322] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.959299][ T3322] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.968038][ T3322] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.976840][ T3322] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 33.990244][ T3323] veth1_vlan: entered promiscuous mode [ 33.995778][ T29] audit: type=1400 audit(1746733805.648:93): avc: denied { read write } for pid=3315 comm="syz-executor" name="loop3" dev="devtmpfs" ino=103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 33.997992][ T3320] veth1_macvtap: entered promiscuous mode [ 34.042458][ T3323] veth0_macvtap: entered promiscuous mode [ 34.067188][ T3323] veth1_macvtap: entered promiscuous mode [ 34.088058][ T3320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.098766][ T3320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.101093][ T3457] capability: warning: `syz.3.7' uses deprecated v2 capabilities in a way that may be insecure [ 34.108609][ T3320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.108642][ T3320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.108652][ T3320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.108667][ T3320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.113668][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.169106][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.179716][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.189618][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.200187][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.210123][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.220629][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.230491][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 34.240930][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.251842][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.270228][ T3320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.280809][ T3320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.290769][ T3320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.301395][ T3320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.311220][ T3320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.321789][ T3320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.333569][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.351155][ T3320] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.360011][ T3320] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.368801][ T3320] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.377616][ T3320] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.407313][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.417936][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.427791][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.438328][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.448188][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.458617][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.468432][ T3323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 34.478927][ T3323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 34.492550][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.506673][ T3323] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.515527][ T3323] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.524294][ T3323] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.533064][ T3323] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.558688][ T3468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 34.586470][ T3468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.874905][ T3500] loop1: detected capacity change from 0 to 1024 [ 34.904870][ T3500] ======================================================= [ 34.904870][ T3500] WARNING: The mand mount option has been deprecated and [ 34.904870][ T3500] and is ignored by this kernel. Remove the mand [ 34.904870][ T3500] option from the mount to silence this warning. [ 34.904870][ T3500] ======================================================= [ 34.985261][ T3500] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.053365][ T3500] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.21: Allocating blocks 497-513 which overlap fs metadata [ 35.068775][ T3500] EXT4-fs (loop1): pa ffff8881076ac070: logic 256, phys. 369, len 9 [ 35.076924][ T3500] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 35.100620][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.128552][ T3521] loop0: detected capacity change from 0 to 1024 [ 35.157492][ T3521] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.240912][ T3536] loop3: detected capacity change from 0 to 2048 [ 35.265940][ T3538] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=3538 comm=syz.4.37 [ 35.302776][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.321647][ T3536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.408549][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.486848][ T3556] loop2: detected capacity change from 0 to 2048 [ 35.589330][ T3528] loop2: p1 < > p4 [ 35.621760][ T3528] loop2: p4 size 8388608 extends beyond EOD, truncated [ 35.674777][ T3556] loop2: p1 < > p4 [ 35.693171][ T3556] loop2: p4 size 8388608 extends beyond EOD, truncated [ 35.909572][ T3484] udevd[3484]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 35.909951][ T3528] udevd[3528]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 35.967820][ T3582] bond1: entered promiscuous mode [ 35.972918][ T3582] bond1: entered allmulticast mode [ 36.025920][ T3582] 8021q: adding VLAN 0 to HW filter on device bond1 [ 36.036660][ T3582] bond1 (unregistering): Released all slaves [ 36.055181][ T3589] syz.3.60 uses obsolete (PF_INET,SOCK_PACKET) [ 36.063312][ T3589] syzkaller1: entered promiscuous mode [ 36.068954][ T3589] syzkaller1: entered allmulticast mode [ 36.567414][ T3623] netlink: 8 bytes leftover after parsing attributes in process `syz.3.76'. [ 36.905643][ T3647] bond1: entered promiscuous mode [ 36.910804][ T3647] bond1: entered allmulticast mode [ 36.919532][ T3647] 8021q: adding VLAN 0 to HW filter on device bond1 [ 36.929952][ T3647] bond1 (unregistering): Released all slaves [ 37.029034][ T3689] netlink: 4 bytes leftover after parsing attributes in process `syz.3.90'. [ 37.096134][ T3689] bond0: (slave bond_slave_0): Releasing backup interface [ 37.154593][ T3713] x_tables: unsorted underflow at hook 1 [ 37.173879][ T3709] bridge_slave_0: left allmulticast mode [ 37.179731][ T3709] bridge_slave_0: left promiscuous mode [ 37.185579][ T3709] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.227796][ T3709] bridge_slave_1: left allmulticast mode [ 37.233510][ T3709] bridge_slave_1: left promiscuous mode [ 37.239411][ T3709] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.282373][ T3726] loop4: detected capacity change from 0 to 512 [ 37.291420][ T3709] bond0: (slave bond_slave_0): Releasing backup interface [ 37.305910][ T3726] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 37.333338][ T3709] bond0: (slave bond_slave_1): Releasing backup interface [ 37.350771][ T3726] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.370611][ T3709] team0: Port device team_slave_0 removed [ 37.390172][ T3726] EXT4-fs: Ignoring sb option on remount [ 37.395937][ T3726] EXT4-fs: Ignoring removed orlov option [ 37.401654][ T3726] EXT4-fs: Remounting file system with no journal so ignoring journalled data option [ 37.411412][ T3726] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 37.421627][ T3726] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 37.430758][ T3709] team0: Port device team_slave_1 removed [ 37.439718][ T3709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 37.447284][ T3709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 37.464756][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.480116][ T3709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 37.487677][ T3709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 37.514362][ T3747] loop4: detected capacity change from 0 to 128 [ 37.532377][ T3747] FAT-fs (loop4): bogus number of reserved sectors [ 37.539140][ T3747] FAT-fs (loop4): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 37.548534][ T3747] FAT-fs (loop4): Can't find a valid FAT filesystem [ 37.731403][ T3709] syz.2.94 (3709) used greatest stack depth: 10944 bytes left [ 37.784837][ T3742] IPv6: Can't replace route, no match found [ 37.791695][ T3756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.106'. [ 37.908530][ T3757] 9pnet: Could not find request transport: 0xffffffffffffffff [ 37.997932][ T3772] loop3: detected capacity change from 0 to 512 [ 38.022305][ T3772] EXT4-fs error (device loop3): ext4_iget_extra_inode:4693: inode #15: comm syz.3.112: corrupted in-inode xattr: invalid ea_ino [ 38.051641][ T3772] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.112: couldn't read orphan inode 15 (err -117) [ 38.056334][ T3779] loop2: detected capacity change from 0 to 512 [ 38.067145][ T3772] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.116219][ T3779] EXT4-fs: Ignoring removed nobh option [ 38.138311][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.144764][ T3779] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.115: invalid indirect mapped block 256 (level 2) [ 38.172645][ T3779] EXT4-fs (loop2): 2 truncates cleaned up [ 38.179818][ T3779] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.228018][ T3782] loop1: detected capacity change from 0 to 2048 [ 38.238778][ T3786] bond1: entered promiscuous mode [ 38.243853][ T3786] bond1: entered allmulticast mode [ 38.292774][ T3782] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.318145][ T3786] 8021q: adding VLAN 0 to HW filter on device bond1 [ 38.351089][ T3782] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.382967][ T3786] bond1 (unregistering): Released all slaves [ 38.467651][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.629163][ T29] kauditd_printk_skb: 176 callbacks suppressed [ 38.629179][ T29] audit: type=1400 audit(1746733811.294:270): avc: denied { create } for pid=3808 comm="syz.3.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 38.715974][ T29] audit: type=1400 audit(1746733811.324:271): avc: denied { write } for pid=3808 comm="syz.3.126" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 38.736624][ T29] audit: type=1400 audit(1746733811.334:272): avc: denied { create } for pid=3810 comm="syz.4.127" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 38.757918][ T29] audit: type=1400 audit(1746733811.334:273): avc: denied { map } for pid=3810 comm="syz.4.127" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=5406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 38.778901][ T3809] infiniband syz!: set active [ 38.782196][ T29] audit: type=1400 audit(1746733811.334:274): avc: denied { read write } for pid=3810 comm="syz.4.127" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=5406 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 38.786970][ T3809] infiniband syz!: added team_slave_0 [ 38.811523][ T29] audit: type=1400 audit(1746733811.374:275): avc: denied { create } for pid=3807 comm="syz.1.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.837151][ T29] audit: type=1400 audit(1746733811.374:276): avc: denied { read } for pid=3807 comm="syz.1.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.935659][ T29] audit: type=1400 audit(1746733811.534:277): avc: denied { connect } for pid=3807 comm="syz.1.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.955137][ T29] audit: type=1400 audit(1746733811.554:278): avc: denied { ioctl } for pid=3807 comm="syz.1.123" path="socket:[4058]" dev="sockfs" ino=4058 ioctlcmd=0x8907 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 38.979825][ T29] audit: type=1400 audit(1746733811.554:279): avc: denied { write } for pid=3807 comm="syz.1.123" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 39.015568][ T3809] RDS/IB: syz!: added [ 39.022244][ T3809] smc: adding ib device syz! with port count 1 [ 39.042414][ T3809] smc: ib device syz! port 1 has pnetid [ 39.051541][ T3694] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm kworker/u8:41: bg 0: block 5: invalid block bitmap [ 39.084921][ T3694] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 39.097544][ T3694] EXT4-fs (loop2): This should not happen!! Data will be lost [ 39.097544][ T3694] [ 39.107227][ T3694] EXT4-fs (loop2): Total free blocks count 0 [ 39.113245][ T3694] EXT4-fs (loop2): Free/Dirty block details [ 39.119228][ T3694] EXT4-fs (loop2): free_blocks=0 [ 39.124192][ T3694] EXT4-fs (loop2): dirty_blocks=16016 [ 39.129755][ T3694] EXT4-fs (loop2): Block reservation details [ 39.136088][ T3694] EXT4-fs (loop2): i_reserved_data_blocks=16016 [ 39.160020][ T3823] capability: warning: `syz.1.130' uses 32-bit capabilities (legacy support in use) [ 39.188757][ T3675] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 39.238908][ T3823] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3823 comm=syz.1.130 [ 39.387339][ T3835] loop4: detected capacity change from 0 to 1024 [ 39.396560][ T3835] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 39.407588][ T3835] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 39.434974][ T3835] JBD2: no valid journal superblock found [ 39.440762][ T3835] EXT4-fs (loop4): Could not load journal inode [ 39.485460][ T3841] SELinux: syz.2.131 (3841) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 39.528491][ T3835] loop4: detected capacity change from 0 to 512 [ 39.540533][ T3835] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -13 [ 39.564671][ T3835] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 39.604076][ T3835] EXT4-fs warning (device loop4): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 39.628999][ T3835] EXT4-fs (loop4): 1 truncate cleaned up [ 39.630229][ T3809] syz.3.126 (3809) used greatest stack depth: 10648 bytes left [ 39.639761][ T3845] SELinux: failed to load policy [ 39.658133][ T3835] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.703065][ T3835] EXT4-fs warning (device loop4): ext4_lookup:1801: Inconsistent encryption contexts: 2/12 [ 39.736779][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.777270][ T3860] netlink: 'syz.4.144': attribute type 13 has an invalid length. [ 39.835126][ T3860] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.842527][ T3860] bridge0: port 1(bridge_slave_0) entered disabled state [ 39.920516][ T3860] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 39.939072][ T3860] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 39.975595][ T3860] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.984537][ T3860] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.993937][ T3860] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.003004][ T3860] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.069854][ T3865] xt_hashlimit: max too large, truncated to 1048576 [ 40.103272][ T3867] loop4: detected capacity change from 0 to 1024 [ 40.132340][ T3867] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.168206][ T3875] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 40.200333][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.274502][ T3883] loop4: detected capacity change from 0 to 4096 [ 40.302000][ T3883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.335348][ T3883] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 40.369580][ T3894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'. [ 40.446658][ T3894] syz.0.158 (3894) used greatest stack depth: 10272 bytes left [ 40.470873][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.479025][ T3902] process 'syz.0.161' launched './file1' with NULL argv: empty string added [ 40.600045][ T3917] loop0: detected capacity change from 0 to 512 [ 40.628297][ T3917] EXT4-fs: inline encryption not supported [ 40.666396][ T3925] loop3: detected capacity change from 0 to 164 [ 40.673950][ T3917] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 40.687266][ T3925] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 40.699168][ T3918] loop2: detected capacity change from 0 to 8192 [ 40.702834][ T3917] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 40.743018][ T3917] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.756292][ T3925] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 40.768242][ T3925] Symlink component flag not implemented [ 40.773949][ T3925] Symlink component flag not implemented [ 40.789407][ T3925] Symlink component flag not implemented (7) [ 40.795657][ T3925] Symlink component flag not implemented (116) [ 40.855150][ C1] hrtimer: interrupt took 37683 ns [ 40.979423][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 41.278174][ T3963] loop0: detected capacity change from 0 to 256 [ 41.445016][ T3975] wireguard0: entered promiscuous mode [ 41.450587][ T3975] wireguard0: entered allmulticast mode [ 41.647958][ T3997] netlink: 16 bytes leftover after parsing attributes in process `syz.3.200'. [ 41.809323][ T4016] program syz.0.209 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 41.912561][ T4020] loop0: detected capacity change from 0 to 8192 [ 42.000039][ T4027] netlink: 20 bytes leftover after parsing attributes in process `syz.3.213'. [ 42.261297][ T4031] mmap: syz.1.216 (4031) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 42.388336][ T4047] Zero length message leads to an empty skb [ 42.413938][ T4051] SELinux: syz.1.225 (4051) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 42.461303][ T4057] netlink: 'syz.0.227': attribute type 1 has an invalid length. [ 42.469087][ T4057] netlink: 'syz.0.227': attribute type 2 has an invalid length. [ 42.547435][ T4065] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 42.981201][ T4085] loop4: detected capacity change from 0 to 512 [ 42.991656][ T4085] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 43.020826][ T4085] EXT4-fs (loop4): invalid journal inode [ 43.036865][ T4085] EXT4-fs (loop4): can't get journal size [ 43.054770][ T4085] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a056c119, mo2=0002] [ 43.089907][ T4085] System zones: 1-12, 13-13 [ 43.102791][ T4085] EXT4-fs error (device loop4): ext4_iget_extra_inode:4693: inode #15: comm syz.4.240: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 43.131800][ T4085] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.240: couldn't read orphan inode 15 (err -117) [ 43.154351][ T4085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.187178][ T4085] EXT4-fs (loop4): shut down requested (1) [ 43.203791][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.277076][ T4100] netlink: 268 bytes leftover after parsing attributes in process `syz.0.247'. [ 43.286327][ T4100] unsupported nla_type 65024 [ 43.318940][ T4106] loop2: detected capacity change from 0 to 512 [ 43.346942][ T4106] EXT4-fs: Ignoring removed oldalloc option [ 43.379285][ T4106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.399057][ T4118] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4118 comm=syz.3.256 [ 43.411578][ T4118] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=4118 comm=syz.3.256 [ 43.419917][ T4106] ext4 filesystem being mounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 43.456473][ T4119] loop0: detected capacity change from 0 to 256 [ 43.521918][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.552875][ T4129] loop0: detected capacity change from 0 to 512 [ 43.572250][ T4129] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 43.585677][ T4129] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 43.614162][ T4135] kernel profiling enabled (shift: 0) [ 43.615045][ T4133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.263'. [ 43.709717][ T4129] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 43.727712][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 43.727727][ T29] audit: type=1400 audit(1746733816.394:399): avc: denied { block_suspend } for pid=4138 comm="syz.2.266" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 43.771421][ T4129] EXT4-fs (loop0): 1 truncate cleaned up [ 43.777831][ T4129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.804912][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.873693][ T29] audit: type=1400 audit(1746733816.534:400): avc: denied { listen } for pid=4151 comm="syz.2.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 43.893064][ T29] audit: type=1400 audit(1746733816.534:401): avc: denied { mounton } for pid=4151 comm="syz.2.270" path="/51/file0" dev="tmpfs" ino=283 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 43.940538][ T29] audit: type=1326 audit(1746733816.564:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 43.963957][ T29] audit: type=1326 audit(1746733816.564:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 43.987289][ T29] audit: type=1326 audit(1746733816.564:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 44.010594][ T29] audit: type=1326 audit(1746733816.584:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 44.033906][ T29] audit: type=1326 audit(1746733816.594:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 44.057211][ T29] audit: type=1326 audit(1746733816.594:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 44.080539][ T29] audit: type=1326 audit(1746733816.594:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4153 comm="syz.3.269" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 44.246574][ T4174] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 44.342189][ T4187] loop4: detected capacity change from 0 to 512 [ 44.351652][ T4187] EXT4-fs: Ignoring removed oldalloc option [ 44.361666][ T4187] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.382716][ T4187] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 44.446587][ T4194] netlink: 132 bytes leftover after parsing attributes in process `syz.0.287'. [ 44.457675][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.643130][ T4216] SELinux: security policydb version 18 (MLS) not backwards compatible [ 44.662107][ T4216] SELinux: failed to load policy [ 44.766841][ T4231] netlink: 24 bytes leftover after parsing attributes in process `syz.1.303'. [ 44.818027][ T4237] netlink: 20 bytes leftover after parsing attributes in process `syz.4.306'. [ 44.824982][ T4239] 9pnet: p9_errstr2errno: server reported unknown error @cF S [ 44.826990][ T4237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.306'. [ 44.901662][ T4247] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 101 [ 45.011329][ T4255] loop0: detected capacity change from 0 to 512 [ 45.028106][ T4257] netlink: 'syz.3.316': attribute type 1 has an invalid length. [ 45.035934][ T4257] netlink: 28 bytes leftover after parsing attributes in process `syz.3.316'. [ 45.067897][ T4255] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.084976][ T4257] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.086042][ T4255] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.092195][ T4257] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.113879][ T4263] loop2: detected capacity change from 0 to 512 [ 45.147197][ T4263] EXT4-fs (loop2): orphan cleanup on readonly fs [ 45.156184][ T4263] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.308: bg 0: block 248: padding at end of block bitmap is not set [ 45.189276][ T4255] EXT4-fs (loop0): shut down requested (0) [ 45.219327][ T4263] EXT4-fs error (device loop2): ext4_acquire_dquot:6935: comm syz.2.308: Failed to acquire dquot type 1 [ 45.241495][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.282944][ T4263] EXT4-fs (loop2): 1 truncate cleaned up [ 45.300710][ T4263] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 45.415892][ T4281] SELinux: syz.0.325 (4281) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 45.642138][ T4263] syz.2.308 (4263) used greatest stack depth: 9360 bytes left [ 45.650182][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.730632][ T4306] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=4306 comm=syz.2.336 [ 45.749705][ T4308] binfmt_misc: register: failed to install interpreter file ./file2 [ 45.759704][ T4311] netlink: 664 bytes leftover after parsing attributes in process `syz.0.338'. [ 46.032613][ T4349] netlink: 'syz.3.367': attribute type 1 has an invalid length. [ 46.040425][ T4349] NCSI netlink: No device for ifindex 540032276 [ 46.135245][ T4368] pim6reg1: entered promiscuous mode [ 46.140617][ T4368] pim6reg1: entered allmulticast mode [ 46.270341][ T4390] lo speed is unknown, defaulting to 1000 [ 46.276366][ T4390] lo speed is unknown, defaulting to 1000 [ 46.288134][ T4390] lo speed is unknown, defaulting to 1000 [ 46.296845][ T4390] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 46.319910][ T4390] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 46.349471][ T4390] lo speed is unknown, defaulting to 1000 [ 46.363413][ T4390] lo speed is unknown, defaulting to 1000 [ 46.371902][ T4390] lo speed is unknown, defaulting to 1000 [ 46.378721][ T4390] lo speed is unknown, defaulting to 1000 [ 46.386527][ T4390] lo speed is unknown, defaulting to 1000 [ 46.573516][ T4432] SELinux: ebitmap: truncated map [ 46.580128][ T4432] SELinux: failed to load policy [ 46.698677][ T4457] loop0: detected capacity change from 0 to 2048 [ 46.719462][ T4457] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.762160][ T4468] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in; [ 46.762160][ T4468] program syz.2.408 not setting count and/or reply_len properly [ 46.867839][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.907723][ T4484] loop0: detected capacity change from 0 to 512 [ 46.946049][ T4493] program syz.3.420 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 46.960308][ T4484] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.984318][ T4484] ext4 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.017702][ T4498] pim6reg1: entered promiscuous mode [ 47.023254][ T4498] pim6reg1: entered allmulticast mode [ 47.033947][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.122056][ T4515] __nla_validate_parse: 12 callbacks suppressed [ 47.122074][ T4515] netlink: 56 bytes leftover after parsing attributes in process `syz.3.429'. [ 47.179978][ T4525] syzkaller1: entered promiscuous mode [ 47.185721][ T4525] syzkaller1: entered allmulticast mode [ 47.239927][ T4527] loop3: detected capacity change from 0 to 8192 [ 47.518312][ T4542] loop0: detected capacity change from 0 to 8192 [ 47.564966][ T4542] loop0: p3 < > p4 [ 47.570461][ T4542] loop0: p4 start 131072 is beyond EOD, truncated [ 47.723530][ T4574] loop4: detected capacity change from 0 to 2048 [ 47.747777][ T4574] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.957202][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.180122][ T4628] netlink: 'syz.3.472': attribute type 3 has an invalid length. [ 48.212888][ T4632] loop2: detected capacity change from 0 to 2048 [ 48.230326][ T4632] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.304338][ T4650] loop3: detected capacity change from 0 to 512 [ 48.316735][ T4650] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 48.345089][ T4650] EXT4-fs (loop3): 1 truncate cleaned up [ 48.363609][ T4650] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.473518][ T4665] SELinux: Context : is not valid (left unmapped). [ 48.487791][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.505520][ T4667] batadv_slave_1: entered promiscuous mode [ 48.518404][ T4666] batadv_slave_1: left promiscuous mode [ 48.685812][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.753412][ T4700] netlink: 8 bytes leftover after parsing attributes in process `syz.4.505'. [ 48.795360][ T4708] netlink: 'syz.3.508': attribute type 1 has an invalid length. [ 48.834000][ T29] kauditd_printk_skb: 120 callbacks suppressed [ 48.834018][ T29] audit: type=1326 audit(1746733821.494:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 48.863668][ T29] audit: type=1326 audit(1746733821.494:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 48.899180][ T4716] random: crng reseeded on system resumption [ 48.929943][ T29] audit: type=1326 audit(1746733821.494:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 48.953439][ T29] audit: type=1326 audit(1746733821.494:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 48.976753][ T29] audit: type=1326 audit(1746733821.494:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 49.000085][ T29] audit: type=1326 audit(1746733821.494:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 49.023405][ T29] audit: type=1326 audit(1746733821.494:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 49.046756][ T29] audit: type=1326 audit(1746733821.564:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 49.070171][ T29] audit: type=1326 audit(1746733821.564:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4712 comm="syz.1.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9202fe969 code=0x7ffc0000 [ 49.093404][ T29] audit: type=1400 audit(1746733821.564:536): avc: denied { append } for pid=4715 comm="syz.2.512" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 49.271556][ T4740] netlink: 8 bytes leftover after parsing attributes in process `syz.4.523'. [ 49.327509][ T4747] loop0: detected capacity change from 0 to 512 [ 49.363780][ T4747] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 49.376884][ T4747] EXT4-fs (loop0): 1 truncate cleaned up [ 49.393079][ T4747] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.410542][ T4755] random: crng reseeded on system resumption [ 49.427409][ T4747] EXT4-fs error (device loop0): ext4_check_dx_root:2205: inode #2: comm syz.0.527: Corrupt dir, invalid name for '..', running e2fsck is recommended [ 49.507052][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.742401][ T4799] loop1: detected capacity change from 0 to 128 [ 49.769681][ T4799] SELinux: security_context_str_to_sid (root) failed with errno=-22 [ 49.795970][ T4805] batadv_slave_1: entered promiscuous mode [ 49.808141][ T4809] netlink: 'syz.1.555': attribute type 29 has an invalid length. [ 49.819512][ T4804] batadv_slave_1: left promiscuous mode [ 49.825747][ T4809] netlink: 'syz.1.555': attribute type 29 has an invalid length. [ 49.844397][ T4811] loop0: detected capacity change from 0 to 512 [ 49.844444][ T4809] netlink: 500 bytes leftover after parsing attributes in process `syz.1.555'. [ 49.853217][ T4811] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 49.891754][ T4813] sg_write: data in/out 122/10 bytes for SCSI command 0xe4-- guessing data in; [ 49.891754][ T4813] program syz.2.558 not setting count and/or reply_len properly [ 49.929799][ T4811] EXT4-fs (loop0): 1 truncate cleaned up [ 49.948197][ T4811] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.184486][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.329235][ T4864] vxcan1: tx drop: invalid da for name 0x0020000000000000 [ 50.516046][ T4891] delete_channel: no stack [ 50.554129][ T4902] netlink: 4 bytes leftover after parsing attributes in process `syz.2.597'. [ 50.571513][ T4904] netlink: 'syz.3.599': attribute type 1 has an invalid length. [ 50.579453][ T4904] netlink: 'syz.3.599': attribute type 2 has an invalid length. [ 50.594796][ T4904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.599'. [ 50.746981][ T4931] loop4: detected capacity change from 0 to 2048 [ 50.753922][ T4931] EXT4-fs: Ignoring removed nomblk_io_submit option [ 50.760986][ T4931] EXT4-fs: Ignoring removed nobh option [ 50.796952][ T4937] loop1: detected capacity change from 0 to 512 [ 50.807617][ T4937] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 50.809241][ T4931] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.840418][ T4931] EXT4-fs error (device loop4): ext4_check_all_de:659: inode #12: block 5: comm syz.4.612: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0 [ 50.862602][ T4931] EXT4-fs (loop4): Remounting filesystem read-only [ 50.880506][ T4937] EXT4-fs (loop1): 1 truncate cleaned up [ 50.888893][ T4937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.902060][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.908505][ T4937] EXT4-fs error (device loop1): ext4_check_dx_root:2205: inode #2: comm syz.1.614: Corrupt dir, invalid name for '..', running e2fsck is recommended [ 50.943779][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.961042][ T4948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.619'. [ 50.987202][ T4952] vcan0: tx drop: invalid sa for name 0x4000000000000002 [ 51.012023][ T4954] batadv0: entered promiscuous mode [ 51.019154][ T4954] batadv_slave_0: entered promiscuous mode [ 51.025469][ T4954] batadv_slave_0: left promiscuous mode [ 51.031327][ T4954] batadv0: left promiscuous mode [ 51.076445][ T4956] lo speed is unknown, defaulting to 1000 [ 51.166915][ T4971] netlink: 16 bytes leftover after parsing attributes in process `syz.4.628'. [ 51.175907][ T4971] netlink: 16 bytes leftover after parsing attributes in process `syz.4.628'. [ 51.184910][ T4971] netlink: 16 bytes leftover after parsing attributes in process `syz.4.628'. [ 51.411749][ T5004] SELinux: syz.0.644 (5004) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 51.454115][ T5010] syz.3.646 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 51.583163][ T5028] loop4: detected capacity change from 0 to 164 [ 51.594763][ T5027] loop0: detected capacity change from 0 to 1024 [ 51.601637][ T5027] EXT4-fs: Ignoring removed orlov option [ 51.607550][ T5027] EXT4-fs: Ignoring removed bh option [ 51.616062][ T5028] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 51.627936][ T5028] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 51.659423][ T5027] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.721861][ T5048] loop1: detected capacity change from 0 to 512 [ 51.729110][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.739629][ T5048] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 51.767217][ T5048] EXT4-fs (loop1): 1 truncate cleaned up [ 51.779855][ T5048] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.819565][ T5059] ip6gretap0: entered promiscuous mode [ 51.825287][ T5059] ip6gretap0: entered allmulticast mode [ 51.844057][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.093409][ T5119] SELinux: Context is not valid (left unmapped). [ 52.210659][ T5137] loop3: detected capacity change from 0 to 1024 [ 52.220224][ T5137] EXT4-fs: Ignoring removed nobh option [ 52.225959][ T5137] EXT4-fs: Ignoring removed bh option [ 52.243629][ T5137] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.311781][ T5152] Driver unsupported XDP return value 0 on prog (id 424) dev N/A, expect packet loss! [ 52.327732][ T5154] __nla_validate_parse: 11 callbacks suppressed [ 52.327747][ T5154] netlink: 28 bytes leftover after parsing attributes in process `syz.0.713'. [ 52.343049][ T5154] netlink: 'syz.0.713': attribute type 7 has an invalid length. [ 52.350973][ T5154] netlink: 'syz.0.713': attribute type 8 has an invalid length. [ 52.358725][ T5154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.713'. [ 52.389509][ T5154] erspan0: entered promiscuous mode [ 52.395848][ T5154] gretap0: entered promiscuous mode [ 52.427389][ T5154] erspan0: left promiscuous mode [ 52.438540][ T5154] gretap0: left promiscuous mode [ 52.451168][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.463206][ T5165] loop4: detected capacity change from 0 to 512 [ 52.480189][ T5165] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 52.517057][ T5165] EXT4-fs (loop4): 1 truncate cleaned up [ 52.523241][ T5165] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.588556][ T3323] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.637626][ T5189] loop2: detected capacity change from 0 to 256 [ 52.689617][ T5196] 9pnet_fd: Insufficient options for proto=fd [ 52.711488][ T5201] netlink: 'syz.3.730': attribute type 1 has an invalid length. [ 52.764457][ T5206] futex_wake_op: syz.4.735 tries to shift op by -1; fix this program [ 52.820335][ T5215] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 52.835169][ T5215] vhci_hcd: default hub control req: 1f31 v0017 i0001 l0 [ 52.915097][ T5226] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 52.958313][ T5226] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 53.067352][ T5253] netlink: 8 bytes leftover after parsing attributes in process `syz.3.757'. [ 53.195065][ T5277] loop2: detected capacity change from 0 to 512 [ 53.201971][ T5277] EXT4-fs (loop2): unsupported inode size: 65535 [ 53.208459][ T5277] EXT4-fs (loop2): blocksize: 1024 [ 53.351120][ T5297] netlink: 20 bytes leftover after parsing attributes in process `syz.4.777'. [ 53.352003][ T5293] loop1: detected capacity change from 0 to 2048 [ 53.382197][ T5302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.780'. [ 53.430079][ T5306] netlink: 132 bytes leftover after parsing attributes in process `syz.4.782'. [ 53.471737][ T5293] loop1: unable to read partition table [ 53.477809][ T5293] loop1: partition table beyond EOD, truncated [ 53.484067][ T5293] loop_reread_partitions: partition scan of loop1 () failed (rc=-5) [ 53.631743][ T5333] vcan0: tx address claim with different name [ 53.646872][ T5339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=5339 comm=syz.2.799 [ 53.790990][ T5357] loop3: detected capacity change from 0 to 512 [ 53.820308][ T5357] EXT4-fs (loop3): 1 orphan inode deleted [ 53.832582][ T5357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.847708][ T3675] __quota_error: 349 callbacks suppressed [ 53.847721][ T3675] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 53.863408][ T3675] EXT4-fs error (device loop3): ext4_release_dquot:6971: comm kworker/u8:28: Failed to release dquot type 1 [ 53.876327][ T5357] ext4 filesystem being mounted at /167/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.878696][ T29] audit: type=1400 audit(1746733826.544:886): avc: denied { mount } for pid=5354 comm="syz.3.806" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 53.908446][ T29] audit: type=1400 audit(1746733826.544:887): avc: denied { open } for pid=5372 comm="syz.1.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 53.927619][ T29] audit: type=1400 audit(1746733826.544:888): avc: denied { kernel } for pid=5372 comm="syz.1.813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 53.950725][ T29] audit: type=1400 audit(1746733826.614:889): avc: denied { create } for pid=5374 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 53.970242][ T29] audit: type=1400 audit(1746733826.614:890): avc: denied { getopt } for pid=5374 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 53.990368][ T29] audit: type=1400 audit(1746733826.614:892): avc: denied { connect } for pid=5374 comm="syz.0.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 54.009873][ T29] audit: type=1400 audit(1746733826.614:891): avc: denied { write } for pid=5354 comm="syz.3.806" name="/" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 54.031590][ T29] audit: type=1400 audit(1746733826.614:893): avc: denied { add_name } for pid=5354 comm="syz.3.806" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 54.052281][ T29] audit: type=1400 audit(1746733826.614:895): avc: denied { create } for pid=5354 comm="syz.3.806" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 54.074028][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.241770][ T5413] SELinux: Context system_u:object_r:iptables_initrc_exec_t:s0 is not valid (left unmapped). [ 54.284148][ T5417] loop3: detected capacity change from 0 to 512 [ 54.293204][ T5417] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 54.302747][ T5417] EXT4-fs (loop3): 1 truncate cleaned up [ 54.310012][ T5417] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.327140][ T5417] EXT4-fs error (device loop3): ext4_append:79: inode #2: comm syz.3.833: Logical block already allocated [ 54.339256][ T5417] EXT4-fs (loop3): Remounting filesystem read-only [ 54.358719][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.573915][ T5459] netlink: 9 bytes leftover after parsing attributes in process `syz.2.852'. [ 54.583661][ T5459] gretap0: entered promiscuous mode [ 54.591775][ T5459] netlink: 5 bytes leftover after parsing attributes in process `syz.2.852'. [ 54.600892][ T5459] 0XD: renamed from gretap0 [ 54.608768][ T5459] 0XD: left promiscuous mode [ 54.613853][ T5459] 0XD: entered allmulticast mode [ 54.620912][ T5459] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 54.811442][ T5488] loop2: detected capacity change from 0 to 512 [ 54.819423][ T5488] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 54.848241][ T5488] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.861305][ T5494] loop0: detected capacity change from 0 to 512 [ 54.862422][ T5488] ext4 filesystem being mounted at /189/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.880378][ T5494] EXT4-fs (loop0): orphan cleanup on readonly fs [ 54.880771][ T5488] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.865: corrupted xattr block 32: bad e_name length [ 54.888399][ T5494] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.867: bg 0: block 248: padding at end of block bitmap is not set [ 54.901764][ T5488] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 54.915222][ T5494] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.867: Failed to acquire dquot type 1 [ 54.923654][ T5488] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.865: corrupted xattr block 32: bad e_name length [ 54.936673][ T5494] EXT4-fs (loop0): 1 truncate cleaned up [ 54.950147][ T5488] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop2 ino=15 [ 54.963096][ T5488] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.865: corrupted xattr block 32: bad e_name length [ 54.963559][ T5494] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 55.001878][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.012935][ T3314] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.188395][ T5512] loop2: detected capacity change from 0 to 2048 [ 55.226353][ T5512] Alternate GPT is invalid, using primary GPT. [ 55.232843][ T5512] loop2: p1 p2 p3 [ 55.364688][ T5532] x_tables: duplicate underflow at hook 1 [ 55.480325][ T5551] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 55.511835][ T5553] netlink: 76 bytes leftover after parsing attributes in process `syz.3.891'. [ 55.622198][ T5569] netlink: 20 bytes leftover after parsing attributes in process `syz.2.902'. [ 55.723762][ T5579] loop2: detected capacity change from 0 to 512 [ 55.737955][ T5579] EXT4-fs (loop2): 1 orphan inode deleted [ 55.744151][ T5579] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.757005][ T5579] ext4 filesystem being mounted at /213/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.767691][ T3694] EXT4-fs error (device loop2): ext4_release_dquot:6971: comm kworker/u8:41: Failed to release dquot type 1 [ 55.799291][ T3322] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.818377][ T5589] loop2: detected capacity change from 0 to 256 [ 55.848449][ T5594] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.884182][ T5596] Invalid ELF header magic: != ELF [ 55.997349][ T5618] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 56.122482][ T5636] netlink: 'syz.0.932': attribute type 12 has an invalid length. [ 56.271528][ T5650] lo speed is unknown, defaulting to 1000 [ 56.333414][ T5651] lo speed is unknown, defaulting to 1000 [ 56.372499][ T5659] loop3: detected capacity change from 0 to 764 [ 56.413761][ T5659] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 56.535117][ T5678] vlan0: entered promiscuous mode [ 56.747962][ T5666] loop1: detected capacity change from 0 to 32768 [ 56.805742][ T5666] loop1: p1 p2 p3 < p5 p6 > [ 56.810797][ T5666] loop1: p1 size 242222080 extends beyond EOD, truncated [ 56.829870][ T5702] IPv6: NLM_F_CREATE should be specified when creating new route [ 56.849366][ T5666] loop1: p2 start 4294967295 is beyond EOD, truncated [ 57.219583][ T5735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 57.228401][ T5735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 57.258638][ T5737] loop0: detected capacity change from 0 to 512 [ 57.266420][ T5737] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 57.296968][ T5737] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.310366][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.324439][ T5737] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 57.333531][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.350268][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.364288][ T5737] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 57.364416][ T5744] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.367276][ T5744] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 57.376129][ T5737] EXT4-fs error (device loop0): ext4_get_inode_usage:884: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.423501][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.427814][ T5748] loop1: detected capacity change from 0 to 2048 [ 57.438336][ T5737] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 57.453115][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.467601][ T5737] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 57.481794][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.497256][ T5737] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 57.506545][ T5737] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.981: corrupted xattr block 19: overlapping e_value [ 57.610369][ T5764] netlink: 'syz.3.990': attribute type 12 has an invalid length. [ 57.634389][ T5766] IPv6: NLM_F_CREATE should be specified when creating new route [ 57.704021][ T5772] loop0: detected capacity change from 0 to 764 [ 57.716918][ T5772] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 58.043927][ T5803] lo speed is unknown, defaulting to 1000 [ 58.162737][ T5818] loop4: detected capacity change from 0 to 1024 [ 58.186517][ T5818] EXT4-fs: inline encryption not supported [ 58.204667][ T5818] EXT4-fs: Ignoring removed bh option [ 58.223090][ T5824] __nla_validate_parse: 2 callbacks suppressed [ 58.223110][ T5824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1018'. [ 58.258484][ T5828] batadv0: entered promiscuous mode [ 58.265259][ T5828] batadv_slave_0: entered promiscuous mode [ 58.271200][ T5828] batadv_slave_0: left promiscuous mode [ 58.286685][ T5828] batadv0: left promiscuous mode [ 58.293637][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1021'. [ 58.398896][ T5844] loop3: detected capacity change from 0 to 512 [ 58.406090][ T5844] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 58.416085][ T5844] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 58.425185][ T5844] EXT4-fs (loop3): Couldn't mount because of unsupported optional features (fffc1829) [ 58.436079][ T5838] SELinux: failed to load policy [ 58.556116][ T5860] loop0: detected capacity change from 0 to 2048 [ 58.564231][ T5860] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.571409][ T5860] EXT4-fs: Ignoring removed nobh option [ 58.584395][ T5865] batadv0: entered promiscuous mode [ 58.590873][ T5865] batadv_slave_0: entered promiscuous mode [ 58.596956][ T5865] batadv_slave_0: left promiscuous mode [ 58.604388][ T5865] batadv0: left promiscuous mode [ 58.621564][ T5860] EXT4-fs error (device loop0): ext4_check_all_de:659: inode #12: block 5: comm syz.0.1035: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=7952, size=124 fake=0 [ 58.643989][ T5860] EXT4-fs (loop0): Remounting filesystem read-only [ 58.702618][ T5881] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1040'. [ 58.936775][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 58.945917][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 58.954926][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 58.983146][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 58.992196][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 59.001385][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 59.001827][ T5895] loop3: detected capacity change from 0 to 32768 [ 59.037751][ T5910] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1056'. [ 59.055601][ T5895] loop3: p1 p2 p3 < p5 p6 > [ 59.060579][ T5895] loop3: p1 size 242222080 extends beyond EOD, truncated [ 59.072745][ T5895] loop3: p2 start 4294967295 is beyond EOD, truncated [ 59.191052][ T5933] ip6gretap0: entered promiscuous mode [ 59.196793][ T5933] ip6gretap0: entered allmulticast mode [ 59.203794][ T5935] loop4: detected capacity change from 0 to 2048 [ 59.544379][ T5961] loop4: detected capacity change from 0 to 32768 [ 59.585073][ T5961] loop4: p1 p2 p3 < p5 p6 > [ 59.589813][ T5961] loop4: p1 size 242222080 extends beyond EOD, truncated [ 59.598543][ T5977] loop3: detected capacity change from 0 to 2048 [ 59.605318][ T5961] loop4: p2 start 4294967295 is beyond EOD, truncated [ 59.615673][ T29] kauditd_printk_skb: 274 callbacks suppressed [ 59.615736][ T29] audit: type=1400 audit(1746733832.284:1166): avc: denied { connect } for pid=5971 comm="syz.2.1085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 59.727765][ T5982] lo speed is unknown, defaulting to 1000 [ 59.759188][ T29] audit: type=1400 audit(1746733832.424:1167): avc: denied { read } for pid=5988 comm="syz.1.1099" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.804613][ T29] audit: type=1400 audit(1746733832.424:1168): avc: denied { open } for pid=5988 comm="syz.1.1099" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.828721][ T29] audit: type=1400 audit(1746733832.424:1169): avc: denied { ioctl } for pid=5988 comm="syz.1.1099" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x2275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 59.943882][ T5994] SELinux: failed to load policy [ 60.067474][ T6014] loop1: detected capacity change from 0 to 512 [ 60.100778][ T6014] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 60.110734][ T6014] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 60.119823][ T6014] EXT4-fs (loop1): Couldn't mount because of unsupported optional features (fffc1829) [ 60.188082][ T6023] serio: Serial port ptm0 [ 60.223056][ T6029] bond1: entered promiscuous mode [ 60.229888][ T6029] 8021q: adding VLAN 0 to HW filter on device bond1 [ 60.280192][ T6033] loop0: detected capacity change from 0 to 2048 [ 60.331933][ T6042] netlink: 'syz.1.1110': attribute type 7 has an invalid length. [ 60.339825][ T6042] netlink: 'syz.1.1110': attribute type 8 has an invalid length. [ 60.365966][ T6045] 9pnet_fd: Insufficient options for proto=fd [ 60.381051][ T6042] erspan0: entered promiscuous mode [ 60.392412][ T6042] gretap0: entered promiscuous mode [ 60.403417][ T6042] erspan0: left promiscuous mode [ 60.423461][ T6042] gretap0: left promiscuous mode [ 60.456602][ T6054] loop2: detected capacity change from 0 to 512 [ 60.463559][ T6054] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 60.473455][ T6054] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 60.482596][ T6054] EXT4-fs (loop2): Couldn't mount because of unsupported optional features (fffc1829) [ 60.570299][ T6056] lo speed is unknown, defaulting to 1000 [ 60.620278][ T29] audit: type=1400 audit(1746733833.274:1170): avc: denied { create } for pid=6066 comm="syz.1.1119" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 60.641289][ T29] audit: type=1400 audit(1746733833.284:1171): avc: denied { unlink } for pid=3320 comm="syz-executor" name="file0" dev="tmpfs" ino=1101 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 60.714832][ T6062] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6062 comm=syz.0.1116 [ 60.754760][ T29] audit: type=1326 audit(1746733833.414:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6069 comm="syz.3.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 60.778511][ T29] audit: type=1326 audit(1746733833.414:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6069 comm="syz.3.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 60.802016][ T29] audit: type=1326 audit(1746733833.414:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6069 comm="syz.3.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 60.825825][ T29] audit: type=1326 audit(1746733833.414:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6069 comm="syz.3.1123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c730be969 code=0x7ffc0000 [ 61.090440][ T6113] serio: Serial port ptm0 [ 61.283813][ T6148] netlink: 'syz.2.1156': attribute type 7 has an invalid length. [ 61.291699][ T6148] netlink: 'syz.2.1156': attribute type 8 has an invalid length. [ 61.307407][ T6146] loop0: detected capacity change from 0 to 8192 [ 61.321117][ T6148] erspan0: entered promiscuous mode [ 61.349111][ T6148] 0XD: entered promiscuous mode [ 61.356185][ T6148] erspan0: left promiscuous mode [ 61.362305][ T6148] 0XD: left promiscuous mode [ 61.369365][ T6149] lo speed is unknown, defaulting to 1000 [ 62.061278][ T6179] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6179 comm=syz.3.1166 [ 62.158662][ T6189] hub 2-0:1.0: USB hub found [ 62.166924][ T6189] hub 2-0:1.0: 8 ports detected [ 62.199049][ T6193] x_tables: unsorted underflow at hook 1 [ 62.321843][ T6212] netlink: 'syz.1.1183': attribute type 3 has an invalid length. [ 62.379165][ T6218] hub 2-0:1.0: USB hub found [ 62.384361][ T6218] hub 2-0:1.0: 8 ports detected [ 62.592980][ T6255] loop1: detected capacity change from 0 to 512 [ 62.607687][ T6255] EXT4-fs (loop1): 1 orphan inode deleted [ 62.614303][ T6255] ext4 filesystem being mounted at /230/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.625184][ T3694] EXT4-fs error (device loop1): ext4_release_dquot:6971: comm kworker/u8:41: Failed to release dquot type 1 [ 62.663386][ T6263] loop0: detected capacity change from 0 to 512 [ 62.675193][ T6263] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 62.683902][ T6263] EXT4-fs (loop0): 1 truncate cleaned up [ 62.694310][ T6263] EXT4-fs error (device loop0): ext4_append:79: inode #2: comm syz.0.1216: Logical block already allocated [ 62.708141][ T6263] EXT4-fs (loop0): Remounting filesystem read-only [ 62.715855][ T6269] x_tables: unsorted underflow at hook 1 [ 62.883162][ T6288] loop2: detected capacity change from 0 to 512 [ 62.906842][ T6288] EXT4-fs (loop2): 1 orphan inode deleted [ 62.913236][ T6288] ext4 filesystem being mounted at /286/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.959646][ T6304] loop1: detected capacity change from 0 to 512 [ 62.969914][ T6304] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 62.980033][ T6304] EXT4-fs (loop1): 1 truncate cleaned up [ 62.989167][ T6304] EXT4-fs error (device loop1): ext4_append:79: inode #2: comm syz.1.1224: Logical block already allocated [ 63.002139][ T6304] EXT4-fs (loop1): Remounting filesystem read-only [ 63.076138][ T6321] gretap0: entered promiscuous mode [ 63.086887][ T6321] 0XD: renamed from gretap0 [ 63.094379][ T6321] 0XD: left promiscuous mode [ 63.099566][ T6321] 0XD: entered allmulticast mode [ 63.111038][ T6324] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 63.117673][ T6324] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 63.125283][ T6324] vhci_hcd vhci_hcd.0: Device attached [ 63.131985][ T6321] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 63.150848][ T6331] loop2: detected capacity change from 0 to 512 [ 63.159116][ T6331] EXT4-fs: Ignoring removed mblk_io_submit option [ 63.166164][ T6331] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 63.179811][ T6331] EXT4-fs (loop2): 1 truncate cleaned up [ 63.248289][ T6347] loop0: detected capacity change from 0 to 512 [ 63.282525][ T6347] EXT4-fs (loop0): 1 orphan inode deleted [ 63.297663][ T3694] EXT4-fs error (device loop0): ext4_release_dquot:6971: comm kworker/u8:41: Failed to release dquot type 1 [ 63.316727][ T6347] ext4 filesystem being mounted at /243/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.360863][ T6356] loop4: detected capacity change from 0 to 512 [ 63.367243][ T23] usb 5-1: new low-speed USB device number 2 using vhci_hcd [ 63.370659][ T6357] loop1: detected capacity change from 0 to 512 [ 63.385681][ T6356] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 63.396817][ T6356] EXT4-fs (loop4): 1 truncate cleaned up [ 63.419326][ T6357] ext4 filesystem being mounted at /244/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 63.442270][ T6356] EXT4-fs error (device loop4): ext4_append:79: inode #2: comm syz.4.1242: Logical block already allocated [ 63.459352][ T6356] EXT4-fs (loop4): Remounting filesystem read-only [ 63.471227][ T6369] loop0: detected capacity change from 0 to 1024 [ 63.485547][ T6369] EXT4-fs: Ignoring removed nobh option [ 63.492367][ T6369] ext2: Unknown parameter 'dont_hash' [ 63.503470][ T6371] loop1: detected capacity change from 0 to 1024 [ 63.512016][ T6369] SELinux: security_context_str_to_sid (-Xܘ7.H\ %u@) failed with errno=-22 [ 63.523610][ T6327] vhci_hcd: connection reset by peer [ 63.529304][ T3682] vhci_hcd: stop threads [ 63.533573][ T3682] vhci_hcd: release socket [ 63.538054][ T3682] vhci_hcd: disconnect device [ 63.609540][ T6389] __nla_validate_parse: 25 callbacks suppressed [ 63.609558][ T6389] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1258'. [ 63.626326][ T6389] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1258'. [ 63.646114][ T6391] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1259'. [ 63.655242][ T6391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1259'. [ 63.698698][ T3391] IPVS: starting estimator thread 0... [ 63.707168][ T6398] sg_write: data in/out 512/1 bytes for SCSI command 0xb7-- guessing data in; [ 63.707168][ T6398] program syz.4.1271 not setting count and/or reply_len properly [ 63.784686][ T6399] IPVS: using max 2592 ests per chain, 129600 per kthread [ 64.236654][ T6409] loop4: detected capacity change from 0 to 512 [ 64.253751][ T6407] lo speed is unknown, defaulting to 1000 [ 64.278719][ T6409] ext4 filesystem being mounted at /222/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 64.383091][ T6420] loop4: detected capacity change from 0 to 8192 [ 64.410840][ T6426] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 64.453378][ T6428] x_tables: duplicate underflow at hook 1 [ 64.473201][ T6420] ================================================================== [ 64.481383][ T6420] BUG: KCSAN: data-race in fat16_ent_put / fat_mirror_bhs [ 64.488554][ T6420] [ 64.490886][ T6420] write to 0xffff88812a6f13b2 of 2 bytes by task 6430 on cpu 0: [ 64.498535][ T6420] fat16_ent_put+0x28/0x60 [ 64.502970][ T6420] fat_alloc_clusters+0x4ce/0xa80 [ 64.508098][ T6420] fat_get_block+0x258/0x5e0 [ 64.512703][ T6420] __block_write_begin_int+0x419/0xf70 [ 64.518169][ T6420] cont_write_begin+0x5a3/0x8e0 [ 64.523028][ T6420] fat_write_begin+0x4f/0xe0 [ 64.527621][ T6420] cont_write_begin+0x612/0x8e0 [ 64.532478][ T6420] fat_write_begin+0x4f/0xe0 [ 64.537083][ T6420] generic_perform_write+0x181/0x490 [ 64.542385][ T6420] __generic_file_write_iter+0x9e/0x120 [ 64.547947][ T6420] generic_file_write_iter+0x8d/0x2f0 [ 64.553421][ T6420] do_iter_readv_writev+0x41e/0x4c0 [ 64.558632][ T6420] vfs_writev+0x2c9/0x870 [ 64.562980][ T6420] __se_sys_pwritev2+0xfc/0x1c0 [ 64.567848][ T6420] __x64_sys_pwritev2+0x67/0x80 [ 64.572713][ T6420] x64_sys_call+0x1cea/0x2fb0 [ 64.577523][ T6420] do_syscall_64+0xd0/0x1a0 [ 64.582037][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.587946][ T6420] [ 64.590268][ T6420] read to 0xffff88812a6f1200 of 512 bytes by task 6420 on cpu 1: [ 64.598072][ T6420] fat_mirror_bhs+0x1df/0x320 [ 64.602780][ T6420] fat_ent_write+0xd0/0xe0 [ 64.607214][ T6420] fat_chain_add+0x15b/0x3f0 [ 64.611814][ T6420] fat_get_block+0x46c/0x5e0 [ 64.616420][ T6420] __block_write_begin_int+0x419/0xf70 [ 64.621893][ T6420] cont_write_begin+0x5a3/0x8e0 [ 64.626763][ T6420] fat_write_begin+0x4f/0xe0 [ 64.631355][ T6420] cont_write_begin+0x198/0x8e0 [ 64.636225][ T6420] fat_write_begin+0x4f/0xe0 [ 64.640819][ T6420] generic_cont_expand_simple+0xad/0x150 [ 64.646463][ T6420] fat_cont_expand+0x3e/0x170 [ 64.651154][ T6420] fat_setattr+0x2a5/0x8a0 [ 64.655581][ T6420] notify_change+0x806/0x890 [ 64.660177][ T6420] do_ftruncate+0x327/0x430 [ 64.664697][ T6420] __x64_sys_ftruncate+0x68/0xc0 [ 64.669658][ T6420] x64_sys_call+0xd65/0x2fb0 [ 64.674260][ T6420] do_syscall_64+0xd0/0x1a0 [ 64.678771][ T6420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.684675][ T6420] [ 64.686999][ T6420] Reported by Kernel Concurrency Sanitizer on: [ 64.693179][ T6420] CPU: 1 UID: 0 PID: 6420 Comm: syz.4.1266 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(voluntary) [ 64.705601][ T6420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 64.715754][ T6420] ================================================================== [ 68.414715][ T23] usb 5-1: enqueue for inactive port 0 [ 68.420271][ T23] usb 5-1: enqueue for inactive port 0 [ 68.494732][ T23] vhci_hcd: vhci_device speed not set