last executing test programs: 46.29133981s ago: executing program 1 (id=98): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x200000000000000, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000140), 0x12) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c) 46.244723803s ago: executing program 1 (id=100): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x24, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x8, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r1, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{}, 0x0, &(0x7f00000004c0)=r1}, 0x20) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000021c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0x4, 0x8}, @TCA_FQ_PIE_TARGET={0x8, 0x3, 0x4}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 46.115332524s ago: executing program 1 (id=102): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000200)=0x7bc, 0x4) bind$inet(r2, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x300) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)) 45.805428869s ago: executing program 1 (id=107): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000680)='./file0/../file0/../file0/../file0\x00', 0x0, 0x1b73404, 0x0) chroot(&(0x7f0000000040)='./file0/../file0/../file0/../file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') 45.710916647s ago: executing program 1 (id=109): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000480)='kmem_cache_free\x00', r1}, 0x18) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) r4 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x10000000) 45.499698464s ago: executing program 1 (id=114): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x4}, 0x18) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000080)=@name={0x1e, 0x2, 0x1, {{0x0, 0x1}, 0x2}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x2000) 45.42061433s ago: executing program 32 (id=114): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000012c0)={&(0x7f0000000040)='kfree\x00', r0, 0x0, 0x4}, 0x18) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000080)=@name={0x1e, 0x2, 0x1, {{0x0, 0x1}, 0x2}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x2000) 45.41812544s ago: executing program 0 (id=117): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) stat(&(0x7f0000001c40)='./file0\x00', 0x0) 45.350307576s ago: executing program 0 (id=119): socket$inet_icmp_raw(0x2, 0x3, 0x1) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket(0x2a, 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000080)={'dummy0\x00'}) 44.987106785s ago: executing program 0 (id=124): r0 = io_uring_setup(0x6c4, &(0x7f0000000080)={0x0, 0x4075, 0x18, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20) 44.710157088s ago: executing program 0 (id=127): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000006c0)='./file0/file0\x00', 0x0) 44.662343311s ago: executing program 0 (id=129): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xd9}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2, 0x0, 0x2}, 0x18) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r3}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 44.323723299s ago: executing program 0 (id=136): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000100)={0x0, 0x2503, 0x1000, 0x1, 0xdb}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x12, 0x0, 0xa, 0x3, 0x0, 0x3, 0x0, 0x0, {0x2}}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r0, 0x7277, 0xa748, 0x28, 0x0, 0x0) 44.289508141s ago: executing program 33 (id=136): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_io_uring_setup(0x10e, &(0x7f0000000100)={0x0, 0x2503, 0x1000, 0x1, 0xdb}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x12, 0x0, 0xa, 0x3, 0x0, 0x3, 0x0, 0x0, {0x2}}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r0, 0x7277, 0xa748, 0x28, 0x0, 0x0) 31.219633727s ago: executing program 4 (id=434): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80d0}, 0x0) 30.436551481s ago: executing program 4 (id=436): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xeffffffa, 0xb, 0xfffffffc, 0xfffffffc, 0x7f, "db5909003a7f000700"}) syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB='discard,nfs,dots,check=strict,uid=', @ANYRESHEX=0x0, @ANYBLOB="07000deb6ee8cd825e39d00b2ec276672199236966b11536d1a9b5b55cd3ef491665db4b0833ff8a9e356c6d01f3d60c99c22443f2e21f09cc09cff3d8cf16c5d2d0d469f825c516c9e4172b1c6a6fd50ec1a08eaf822cf1411ad2eb053a0f5e4060a836136cdc4b48b610dde28ba439ab6aaed3ae02abf1e0d50f000d875e209b33ff50b89a86d8f8176e0cfdb53642ef84a626c72e298fffce51a7be7ffbcfe3f85485ee5ba692b76d440dfe911a9d18b2ccb8c78bef8e4904cd88e4ab5cfc5fe841757c9d4c1725a534a8a4ffc29525faf00f37d4cc76656ec2e62b00000000"], 0x1, 0x22d, &(0x7f0000000300)="$eJzs3b2KE1EYBuDP3exu2MatxWLAxiqodzDICuKAEJlCKwdWm10RZpvRKpfhNXhJXsZW6UbMhPwZbTQes/M8EOaFl8B3mpwU5yRv73+4vPh4/b799iWGwywGEZOYRpzFQRxG5878eTDLx7FqEgDAvhmPqzz1DOxWXefVUUSc/NSUX5MMBAAAAAAAAAAAwB9z/h8A+sf5/9uvrvPqdP79bZ3z/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA607a92/7mlXo+AODvs/8DQP/Y/wGgf+z/ANA/r16/eZEXxfk4y4YRN5OmbMru2fXPnhfnj7KZs+W7bpqmPFz0j7s+W++P4nTeP9naH8fDB13/o3v6stjoT+Ji98sHAAAAAAAAAAAAAAAAAACA/8IoW9h6v380+lXfpZXfB9i4vz+Ie4N/tgwAAAAAAAAAAAAAAAAAAADYa9efPl9WV1fvakEQhEVI/ckEAAAAAAAAAAAAAAAAAAD9s7z0m3oSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEhn+f//uwup1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0w/cAAAD//wu+k9A=") mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000340)={0x2, 0xfffffffd, 0x8, 0x6, 0x19, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) r1 = syz_open_pts(r0, 0x400) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0x2) 29.57872021s ago: executing program 4 (id=464): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r2}, 0x10) r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) 29.534770653s ago: executing program 4 (id=466): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f00000003c0)='./file0\x00', 0xa) 29.474117508s ago: executing program 4 (id=468): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r0}, 0x18) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x5) fchdir(r2) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2) close_range(r3, 0xffffffffffffffff, 0x0) 28.95310267s ago: executing program 4 (id=490): bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)=@generic={&(0x7f0000000640)='./file0\x00'}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xffffd000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) 28.906180245s ago: executing program 34 (id=490): bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x5, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)=@generic={&(0x7f0000000640)='./file0\x00'}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xffffd000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) 1.6050306s ago: executing program 7 (id=1100): socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 1.519037887s ago: executing program 5 (id=1101): socket$netlink(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000080)={0x0, 0xffa1, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) 1.518700507s ago: executing program 7 (id=1103): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) listen(r0, 0x8) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r2, &(0x7f00000002c0)="cc", 0x1, 0x20040000, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) close(r2) 1.446752703s ago: executing program 7 (id=1105): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x109a88, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioperm(0x3c, 0x1, 0x8) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ftruncate(r0, 0x2000009) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) 1.397645547s ago: executing program 2 (id=1107): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a000000030000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES32, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r3 = open(&(0x7f0000000780)='./bus\x00', 0x145c7e, 0x0) fallocate(r2, 0x0, 0x0, 0x1000f4) io_setup(0x5ff, &(0x7f0000000400)=0x0) io_submit(r4, 0x1ffffff0, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r3, &(0x7f0000000000)="96", 0xffffff20}, &(0x7f0000000740)={0x0, 0x0, 0x41, 0x3, 0x0, r2, 0x0, 0x0, 0xffffffffffffffff}]) 1.230081961s ago: executing program 2 (id=1108): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) 1.216339621s ago: executing program 2 (id=1111): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x400}, 0x100002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021181500001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000ec140380300000802c000180250001"], 0x159c}}, 0x0) 1.145273867s ago: executing program 2 (id=1112): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r1, 0x0, 0x415}, 0x18) r2 = gettid() ppoll(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) tkill(r2, 0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) prctl$PR_SET_THP_DISABLE(0x29, 0x0) 1.011092928s ago: executing program 5 (id=1116): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) madvise(&(0x7f0000a5e000/0x1000)=nil, 0x1000, 0x17) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0) 962.314802ms ago: executing program 3 (id=1118): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000007c0), 0x8, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = creat(&(0x7f0000000280)='./file0\x00', 0xe5) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x94) write$qrtrtun(r2, &(0x7f0000001880)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e84b928ecb96e0e4e781bfca4c928c956321dd51400000000000020011584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26cfbb2eb91e40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a63d070000930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299dea6c08073dd0c47b9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be71f412044b52b1ce32aac048cad9c413a8c19528dc1b432fe7f9fda7182a47243af427a76ede78aa5c6ef75ea1f48e2e9e9d203d4760a1ff6a0119b39a2458a050f9519d4bbd821684ef8303985e8f5b8d86346f428788fc374e7eaa0c2a2ef8478a13b4a56d0821201c37a0066fb9f5cc583005b9f71b67daa300311066bacbf43630a8388aff734a568a123a48ba1344a5500e5c6f8cef539617cd3970ffb873579a3b76bd529f1626d1f90543b2a0190df38bb1e8b6fc9bfc5c42693814665679e78ed8adce4d23b8725436101ae4113fee000cb92b32c6a74851a6c4af4625f28810ec16834a1589063af1bf0b29aa57e06dddc0fddf408fab63c536d5afd9ba5a71f9e534f99e5ea9c1eaaaad710ef30a37df0f87978894333850f4feac3740a3b010da7c250d060c8046cab40d0527234d4b4b28366bc7d5899948ddbfac66c848ef0f842eab95248e9d064c0ec4247483f0aa0cad7ca970365e474fe73cf79cf8c70fc7a015caa273ce41723453632cf5b809584d227f7e98e8ec41494518b0b8a8adbaf5ead6529451b116fab06529b653bffdd6d98f8322265305bdc0ff69f4a70dea414fcc63d149c564c834f24b8f7495cd9ccafa1e3f652cd3270935800ee0d5598afcaa41c150dac263408d77a61b5c77e2c3644dda1b8c333a36c30ce893140ce133827dde34d896d35cfe7d498bf6dda965a27cc77e2872fcedaf9dcb89614c758cf62ad769ac05a4fb9e27b421b82c17d15f7d2ffb6ed63c639cee97d9eea8f3934045e60b15eca5c13ebe002467c09815712165cee2af784f9e5db9f7227701ca9a3de588503c84c490f4986aa26e7b63d4c5a30157cdf82e433a1b64496392a1990b2a46b910d9a16429736308f71d8e78824a26f25f21829546b973c0905b20c2ef751eb0064eaf831874f0b58ef8779cafd02bcf075a212e79e07c73c49fc240d6845877fda649d1ab59ea06b907ec5031299a0e1fa2f8cbc241a8531ad241302b569d4581dcc944f27799f25593b97ea7681ba74d6cde9c8f58840ac4c4be3aa90e6273a64e549c47c7232f423406604c9c210eabe3d6a2343bd6c2ae72ab013ce2af32467bcfa8cbf0769f91", 0x45c) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x40) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000005c0)={r4, 0x0, 0x0}, 0x10) 937.685734ms ago: executing program 5 (id=1119): ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) socketpair(0x1, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89a2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r1, 0x5, 0x4) 737.96483ms ago: executing program 3 (id=1122): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xb76e}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x800, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200a}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 715.569422ms ago: executing program 3 (id=1123): r0 = epoll_create1(0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) shutdown(r1, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000002780)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000740)="b3", 0x1}], 0x1, &(0x7f0000000ec0)=ANY=[], 0xf0}}], 0x1, 0x24004c41) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x20000000}) 637.126229ms ago: executing program 5 (id=1124): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0xff, 0x7ffc1ffd}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r2 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffafff, 0x1000, 0x2, 0x33d}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 636.860669ms ago: executing program 3 (id=1125): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000680)='sched_switch\x00', r1}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) write$cgroup_type(r2, &(0x7f00000009c0), 0xd4ba0ff) removexattr(&(0x7f0000000000)='./file0/file1\x00', &(0x7f00000002c0)=@known='user.incfs.size\x00') 627.748859ms ago: executing program 6 (id=1126): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000010300)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 497.76963ms ago: executing program 7 (id=1127): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) close_range(r1, 0xffffffffffffffff, 0x0) 495.78202ms ago: executing program 2 (id=1138): socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$tipc(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000800)='kfree_skb\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r4}, 0x10) recvmsg(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000e40)=""/4096, 0x1000}], 0x1}, 0x0) 475.557941ms ago: executing program 6 (id=1128): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x18) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r3 = dup3(r2, r1, 0x0) recvmmsg(r3, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)=""/34, 0x22}], 0x1}, 0x96d}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001340)=""/36, 0x24}], 0x1}, 0xffff}], 0x2, 0x40, 0x0) 448.436134ms ago: executing program 2 (id=1129): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f0000000300)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r2, 0x6e2, 0x3900, 0x1, 0x0, 0xe00) rt_sigsuspend(&(0x7f00000002c0)={[0x225c17d03]}, 0x8) 348.630642ms ago: executing program 5 (id=1130): socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0) 348.031872ms ago: executing program 7 (id=1131): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x200003, 0x1af}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x2, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0, 0xfffffffffffffea3}], 0x2}, 0x0, 0x3, 0x0, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 322.730644ms ago: executing program 5 (id=1132): socket$kcm(0x2, 0x2, 0x73) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 266.929018ms ago: executing program 3 (id=1134): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r1, &(0x7f00000006c0)={0x0, 0xfffffffffffffe96, 0x0, 0x0, 0x0, 0x0, 0x20000001}, 0x40000) 266.391549ms ago: executing program 6 (id=1135): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket(0xa, 0x3, 0x3a) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f00000000c0)={0x3, 0x0, 0x0, r3}, 0xc) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0xc, 0x4) 169.751066ms ago: executing program 6 (id=1136): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) listen(r0, 0x8) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r2, &(0x7f00000002c0)="cc", 0x1, 0x20040000, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) close(r2) 28.886907ms ago: executing program 7 (id=1137): r0 = epoll_create1(0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) shutdown(r1, 0x1) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f0000002780)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000740)="b3", 0x1}], 0x1, &(0x7f0000000ec0)=ANY=[], 0xf0}}], 0x1, 0x24004c41) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x20000000}) 28.188398ms ago: executing program 6 (id=1148): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='consume_skb\x00', r1}, 0x10) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="14", 0x1}], 0x1}, 0x0) 27.888838ms ago: executing program 3 (id=1139): r0 = socket$netlink(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x40, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x40}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0x64, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xffff639c}]}, 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000002011d04000000000000000002000000240001801400018008000100e000000108000200e0000001"], 0x38}}, 0x0) 0s ago: executing program 6 (id=1140): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) perf_event_open(&(0x7f0000000800)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x109a88, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioperm(0x3c, 0x1, 0x8) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ftruncate(r0, 0x2000009) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) kernel console output (not intermixed with test programs): ated: batadv_slave_1 [ 33.998161][ T51] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.015762][ T29] audit: type=1400 audit(1755785780.745:111): avc: denied { create } for pid=3487 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 34.017891][ T51] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.035159][ T29] audit: type=1400 audit(1755785780.755:112): avc: denied { create } for pid=3489 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 34.047491][ T3494] loop2: detected capacity change from 0 to 1024 [ 34.063381][ T29] audit: type=1400 audit(1755785780.755:113): avc: denied { setopt } for pid=3489 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 34.063429][ T29] audit: type=1400 audit(1755785780.765:114): avc: denied { setopt } for pid=3487 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 34.063458][ T29] audit: type=1400 audit(1755785780.765:115): avc: denied { tracepoint } for pid=3487 comm="syz.0.10" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 34.094541][ T3494] EXT4-fs: Ignoring removed bh option [ 34.108249][ T29] audit: type=1400 audit(1755785780.775:116): avc: denied { write } for pid=3489 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 34.152563][ T29] audit: type=1400 audit(1755785780.775:117): avc: denied { connect } for pid=3489 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 34.172132][ T29] audit: type=1400 audit(1755785780.775:118): avc: denied { name_connect } for pid=3489 comm="syz.3.4" dest=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 34.200119][ T51] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.214763][ T3494] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 34.231557][ T51] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.319486][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 34.345542][ T3510] loop3: detected capacity change from 0 to 512 [ 34.386140][ T3510] msdos: Bad value for 'uid' [ 34.390867][ T3510] msdos: Bad value for 'uid' [ 34.479192][ T3525] loop2: detected capacity change from 0 to 128 [ 34.496863][ T3523] syz.4.23 (3523) used greatest stack depth: 10824 bytes left [ 34.505859][ T3525] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 34.913059][ T3382] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=3382 comm=kworker/1:3 [ 34.955018][ T3544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.31'. [ 35.555068][ T3594] loop3: detected capacity change from 0 to 512 [ 35.573794][ T3594] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 35.620299][ T3599] tipc: Started in network mode [ 35.625384][ T3599] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 35.633041][ T3599] tipc: Enabled bearer , priority 0 [ 35.660082][ T3603] netlink: 'syz.1.54': attribute type 1 has an invalid length. [ 35.669121][ T3603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.54'. [ 35.681684][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.682823][ T3603] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.701269][ T3603] bridge_slave_0 (unregistering): left allmulticast mode [ 35.708442][ T3603] bridge_slave_0 (unregistering): left promiscuous mode [ 35.715504][ T3603] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.894140][ T3676] netlink: 4 bytes leftover after parsing attributes in process `syz.3.61'. [ 36.483508][ T3694] bridge: RTM_NEWNEIGH with invalid ether address [ 36.762515][ T10] tipc: Node number set to 11578026 [ 36.840980][ T3714] loop1: detected capacity change from 0 to 1024 [ 36.868605][ T3716] loop4: detected capacity change from 0 to 1024 [ 36.880751][ T3716] ======================================================= [ 36.880751][ T3716] WARNING: The mand mount option has been deprecated and [ 36.880751][ T3716] and is ignored by this kernel. Remove the mand [ 36.880751][ T3716] option from the mount to silence this warning. [ 36.880751][ T3716] ======================================================= [ 36.926340][ T3718] loop0: detected capacity change from 0 to 1024 [ 36.960408][ T3721] netlink: 'syz.3.78': attribute type 13 has an invalid length. [ 36.972147][ T3714] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 36.992839][ T3718] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.015334][ T3714] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 37.031018][ T3716] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 37.052728][ T3721] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 37.081306][ T3716] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #3: block 1: comm syz.4.76: lblock 1 mapped to illegal pblock 1 (length 1) [ 37.083517][ T3718] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.77: Allocating blocks 449-513 which overlap fs metadata [ 37.119206][ T3716] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.76: Failed to acquire dquot type 0 [ 37.163599][ T3716] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.76: Freeing blocks not in datazone - block = 0, count = 4096 [ 37.163885][ T3717] EXT4-fs (loop0): pa ffff88810720b5b0: logic 48, phys. 177, len 21 [ 37.184971][ T3717] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 37.236454][ T3310] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.247695][ T1677] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 15) [ 37.271096][ T3716] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.76: Invalid inode bitmap blk 0 in block_group 0 [ 37.271132][ T1677] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 37.296192][ T1677] EXT4-fs (loop1): This should not happen!! Data will be lost [ 37.296192][ T1677] [ 37.313140][ T3641] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:36: lblock 1 mapped to illegal pblock 1 (length 1) [ 37.317070][ T3716] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem [ 37.341579][ T3641] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:36: Failed to release dquot type 0 [ 37.364882][ T3716] EXT4-fs (loop4): 1 orphan inode deleted [ 37.381937][ T3301] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.399649][ T3716] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.475533][ T3716] EXT4-fs error (device loop4): ext4_search_dir:1474: inode #2: block 16: comm syz.4.76: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0 [ 37.555557][ T3747] lo speed is unknown, defaulting to 1000 [ 37.573267][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.592580][ T3747] lo speed is unknown, defaulting to 1000 [ 37.621744][ T3747] lo speed is unknown, defaulting to 1000 [ 37.654521][ T3747] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 37.686421][ T3747] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 37.697191][ T3759] loop4: detected capacity change from 0 to 512 [ 37.727075][ T3759] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a84ec018, mo2=0002] [ 37.728854][ T3747] lo speed is unknown, defaulting to 1000 [ 37.741512][ T3747] lo speed is unknown, defaulting to 1000 [ 37.747797][ T3747] lo speed is unknown, defaulting to 1000 [ 37.754225][ T3747] lo speed is unknown, defaulting to 1000 [ 37.760527][ T3747] lo speed is unknown, defaulting to 1000 [ 37.772567][ T3759] System zones: 0-2, 18-18, 34-35 [ 37.781746][ T3759] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.798328][ T3759] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 37.799148][ T3747] syz.1.87 (3747) used greatest stack depth: 10712 bytes left [ 37.833606][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.917790][ T3768] netlink: 16 bytes leftover after parsing attributes in process `syz.4.95'. [ 38.071953][ T3691] syz.2.66 (3691) used greatest stack depth: 8752 bytes left [ 38.084428][ T3782] loop4: detected capacity change from 0 to 128 [ 38.110803][ T3764] netlink: 8 bytes leftover after parsing attributes in process `syz.0.94'. [ 38.240001][ T3787] netlink: 'syz.4.103': attribute type 13 has an invalid length. [ 38.309864][ T3787] gretap0: refused to change device tx_queue_len [ 38.323549][ T3787] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 38.558658][ T3798] netlink: zone id is out of range [ 38.603169][ T3798] netlink: zone id is out of range [ 38.608325][ T3798] netlink: zone id is out of range [ 38.620178][ T3689] syz.2.66 (3689) used greatest stack depth: 6416 bytes left [ 38.751008][ T3662] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.785640][ T3810] netlink: 4 bytes leftover after parsing attributes in process `syz.2.113'. [ 38.845863][ T3662] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.850045][ T29] kauditd_printk_skb: 188 callbacks suppressed [ 38.850064][ T29] audit: type=1400 audit(1755785785.645:304): avc: denied { mount } for pid=3812 comm="syz.0.117" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 38.913307][ T29] audit: type=1400 audit(1755785785.695:305): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 38.946609][ T3662] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 38.967686][ T29] audit: type=1400 audit(1755785785.725:306): avc: denied { mounton } for pid=3816 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 39.009117][ T29] audit: type=1400 audit(1755785785.805:307): avc: denied { create } for pid=3821 comm="syz.0.119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 39.010111][ T3822] batman_adv: batadv0: Adding interface: dummy0 [ 39.035894][ T3822] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 39.083423][ T29] audit: type=1400 audit(1755785785.885:308): avc: denied { ioctl } for pid=3821 comm="syz.0.119" path="socket:[6294]" dev="sockfs" ino=6294 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 39.111755][ T3822] batman_adv: batadv0: Interface activated: dummy0 [ 39.121202][ T3662] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 39.121324][ T3820] 9pnet: p9_errstr2errno: server reported unknown error [ 39.151697][ T3826] batadv0: mtu less than device minimum [ 39.157814][ T3826] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 39.168707][ T3826] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 39.179628][ T3826] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 39.190685][ T3826] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 39.269550][ T29] audit: type=1400 audit(1755785786.065:309): avc: denied { setopt } for pid=3834 comm="syz.2.122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 39.272770][ T3836] sit0: entered allmulticast mode [ 39.289555][ T29] audit: type=1400 audit(1755785786.065:310): avc: denied { write } for pid=3834 comm="syz.2.122" path="socket:[5437]" dev="sockfs" ino=5437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 39.333522][ T29] audit: type=1400 audit(1755785786.125:311): avc: denied { search } for pid=3032 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.354887][ T29] audit: type=1400 audit(1755785786.125:312): avc: denied { search } for pid=3032 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.376507][ T29] audit: type=1400 audit(1755785786.125:313): avc: denied { search } for pid=3032 comm="dhcpcd" name="data" dev="tmpfs" ino=13 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 39.406884][ T3662] bridge_slave_1: left allmulticast mode [ 39.413405][ T3662] bridge_slave_1: left promiscuous mode [ 39.419189][ T3662] bridge0: port 2(bridge_slave_1) entered disabled state [ 39.466092][ T3843] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 39.504946][ T3845] syz.3.126 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 39.628897][ T3662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 39.644525][ T3662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 39.655352][ T3662] bond0 (unregistering): Released all slaves [ 39.690702][ T3816] lo speed is unknown, defaulting to 1000 [ 39.763174][ T3662] hsr_slave_0: left promiscuous mode [ 39.782605][ T3662] hsr_slave_1: left promiscuous mode [ 39.791453][ T3662] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 39.799056][ T3662] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 39.835855][ T3662] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 39.843356][ T3662] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 39.854540][ T3861] loop2: detected capacity change from 0 to 8192 [ 39.875791][ T3662] veth1_macvtap: left promiscuous mode [ 39.881343][ T3662] veth0_macvtap: left promiscuous mode [ 39.893575][ T3662] veth1_vlan: left promiscuous mode [ 39.907653][ T3662] veth0_vlan: left promiscuous mode [ 40.088466][ T3892] loop2: detected capacity change from 0 to 512 [ 40.104934][ T3662] team0 (unregistering): Port device team_slave_1 removed [ 40.105479][ T3892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.125124][ T3892] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.125263][ T3662] team0 (unregistering): Port device team_slave_0 removed [ 40.178739][ T1035] lo speed is unknown, defaulting to 1000 [ 40.184789][ T1035] infiniband syz2: ib_query_port failed (-19) [ 40.223693][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.271580][ T3816] chnl_net:caif_netlink_parms(): no params data found [ 40.357680][ T3816] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.364949][ T3816] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.372930][ T3816] bridge_slave_0: entered allmulticast mode [ 40.379526][ T3816] bridge_slave_0: entered promiscuous mode [ 40.393963][ T3816] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.401112][ T3816] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.409647][ T3816] bridge_slave_1: entered allmulticast mode [ 40.416287][ T3816] bridge_slave_1: entered promiscuous mode [ 40.437546][ T3816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.451774][ T3816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.485462][ T3816] team0: Port device team_slave_0 added [ 40.498957][ T3816] team0: Port device team_slave_1 added [ 40.553757][ T3662] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.565895][ T3816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 40.573043][ T3816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.599440][ T3816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 40.611172][ T3816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 40.618322][ T3816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 40.620844][ T3932] loop2: detected capacity change from 0 to 164 [ 40.644389][ T3816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 40.654592][ T3932] iso9660: Unknown parameter '' [ 40.669299][ T3889] chnl_net:caif_netlink_parms(): no params data found [ 40.702660][ T3662] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.731287][ T3937] loop4: detected capacity change from 0 to 1024 [ 40.778136][ T3937] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.786989][ T3662] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 40.827702][ T3937] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 40.861788][ T3816] hsr_slave_0: entered promiscuous mode [ 40.872952][ T3816] hsr_slave_1: entered promiscuous mode [ 40.882825][ T3889] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.889986][ T3889] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.913766][ T3889] bridge_slave_0: entered allmulticast mode [ 40.930511][ T3889] bridge_slave_0: entered promiscuous mode [ 40.943201][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.957685][ T3889] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.965016][ T3889] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.991589][ T3889] bridge_slave_1: entered allmulticast mode [ 41.018132][ T3889] bridge_slave_1: entered promiscuous mode [ 41.064731][ T3662] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 41.112619][ T4057] netlink: 256 bytes leftover after parsing attributes in process `syz.4.152'. [ 41.209620][ T3889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.292261][ T3889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.312014][ T4124] loop4: detected capacity change from 0 to 1756 [ 41.354923][ T3662] bridge_slave_1: left allmulticast mode [ 41.360618][ T3662] bridge_slave_1: left promiscuous mode [ 41.366433][ T3662] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.394472][ T3662] bridge_slave_0: left allmulticast mode [ 41.400241][ T3662] bridge_slave_0: left promiscuous mode [ 41.405997][ T3662] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.568952][ T3662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 41.599632][ T3662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 41.624042][ T3662] bond0 (unregistering): Released all slaves [ 41.699056][ T3662] hsr_slave_0: left promiscuous mode [ 41.722762][ T3662] hsr_slave_1: left promiscuous mode [ 41.729917][ T3662] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 41.745221][ T3662] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 41.757021][ T3662] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 41.772543][ T3662] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 41.781027][ T3662] batman_adv: batadv0: Interface deactivated: dummy0 [ 41.787810][ T3662] batman_adv: batadv0: Removing interface: dummy0 [ 41.796772][ T3662] veth1_macvtap: left promiscuous mode [ 41.802372][ T3662] veth0_macvtap: left promiscuous mode [ 41.808175][ T3662] veth1_vlan: left promiscuous mode [ 41.813818][ T3662] veth0_vlan: left promiscuous mode [ 41.904645][ T3662] team0 (unregistering): Port device team_slave_1 removed [ 41.927309][ T3662] team0 (unregistering): Port device team_slave_0 removed [ 41.986089][ T3889] team0: Port device team_slave_0 added [ 42.033422][ T3889] team0: Port device team_slave_1 added [ 42.079196][ T3889] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 42.086214][ T3889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.112265][ T3889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 42.130644][ T3816] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 42.141485][ T3816] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 42.151612][ T3889] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 42.158729][ T3889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 42.184709][ T3889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 42.204128][ T3816] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 42.226118][ T3816] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 42.297201][ T3889] hsr_slave_0: entered promiscuous mode [ 42.304613][ T3889] hsr_slave_1: entered promiscuous mode [ 42.310792][ T3889] debugfs: 'hsr0' already exists in 'hsr' [ 42.316709][ T3889] Cannot create hsr debugfs directory [ 42.383268][ T4322] loop4: detected capacity change from 0 to 256 [ 42.398098][ T4322] msdos: Bad value for 'uid' [ 42.402812][ T4322] msdos: Bad value for 'uid' [ 42.422080][ T4346] loop2: detected capacity change from 0 to 1024 [ 42.466582][ T4346] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.537216][ T4346] netlink: 'syz.2.176': attribute type 1 has an invalid length. [ 42.547421][ T3816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.562246][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.568221][ T3816] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.611653][ T3644] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.618884][ T3644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.665570][ T3644] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.672700][ T3644] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.724927][ T4434] loop2: detected capacity change from 0 to 512 [ 42.742084][ T4434] EXT4-fs: Ignoring removed mblk_io_submit option [ 42.751572][ T3889] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 42.759455][ T4434] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 42.772847][ T4434] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 42.799582][ T4434] EXT4-fs (loop2): 1 truncate cleaned up [ 42.808218][ T4434] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.843064][ T3889] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 42.861349][ T3889] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 42.880464][ T3889] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 42.990590][ T3816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.066716][ T3889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 43.153337][ T3889] 8021q: adding VLAN 0 to HW filter on device team0 [ 43.184683][ T3664] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.191898][ T3664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.235709][ T3664] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.242862][ T3664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.286749][ T3889] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 43.410604][ T4506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.192'. [ 43.437138][ T4506] netlink: 12 bytes leftover after parsing attributes in process `syz.3.192'. [ 43.495758][ T3816] veth0_vlan: entered promiscuous mode [ 43.533763][ T3816] veth1_vlan: entered promiscuous mode [ 43.549681][ T3816] veth0_macvtap: entered promiscuous mode [ 43.557735][ T3816] veth1_macvtap: entered promiscuous mode [ 43.564792][ T4525] veth0: entered promiscuous mode [ 43.576568][ T4525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.196'. [ 43.579198][ T3816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 43.587046][ T4527] loop3: detected capacity change from 0 to 512 [ 43.607626][ T3816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 43.634892][ T3889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 43.638285][ T4527] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 43.654578][ T4527] EXT4-fs (loop3): orphan cleanup on readonly fs [ 43.664665][ T3625] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.690864][ T3625] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.690957][ T4527] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 43.706748][ T3625] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.725533][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.732612][ T4527] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 43.755225][ T4527] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.195: bg 0: block 40: padding at end of block bitmap is not set [ 43.781209][ T3625] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 43.801814][ T4527] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 43.820379][ T4527] EXT4-fs (loop3): 1 truncate cleaned up [ 43.868999][ T4527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 43.889548][ T29] kauditd_printk_skb: 94 callbacks suppressed [ 43.889566][ T29] audit: type=1326 audit(1755785790.685:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 43.891047][ T4561] netlink: 28 bytes leftover after parsing attributes in process `syz.4.201'. [ 43.895771][ T29] audit: type=1326 audit(1755785790.685:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 43.950229][ T4560] netlink: 'syz.2.200': attribute type 3 has an invalid length. [ 43.976991][ T29] audit: type=1326 audit(1755785790.685:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 43.988292][ T4560] netlink: 'syz.2.200': attribute type 3 has an invalid length. [ 44.000655][ T29] audit: type=1326 audit(1755785790.685:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 44.031422][ T29] audit: type=1326 audit(1755785790.685:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 44.064243][ T29] audit: type=1326 audit(1755785790.775:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 44.072964][ T4561] loop4: detected capacity change from 0 to 512 [ 44.087627][ T29] audit: type=1326 audit(1755785790.775:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 44.117198][ T29] audit: type=1326 audit(1755785790.835:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6da26aebe9 code=0x7ffc0000 [ 44.140512][ T29] audit: type=1326 audit(1755785790.835:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6da26aec23 code=0x7ffc0000 [ 44.163759][ T29] audit: type=1326 audit(1755785790.835:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4557 comm="syz.4.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6da26ad69f code=0x7ffc0000 [ 44.187915][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.218081][ T4561] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84ec018, mo2=0002] [ 44.235249][ T4561] System zones: 0-2, 18-18, 34-34 [ 44.240524][ T4561] EXT4-fs (loop4): orphan cleanup on readonly fs [ 44.266869][ T3889] veth0_vlan: entered promiscuous mode [ 44.285256][ T3889] veth1_vlan: entered promiscuous mode [ 44.325894][ T4561] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.201: bg 0: block 248: padding at end of block bitmap is not set [ 44.342239][ T4561] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.201: Failed to acquire dquot type 1 [ 44.347250][ T4585] netlink: 2036 bytes leftover after parsing attributes in process `syz.2.203'. [ 44.362660][ T4585] netlink: 24 bytes leftover after parsing attributes in process `syz.2.203'. [ 44.375201][ T4561] EXT4-fs (loop4): 1 orphan inode deleted [ 44.381502][ T3610] EXT4-fs error (device loop4): ext4_release_dquot:6973: comm kworker/u8:9: Failed to release dquot type 1 [ 44.395110][ T3889] veth0_macvtap: entered promiscuous mode [ 44.412986][ T4588] netlink: 14 bytes leftover after parsing attributes in process `syz.3.205'. [ 44.414751][ T3889] veth1_macvtap: entered promiscuous mode [ 44.429617][ T4561] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 44.452986][ T4588] hsr_slave_0: left promiscuous mode [ 44.458868][ T4588] hsr_slave_1: left promiscuous mode [ 44.490086][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.494227][ T3889] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 44.516967][ T3889] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 44.553644][ T3662] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.583308][ T3662] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.606788][ T3662] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.625800][ T3662] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 44.805158][ T4625] loop5: detected capacity change from 0 to 512 [ 44.846592][ T4625] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.887951][ T4625] ext4 filesystem being mounted at /7/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.929815][ T4625] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #4: comm syz.5.214: corrupted inode contents [ 44.972457][ T4625] EXT4-fs error (device loop5): ext4_dirty_inode:6538: inode #4: comm syz.5.214: mark_inode_dirty error [ 44.997995][ T4644] netlink: 96 bytes leftover after parsing attributes in process `syz.4.218'. [ 45.024413][ T4625] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #4: comm syz.5.214: corrupted inode contents [ 45.058969][ T4625] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #4: comm syz.5.214: mark_inode_dirty error [ 45.073589][ T4625] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.214: Failed to acquire dquot type 1 [ 45.107781][ T4653] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 45.115106][ T4653] IPv6: NLM_F_CREATE should be set when creating new route [ 45.174850][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.208997][ T4668] loop2: detected capacity change from 0 to 1024 [ 45.260787][ T4672] loop3: detected capacity change from 0 to 128 [ 45.261643][ T4668] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.372033][ T4701] syz.3.226: attempt to access beyond end of device [ 45.372033][ T4701] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 45.387957][ T4699] net_ratelimit: 56 callbacks suppressed [ 45.387975][ T4699] bond_slave_1: mtu less than device minimum [ 45.403552][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.436261][ T4701] syz.3.226: attempt to access beyond end of device [ 45.436261][ T4701] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 45.521907][ T4701] syz.3.226: attempt to access beyond end of device [ 45.521907][ T4701] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 45.545894][ T4724] netlink: 44 bytes leftover after parsing attributes in process `syz.2.232'. [ 45.558241][ T4701] syz.3.226: attempt to access beyond end of device [ 45.558241][ T4701] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 45.602574][ T4701] syz.3.226: attempt to access beyond end of device [ 45.602574][ T4701] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 45.668252][ T4701] syz.3.226: attempt to access beyond end of device [ 45.668252][ T4701] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 45.697980][ T4701] syz.3.226: attempt to access beyond end of device [ 45.697980][ T4701] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 45.711922][ T4701] syz.3.226: attempt to access beyond end of device [ 45.711922][ T4701] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 45.734095][ T4701] syz.3.226: attempt to access beyond end of device [ 45.734095][ T4701] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 45.748616][ T4701] syz.3.226: attempt to access beyond end of device [ 45.748616][ T4701] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 45.805301][ T4747] bridge: RTM_NEWNEIGH with invalid ether address [ 45.934236][ T4768] sctp: [Deprecated]: syz.2.247 (pid 4768) Use of struct sctp_assoc_value in delayed_ack socket option. [ 45.934236][ T4768] Use struct sctp_sack_info instead [ 45.952081][ T4768] sctp: [Deprecated]: syz.2.247 (pid 4768) Use of struct sctp_assoc_value in delayed_ack socket option. [ 45.952081][ T4768] Use struct sctp_sack_info instead [ 46.024999][ T4778] process 'syz.2.250' launched '/dev/fd/6' with NULL argv: empty string added [ 46.160041][ T4790] 9pnet: p9_errstr2errno: server reported unknown error [ 46.269509][ T4806] netlink: 100 bytes leftover after parsing attributes in process `syz.4.261'. [ 46.303680][ T4812] tipc: Started in network mode [ 46.308676][ T4812] tipc: Node identity 56b9c67c36fa, cluster identity 4711 [ 46.316266][ T4812] tipc: Enabled bearer , priority 0 [ 46.325496][ T4812] syzkaller0: MTU too low for tipc bearer [ 46.331269][ T4812] tipc: Disabling bearer [ 46.357721][ T4819] loop5: detected capacity change from 0 to 1024 [ 46.365426][ T4819] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 46.368296][ T4821] loop2: detected capacity change from 0 to 512 [ 46.375423][ T4819] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 46.391454][ T4821] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 46.393072][ T4819] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 46.414476][ T4819] EXT4-fs error (device loop5): ext4_get_journal_inode:5800: inode #32: comm syz.5.265: iget: special inode unallocated [ 46.429256][ T4819] EXT4-fs (loop5): no journal found [ 46.434547][ T4819] EXT4-fs (loop5): can't get journal size [ 46.445212][ T4819] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 46.480453][ T4819] EXT4-fs error (device loop5): ext4_inlinedir_to_tree:1314: inode #12: block 16: comm syz.5.265: path /23/file0/file0: bad entry in directory: rec_len is too small for name_len - offset=20, inode=13, rec_len=16, size=60 fake=0 [ 46.550371][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.605575][ T4849] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.613963][ T4865] netlink: 8 bytes leftover after parsing attributes in process `syz.6.270'. [ 46.636008][ T4850] loop2: detected capacity change from 0 to 8192 [ 46.643943][ T4850] msdos: Unknown parameter 'A' [ 46.675912][ T4849] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.729945][ T4880] syz_tun: entered promiscuous mode [ 46.736661][ T4880] macvtap1: entered promiscuous mode [ 46.744857][ T4880] syz_tun: left promiscuous mode [ 46.765345][ T4849] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.780193][ T4887] loop3: detected capacity change from 0 to 512 [ 46.788443][ T4886] netlink: 8 bytes leftover after parsing attributes in process `syz.5.277'. [ 46.797580][ T4886] netlink: 'syz.5.277': attribute type 30 has an invalid length. [ 46.803470][ T4887] EXT4-fs: Ignoring removed oldalloc option [ 46.811298][ T4887] ext4: Unknown parameter 'smackfsfloor' [ 46.837822][ T3644] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.840051][ T4886] Zero length message leads to an empty skb [ 46.867063][ T3644] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.879482][ T4849] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 46.915550][ T4896] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 46.942522][ T3644] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 46.951275][ T3644] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 47.002855][ T4904] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=4904 comm=syz.5.281 [ 47.039252][ T4904] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=4904 comm=syz.5.281 [ 47.076795][ T4904] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=12 sclass=netlink_route_socket pid=4904 comm=syz.5.281 [ 47.110728][ T3625] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.139876][ T3625] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.148665][ T3625] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.165931][ T3625] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 47.177121][ T4923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.284'. [ 47.236437][ T4931] bridge0: entered promiscuous mode [ 47.247050][ T4931] macvtap1: entered allmulticast mode [ 47.252556][ T4931] bridge0: entered allmulticast mode [ 47.289400][ T4931] bridge0: port 3(macvtap1) entered blocking state [ 47.296081][ T4931] bridge0: port 3(macvtap1) entered disabled state [ 47.313423][ T4931] bridge0: left allmulticast mode [ 47.318567][ T4931] bridge0: left promiscuous mode [ 47.356344][ T4938] netlink: 'syz.5.289': attribute type 1 has an invalid length. [ 47.368297][ T4938] netlink: 4 bytes leftover after parsing attributes in process `syz.5.289'. [ 47.417465][ T4944] netlink: 20 bytes leftover after parsing attributes in process `syz.6.290'. [ 47.457805][ T4948] loop3: detected capacity change from 0 to 1024 [ 47.505543][ T4948] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.535021][ T4958] syzkaller0: entered promiscuous mode [ 47.540546][ T4958] syzkaller0: entered allmulticast mode [ 47.562316][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.651210][ T4983] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.658521][ T4983] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.710675][ T4992] netlink: 4 bytes leftover after parsing attributes in process `syz.5.307'. [ 47.732165][ T4983] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 47.742871][ T4983] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 47.816090][ T4992] team1: entered promiscuous mode [ 47.821194][ T4992] team1: entered allmulticast mode [ 47.826708][ T3625] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.842568][ T3625] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.872781][ T3625] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.889983][ T3625] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 47.907543][ T5029] loop4: detected capacity change from 0 to 1024 [ 47.917821][ T5029] EXT4-fs: Ignoring removed orlov option [ 47.925331][ T5033] loop6: detected capacity change from 0 to 512 [ 47.932274][ T5033] EXT4-fs: Ignoring removed oldalloc option [ 47.941614][ T5029] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.964750][ T5033] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.980626][ T5033] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.023397][ T5043] netlink: 24 bytes leftover after parsing attributes in process `syz.5.313'. [ 48.032907][ T5043] netlink: 212 bytes leftover after parsing attributes in process `syz.5.313'. [ 48.044703][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.074153][ T3889] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.103122][ T5053] netlink: 48 bytes leftover after parsing attributes in process `syz.5.317'. [ 48.122167][ T5059] team1: entered promiscuous mode [ 48.127520][ T5059] team1: entered allmulticast mode [ 48.367463][ T5124] loop5: detected capacity change from 0 to 2048 [ 48.374539][ T5124] EXT4-fs: Ignoring removed mblk_io_submit option [ 48.384976][ T5124] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.427630][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.486942][ T5141] veth0_to_team: entered promiscuous mode [ 48.519679][ T5118] loop3: detected capacity change from 0 to 32768 [ 48.750015][ T23] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=23 comm=kworker/1:0 [ 48.832611][ T5177] bridge0: entered promiscuous mode [ 48.837938][ T5177] macvtap1: entered allmulticast mode [ 48.843458][ T5177] bridge0: entered allmulticast mode [ 48.856541][ T5177] bridge0: port 3(macvtap1) entered blocking state [ 48.863185][ T5177] bridge0: port 3(macvtap1) entered disabled state [ 48.876120][ T5182] loop4: detected capacity change from 0 to 512 [ 48.885737][ T5177] bridge0: left allmulticast mode [ 48.890841][ T5177] bridge0: left promiscuous mode [ 48.907864][ T5182] EXT4-fs: Ignoring removed oldalloc option [ 48.935157][ T5182] ext4: Unknown parameter 'smackfsfloor' [ 49.156081][ T29] kauditd_printk_skb: 333 callbacks suppressed [ 49.156098][ T29] audit: type=1326 audit(1755785795.955:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.201988][ T29] audit: type=1326 audit(1755785795.985:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.225399][ T29] audit: type=1326 audit(1755785795.985:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.248867][ T29] audit: type=1326 audit(1755785795.985:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.272239][ T29] audit: type=1326 audit(1755785795.995:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.295564][ T29] audit: type=1326 audit(1755785795.995:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.318910][ T29] audit: type=1326 audit(1755785795.995:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.365235][ T5209] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.372544][ T5209] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.391092][ T5198] loop6: detected capacity change from 0 to 32768 [ 49.398811][ T29] audit: type=1326 audit(1755785796.075:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.422346][ T29] audit: type=1326 audit(1755785796.075:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.445786][ T29] audit: type=1326 audit(1755785796.075:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5210 comm="syz.2.361" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f340560ebe9 code=0x7ffc0000 [ 49.560854][ T5209] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 49.571005][ T5209] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 49.645421][ T3662] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.660491][ T3662] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.687700][ T3662] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.708443][ T5237] loop6: detected capacity change from 0 to 1024 [ 49.715755][ T3662] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 49.773390][ T5237] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 49.783336][ T5237] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 49.794264][ T5237] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 49.806180][ T5237] EXT4-fs error (device loop6): ext4_get_journal_inode:5800: inode #32: comm syz.6.366: iget: special inode unallocated [ 49.820490][ T5237] EXT4-fs (loop6): no journal found [ 49.825789][ T5237] EXT4-fs (loop6): can't get journal size [ 49.866844][ T5237] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 50.029995][ T3889] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.139985][ T5262] loop5: detected capacity change from 0 to 512 [ 50.147040][ T5262] msdos: Bad value for 'uid' [ 50.151954][ T5262] msdos: Bad value for 'uid' [ 50.262924][ T5274] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.270206][ T5274] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.282537][ T5274] tipc: Resetting bearer [ 50.324475][ T5274] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 50.336171][ T5274] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 50.390718][ T5291] loop4: detected capacity change from 0 to 512 [ 50.414213][ T3644] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.434052][ T3644] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.435867][ T5291] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.451279][ T3644] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.464159][ T3644] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 50.492887][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.904021][ T5315] netlink: 'syz.2.388': attribute type 1 has an invalid length. [ 50.980786][ T5315] 8021q: adding VLAN 0 to HW filter on device bond1 [ 51.032594][ T5343] bond1 (unregistering): Released all slaves [ 51.051930][ T5358] tipc: Enabled bearer , priority 0 [ 51.262824][ T5420] netlink: 'syz.3.404': attribute type 1 has an invalid length. [ 51.281020][ T5420] 8021q: adding VLAN 0 to HW filter on device bond1 [ 51.314349][ T5420] __nla_validate_parse: 9 callbacks suppressed [ 51.314366][ T5420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.404'. [ 51.345598][ T5418] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.352934][ T5418] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.400564][ T5418] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 51.413038][ T5418] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 51.446258][ T5418] team1: left promiscuous mode [ 51.466875][ T5420] bond1 (unregistering): Released all slaves [ 51.492939][ T70] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.502027][ T70] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.523540][ T70] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.532689][ T70] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 51.759575][ T5520] loop6: detected capacity change from 0 to 512 [ 51.768649][ T5520] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.794577][ T5524] loop2: detected capacity change from 0 to 512 [ 51.801463][ T5524] msdos: Bad value for 'uid' [ 51.806205][ T5524] msdos: Bad value for 'uid' [ 51.816275][ T3889] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.860011][ T5535] bridge: RTM_NEWNEIGH with invalid ether address [ 51.938816][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.946104][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.984172][ T5545] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 51.993927][ T5545] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 52.028673][ T5545] team1: left promiscuous mode [ 52.045257][ T3664] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 52.054264][ T3664] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.089954][ T3664] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 52.099040][ T3664] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.162571][ T36] tipc: Node number set to 1615054460 [ 52.171985][ T3664] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 52.180975][ T3664] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.338716][ T3664] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 52.347762][ T3664] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 52.404688][ T5594] netlink: 'syz.4.413': attribute type 1 has an invalid length. [ 52.427371][ T5594] 8021q: adding VLAN 0 to HW filter on device bond1 [ 52.463529][ T5594] netlink: 4 bytes leftover after parsing attributes in process `syz.4.413'. [ 52.493733][ T5594] bond1 (unregistering): Released all slaves [ 52.738049][ T5683] loop4: detected capacity change from 0 to 1024 [ 52.762191][ T5683] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.777100][ T5683] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.815165][ T3644] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 1: comm kworker/u8:39: lblock 1 mapped to illegal pblock 1 (length 15) [ 52.838620][ T3644] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 52.851239][ T3644] EXT4-fs (loop4): This should not happen!! Data will be lost [ 52.851239][ T3644] [ 52.882996][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.124079][ T5774] loop5: detected capacity change from 0 to 512 [ 53.133266][ T5774] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a84ec018, mo2=0002] [ 53.141804][ T5774] System zones: 0-2, 18-18, 34-35 [ 53.147951][ T5774] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.161002][ T5774] ext4 filesystem being mounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 53.187936][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.836267][ T5803] loop4: detected capacity change from 0 to 512 [ 53.855301][ T5803] msdos: Bad value for 'uid' [ 53.860036][ T5803] msdos: Bad value for 'uid' [ 53.933374][ T5820] loop5: detected capacity change from 0 to 1024 [ 53.944399][ T5820] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.956989][ T5820] ext4 filesystem being mounted at /70/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.995356][ T5859] netlink: 'syz.6.443': attribute type 13 has an invalid length. [ 54.006550][ T3664] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 1: comm kworker/u8:55: lblock 1 mapped to illegal pblock 1 (length 15) [ 54.024013][ T3664] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 54.036584][ T3664] EXT4-fs (loop5): This should not happen!! Data will be lost [ 54.036584][ T3664] [ 54.049029][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.066960][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.076933][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.086998][ T5859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 54.345514][ T29] kauditd_printk_skb: 78 callbacks suppressed [ 54.345586][ T29] audit: type=1326 audit(1755785801.145:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.394789][ T29] audit: type=1326 audit(1755785801.175:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.418542][ T29] audit: type=1326 audit(1755785801.175:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.441758][ T29] audit: type=1326 audit(1755785801.175:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.465301][ T29] audit: type=1326 audit(1755785801.175:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.488701][ T29] audit: type=1326 audit(1755785801.175:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.512069][ T29] audit: type=1326 audit(1755785801.175:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.535646][ T29] audit: type=1326 audit(1755785801.175:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.559138][ T29] audit: type=1326 audit(1755785801.175:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.582570][ T29] audit: type=1326 audit(1755785801.175:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5885 comm="syz.6.453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04930cebe9 code=0x7ffc0000 [ 54.828541][ T5935] netlink: 240 bytes leftover after parsing attributes in process `syz.5.463'. [ 55.226118][ T5974] loop2: detected capacity change from 0 to 512 [ 55.348456][ T5979] loop2: detected capacity change from 0 to 1024 [ 55.386434][ T5979] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.406595][ T5979] ext4 filesystem being mounted at /114/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.466609][ T3664] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm kworker/u8:55: lblock 1 mapped to illegal pblock 1 (length 15) [ 55.492773][ T3664] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 55.505290][ T3664] EXT4-fs (loop2): This should not happen!! Data will be lost [ 55.505290][ T3664] [ 55.519941][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.548071][ T70] bridge_slave_1: left allmulticast mode [ 55.553942][ T70] bridge_slave_1: left promiscuous mode [ 55.559741][ T70] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.586452][ T70] bridge_slave_0: left allmulticast mode [ 55.592175][ T70] bridge_slave_0: left promiscuous mode [ 55.597945][ T70] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.676052][ T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 55.685831][ T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 55.696346][ T70] bond0 (unregistering): Released all slaves [ 55.711764][ T6038] wg2: entered promiscuous mode [ 55.716827][ T6038] wg2: entered allmulticast mode [ 55.725038][ T6037] wg2: left promiscuous mode [ 55.729717][ T6037] wg2: left allmulticast mode [ 55.756154][ T70] tipc: Disabling bearer [ 55.764900][ T70] tipc: Left network mode [ 55.773342][ T70] hsr_slave_0: left promiscuous mode [ 55.780247][ T70] hsr_slave_1: left promiscuous mode [ 55.786958][ T70] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 55.794845][ T70] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 55.840141][ T70] team0 (unregistering): Port device team_slave_1 removed [ 55.851810][ T70] team0 (unregistering): Port device team_slave_0 removed [ 55.981859][ T6007] chnl_net:caif_netlink_parms(): no params data found [ 56.065446][ T6007] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.072663][ T6007] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.089814][ T6007] bridge_slave_0: entered allmulticast mode [ 56.099481][ T6007] bridge_slave_0: entered promiscuous mode [ 56.106755][ T6007] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.114022][ T6007] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.121379][ T6007] bridge_slave_1: entered allmulticast mode [ 56.128409][ T6007] bridge_slave_1: entered promiscuous mode [ 56.158585][ T6007] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.179334][ T6007] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.237881][ T6007] team0: Port device team_slave_0 added [ 56.257818][ T6007] team0: Port device team_slave_1 added [ 56.293973][ T6007] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.300990][ T6007] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.326955][ T6007] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.373268][ T6007] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.380337][ T6007] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.406394][ T6007] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.440341][ T6307] sch_fq: defrate 0 ignored. [ 56.501988][ T6007] hsr_slave_0: entered promiscuous mode [ 56.549528][ T6007] hsr_slave_1: entered promiscuous mode [ 56.551980][ T6345] netlink: 8 bytes leftover after parsing attributes in process `syz.2.514'. [ 56.562832][ T6007] debugfs: 'hsr0' already exists in 'hsr' [ 56.569857][ T6007] Cannot create hsr debugfs directory [ 56.617864][ T6361] syzkaller0: refused to change device tx_queue_len [ 56.772541][ T6007] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 56.782098][ T6007] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 56.794314][ T6007] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 56.816137][ T6436] netlink: 8 bytes leftover after parsing attributes in process `syz.5.521'. [ 56.825526][ T6007] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 56.914536][ T6007] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.938554][ T6007] 8021q: adding VLAN 0 to HW filter on device team0 [ 56.963653][ T3664] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.970960][ T3664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.001913][ T3664] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.009229][ T3664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.194390][ T6007] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.453913][ T6497] loop5: detected capacity change from 0 to 512 [ 57.463521][ T6497] EXT4-fs: Ignoring removed mblk_io_submit option [ 57.488763][ T6497] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 57.489882][ T6007] veth0_vlan: entered promiscuous mode [ 57.519696][ T6497] EXT4-fs (loop5): 1 truncate cleaned up [ 57.524429][ T6007] veth1_vlan: entered promiscuous mode [ 57.535995][ T6497] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.571248][ T6007] veth0_macvtap: entered promiscuous mode [ 57.581840][ T6007] veth1_macvtap: entered promiscuous mode [ 57.606538][ T6007] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.617916][ T6007] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.632014][ T3662] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.648460][ T3662] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.672944][ T3662] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.682042][ T3662] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.816052][ T6539] loop7: detected capacity change from 0 to 128 [ 57.836469][ T6546] netlink: 'syz.3.540': attribute type 1 has an invalid length. [ 57.845603][ T6539] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 57.857857][ T6543] wg2: entered promiscuous mode [ 57.862830][ T6543] wg2: entered allmulticast mode [ 57.866101][ T6539] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 57.896927][ T6546] bond1: entered promiscuous mode [ 57.978838][ T6583] netlink: 3 bytes leftover after parsing attributes in process `syz.3.540'. [ 57.998199][ T6007] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 57.999482][ T6546] 8021q: adding VLAN 0 to HW filter on device bond1 [ 58.035029][ T6583] batadv1: entered promiscuous mode [ 58.040307][ T6583] batadv1: entered allmulticast mode [ 58.086519][ T6546] netlink: 3 bytes leftover after parsing attributes in process `syz.3.540'. [ 58.113613][ T6583] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 58.126148][ T6597] 9pnet_fd: Insufficient options for proto=fd [ 58.135732][ T6583] bond1: (slave batadv1): making interface the new active one [ 58.160894][ T6583] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 58.178289][ T6546] batadv2: entered promiscuous mode [ 58.183594][ T6546] batadv2: entered allmulticast mode [ 58.189642][ T6546] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 58.199895][ T6546] bond1: (slave batadv2): Enslaving as an active interface with an up link [ 58.338358][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.701231][ T6631] loop5: detected capacity change from 0 to 512 [ 58.739861][ T6625] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.555' sets config #0 [ 58.740833][ T6631] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.783349][ T6631] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 58.817123][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.3.559'. [ 58.920924][ T6638] loop3: detected capacity change from 0 to 1024 [ 58.930291][ T6638] EXT4-fs: Ignoring removed nobh option [ 58.932090][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.936084][ T6638] EXT4-fs: Ignoring removed bh option [ 58.975685][ T6638] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.008791][ T6638] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.560: Allocating blocks 385-513 which overlap fs metadata [ 59.063276][ T6651] loop2: detected capacity change from 0 to 512 [ 59.077149][ T6638] EXT4-fs (loop3): pa ffff8881072893f0: logic 16, phys. 129, len 24 [ 59.085345][ T6638] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 59.099573][ T6651] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 59.122798][ T6651] EXT4-fs (loop2): orphan cleanup on readonly fs [ 59.169277][ T6651] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.563: Failed to acquire dquot type 1 [ 59.181564][ T6651] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.563: bg 0: block 40: padding at end of block bitmap is not set [ 59.198065][ T6651] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 59.209759][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.224283][ T6651] EXT4-fs (loop2): 1 truncate cleaned up [ 59.232495][ T6658] loop5: detected capacity change from 0 to 512 [ 59.256442][ T6658] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 59.269153][ T6658] EXT4-fs (loop5): orphan cleanup on readonly fs [ 59.276387][ T6651] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 59.301793][ T6658] EXT4-fs error (device loop5): ext4_do_update_inode:5653: inode #16: comm syz.5.566: corrupted inode contents [ 59.316066][ T6658] EXT4-fs (loop5): Remounting filesystem read-only [ 59.340862][ T6658] EXT4-fs (loop5): 1 truncate cleaned up [ 59.346984][ T3662] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 59.358071][ T3662] __quota_error: 94 callbacks suppressed [ 59.358089][ T3662] Quota error (device loop5): write_blk: dquota write failed [ 59.371290][ T3662] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries [ 59.381404][ T3662] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 59.392580][ T3662] Quota error (device loop5): write_blk: dquota write failed [ 59.400084][ T3662] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list [ 59.414023][ T3662] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started [ 59.424198][ T3662] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 59.435694][ T3662] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 59.446865][ T6658] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 59.474102][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.531299][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.714177][ T6704] netlink: 'syz.5.574': attribute type 4 has an invalid length. [ 60.086042][ T6722] netlink: 2028 bytes leftover after parsing attributes in process `syz.6.579'. [ 60.095265][ T6722] netlink: 20 bytes leftover after parsing attributes in process `syz.6.579'. [ 60.221320][ T6730] syzkaller0: refused to change device tx_queue_len [ 60.274268][ T6737] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 60.409461][ T29] audit: type=1326 audit(1755785807.205:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6747 comm="syz.3.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 60.446305][ T29] audit: type=1326 audit(1755785807.235:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6747 comm="syz.3.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 60.469698][ T29] audit: type=1326 audit(1755785807.235:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6747 comm="syz.3.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 60.493213][ T29] audit: type=1326 audit(1755785807.235:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6747 comm="syz.3.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 60.527116][ T6752] netlink: 32 bytes leftover after parsing attributes in process `syz.2.591'. [ 60.722471][ T6773] syz.2.601 uses obsolete (PF_INET,SOCK_PACKET) [ 60.867186][ T6789] loop2: detected capacity change from 0 to 512 [ 60.893177][ T6789] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 60.901433][ T6789] EXT4-fs (loop2): orphan cleanup on readonly fs [ 60.910072][ T6789] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.605: corrupted inode contents [ 60.922329][ T6789] EXT4-fs (loop2): Remounting filesystem read-only [ 60.929153][ T6789] EXT4-fs (loop2): 1 truncate cleaned up [ 60.935054][ T3625] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 60.945795][ T3625] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 60.958773][ T3625] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 60.969838][ T6789] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 61.000998][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.026302][ T6806] netlink: 4 bytes leftover after parsing attributes in process `syz.2.609'. [ 61.045986][ T6806] team1: entered promiscuous mode [ 61.051078][ T6806] team1: entered allmulticast mode [ 61.057187][ T6812] netlink: 'syz.5.611': attribute type 7 has an invalid length. [ 61.065040][ T6812] netlink: 8 bytes leftover after parsing attributes in process `syz.5.611'. [ 61.143643][ T6853] netlink: 'syz.5.623': attribute type 1 has an invalid length. [ 61.165173][ T6853] bond1: entered promiscuous mode [ 61.170622][ T6853] 8021q: adding VLAN 0 to HW filter on device bond1 [ 61.200585][ T6853] batadv1: entered promiscuous mode [ 61.205962][ T6853] batadv1: entered allmulticast mode [ 61.213134][ T6853] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 61.222021][ T6853] bond1: (slave batadv1): making interface the new active one [ 61.230334][ T6891] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.612' sets config #0 [ 61.231220][ T6853] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 61.252119][ T6892] batadv2: entered promiscuous mode [ 61.257538][ T6892] batadv2: entered allmulticast mode [ 61.263596][ T6892] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 61.272199][ T6892] bond1: (slave batadv2): Enslaving as an active interface with an up link [ 61.333045][ T6897] netlink: 'syz.2.613': attribute type 4 has an invalid length. [ 61.482733][ T6909] loop7: detected capacity change from 0 to 4096 [ 61.503138][ T6909] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 61.523632][ T6917] pim6reg: entered allmulticast mode [ 61.532247][ T6917] pim6reg: left allmulticast mode [ 61.605136][ T6930] loop6: detected capacity change from 0 to 128 [ 61.622338][ T6007] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.681972][ T6930] bio_check_eod: 101 callbacks suppressed [ 61.681989][ T6930] syz.6.621: attempt to access beyond end of device [ 61.681989][ T6930] loop6: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 61.701574][ T6930] syz.6.621: attempt to access beyond end of device [ 61.701574][ T6930] loop6: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 61.715463][ T6930] syz.6.621: attempt to access beyond end of device [ 61.715463][ T6930] loop6: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 61.730075][ T6930] syz.6.621: attempt to access beyond end of device [ 61.730075][ T6930] loop6: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 61.744097][ T6930] syz.6.621: attempt to access beyond end of device [ 61.744097][ T6930] loop6: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 61.759467][ T6930] syz.6.621: attempt to access beyond end of device [ 61.759467][ T6930] loop6: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 61.773296][ T6930] syz.6.621: attempt to access beyond end of device [ 61.773296][ T6930] loop6: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 61.794076][ T6930] syz.6.621: attempt to access beyond end of device [ 61.794076][ T6930] loop6: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 61.808691][ T6930] syz.6.621: attempt to access beyond end of device [ 61.808691][ T6930] loop6: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 61.824658][ T6930] syz.6.621: attempt to access beyond end of device [ 61.824658][ T6930] loop6: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 61.886286][ T6947] loop3: detected capacity change from 0 to 1024 [ 61.914213][ T6947] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 61.948547][ T6955] __nla_validate_parse: 2 callbacks suppressed [ 61.948564][ T6955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'. [ 62.006512][ T6963] bond0: entered promiscuous mode [ 62.011641][ T6963] bond_slave_0: entered promiscuous mode [ 62.017447][ T6963] bond_slave_1: entered promiscuous mode [ 62.023614][ T6963] bond0: entered allmulticast mode [ 62.028756][ T6963] bond_slave_0: entered allmulticast mode [ 62.034552][ T6963] bond_slave_1: entered allmulticast mode [ 62.043448][ T6963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.063520][ T6947] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.629: Allocating blocks 449-513 which overlap fs metadata [ 62.090428][ T6946] EXT4-fs (loop3): pa ffff888107289460: logic 48, phys. 177, len 21 [ 62.098894][ T6946] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 4 [ 62.111137][ T6945] usb usb1: usbfs: interface 0 claimed by hub while 'syz.7.627' sets config #0 [ 62.131205][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.290282][ T6994] netlink: 4 bytes leftover after parsing attributes in process `syz.7.644'. [ 62.326446][ T6994] team1: entered promiscuous mode [ 62.331546][ T6994] team1: entered allmulticast mode [ 62.472280][ T7050] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7050 comm=syz.3.649 [ 62.824789][ T7083] loop7: detected capacity change from 0 to 512 [ 62.863370][ T7089] netlink: 4 bytes leftover after parsing attributes in process `syz.5.659'. [ 62.872368][ T7081] loop6: detected capacity change from 0 to 4096 [ 62.878918][ T7089] team2: entered promiscuous mode [ 62.882316][ T7083] EXT4-fs (loop7): revision level too high, forcing read-only mode [ 62.884039][ T7089] team2: entered allmulticast mode [ 62.897103][ T7083] EXT4-fs (loop7): orphan cleanup on readonly fs [ 62.905873][ T7083] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.658: Failed to acquire dquot type 1 [ 62.921155][ T7081] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 62.937115][ T7083] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.658: bg 0: block 40: padding at end of block bitmap is not set [ 62.972713][ T7083] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 62.990804][ T7083] EXT4-fs (loop7): 1 truncate cleaned up [ 63.003062][ T7083] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 63.162938][ T6007] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.200740][ T3889] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.249663][ T7136] netlink: 92 bytes leftover after parsing attributes in process `syz.7.664'. [ 63.315301][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.5.669'. [ 63.325128][ T7150] netlink: 12 bytes leftover after parsing attributes in process `syz.5.669'. [ 63.527152][ T7163] loop3: detected capacity change from 0 to 2048 [ 63.554755][ T7163] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.604675][ T3307] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set [ 63.622365][ T3307] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 63.638786][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.244890][ T7244] netlink: 'syz.6.689': attribute type 1 has an invalid length. [ 64.288811][ T7246] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 64.311558][ T7280] bond1: (slave bridge1): making interface the new active one [ 64.321030][ T7280] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 64.404581][ T7291] loop7: detected capacity change from 0 to 1024 [ 64.411872][ T7291] EXT4-fs: Ignoring removed nobh option [ 64.417638][ T7291] EXT4-fs: Ignoring removed bh option [ 64.469391][ T7291] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4183: comm syz.7.693: Allocating blocks 385-513 which overlap fs metadata [ 64.508115][ T7291] EXT4-fs (loop7): pa ffff8881072894d0: logic 16, phys. 129, len 24 [ 64.516260][ T7291] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 8 [ 64.660305][ T7304] netlink: 4 bytes leftover after parsing attributes in process `syz.3.697'. [ 64.669896][ T7304] netlink: 12 bytes leftover after parsing attributes in process `syz.3.697'. [ 64.858602][ T29] kauditd_printk_skb: 104 callbacks suppressed [ 64.858619][ T29] audit: type=1326 audit(1755785811.655:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7318 comm="syz.7.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 64.964377][ T29] audit: type=1326 audit(1755785811.685:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7318 comm="syz.7.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 64.988001][ T29] audit: type=1326 audit(1755785811.685:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7318 comm="syz.7.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 65.011550][ T29] audit: type=1326 audit(1755785811.685:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7318 comm="syz.7.699" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 65.159441][ T7328] loop3: detected capacity change from 0 to 512 [ 65.169831][ T7328] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 65.187017][ T7328] EXT4-fs (loop3): orphan cleanup on readonly fs [ 65.193944][ T7328] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 65.202983][ T7328] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 65.212857][ T7328] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.700: Failed to acquire dquot type 1 [ 65.296182][ T7328] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.700: bg 0: block 40: padding at end of block bitmap is not set [ 65.321429][ T7328] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 65.757320][ T7328] EXT4-fs (loop3): 1 truncate cleaned up [ 65.880966][ T7349] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7349 comm=syz.2.705 [ 65.903924][ T7346] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.985991][ T7346] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.086797][ T7367] capability: warning: `syz.2.711' uses deprecated v2 capabilities in a way that may be insecure [ 66.111706][ T7346] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.168497][ T7346] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 66.197228][ T7373] netlink: 4 bytes leftover after parsing attributes in process `syz.2.712'. [ 66.208958][ T7373] netlink: 12 bytes leftover after parsing attributes in process `syz.2.712'. [ 66.266214][ T3641] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.301607][ T3641] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.350434][ T3641] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.389158][ T3641] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.508151][ T7388] loop7: detected capacity change from 0 to 512 [ 66.539955][ T7388] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 66.551664][ T7388] EXT4-fs warning (device loop7): dx_probe:849: Enable large directory feature to access it [ 66.561811][ T7388] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.714: Corrupt directory, running e2fsck is recommended [ 66.577575][ T7388] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -117 [ 66.586384][ T7388] EXT4-fs error (device loop7): ext4_iget_extra_inode:5104: inode #15: comm syz.7.714: corrupted in-inode xattr: invalid ea_ino [ 66.600779][ T7388] EXT4-fs (loop7): Remounting filesystem read-only [ 66.613746][ T7388] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 66.625451][ T7388] EXT4-fs warning (device loop7): dx_probe:849: Enable large directory feature to access it [ 66.635617][ T7388] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.714: Corrupt directory, running e2fsck is recommended [ 66.684328][ T29] audit: type=1326 audit(1755785813.475:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7397 comm="syz.5.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd96cebe9 code=0x7ffc0000 [ 66.684496][ T7388] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 66.707764][ T29] audit: type=1326 audit(1755785813.475:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7397 comm="syz.5.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f8cd96cebe9 code=0x7ffc0000 [ 66.719642][ T7388] EXT4-fs warning (device loop7): dx_probe:849: Enable large directory feature to access it [ 66.719664][ T7388] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.714: Corrupt directory, running e2fsck is recommended [ 66.756815][ T7399] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 66.766280][ T29] audit: type=1326 audit(1755785813.475:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7397 comm="syz.5.717" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cd96cebe9 code=0x7ffc0000 [ 66.777778][ T7399] EXT4-fs warning (device loop7): dx_probe:849: Enable large directory feature to access it [ 66.811344][ T7399] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.714: Corrupt directory, running e2fsck is recommended [ 66.848380][ T7401] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 66.990012][ T29] audit: type=1400 audit(1755785813.775:1042): avc: denied { listen } for pid=7404 comm="syz.6.729" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 67.022277][ T7413] loop6: detected capacity change from 0 to 512 [ 67.055139][ T7413] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.066766][ T7413] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 67.077002][ T7413] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.731: Corrupt directory, running e2fsck is recommended [ 67.090097][ T7413] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117 [ 67.103291][ T7419] loop5: detected capacity change from 0 to 512 [ 67.114143][ T7413] EXT4-fs error (device loop6): ext4_iget_extra_inode:5104: inode #15: comm syz.6.731: corrupted in-inode xattr: invalid ea_ino [ 67.139703][ T7419] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 67.155906][ T7419] EXT4-fs (loop5): orphan cleanup on readonly fs [ 67.169702][ T7413] EXT4-fs (loop6): Remounting filesystem read-only [ 67.176549][ T7424] loop7: detected capacity change from 0 to 512 [ 67.182769][ T7419] EXT4-fs error (device loop5): ext4_acquire_dquot:6937: comm syz.5.721: Failed to acquire dquot type 1 [ 67.184306][ T7413] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.205613][ T7413] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 67.207120][ T7419] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.721: bg 0: block 40: padding at end of block bitmap is not set [ 67.215916][ T7413] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.731: Corrupt directory, running e2fsck is recommended [ 67.249986][ T7413] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.261590][ T7413] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 67.263252][ T7419] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 67.271925][ T7413] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.731: Corrupt directory, running e2fsck is recommended [ 67.283662][ T7419] EXT4-fs (loop5): 1 truncate cleaned up [ 67.296864][ T7424] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 67.328628][ T7413] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.340321][ T7413] EXT4-fs warning (device loop6): dx_probe:849: Enable large directory feature to access it [ 67.350477][ T7413] EXT4-fs warning (device loop6): dx_probe:934: inode #2: comm syz.6.731: Corrupt directory, running e2fsck is recommended [ 67.364538][ T7413] EXT4-fs warning (device loop6): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.527370][ T7460] netlink: 96 bytes leftover after parsing attributes in process `syz.7.733'. [ 67.566780][ T7466] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 67.612717][ T7473] loop2: detected capacity change from 0 to 512 [ 67.620865][ T7473] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.632436][ T7473] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 67.642631][ T7473] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.738: Corrupt directory, running e2fsck is recommended [ 67.657767][ T7473] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 67.666202][ T7473] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.738: corrupted in-inode xattr: invalid ea_ino [ 67.690231][ T7473] EXT4-fs (loop2): Remounting filesystem read-only [ 67.710951][ T7484] loop6: detected capacity change from 0 to 512 [ 67.724124][ T7473] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.735821][ T7473] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 67.746006][ T7473] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.738: Corrupt directory, running e2fsck is recommended [ 67.774690][ T7473] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.786332][ T7473] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 67.796501][ T7473] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.738: Corrupt directory, running e2fsck is recommended [ 67.796619][ T7484] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 67.820819][ T7473] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.822215][ T7484] EXT4-fs (loop6): 1 truncate cleaned up [ 67.832423][ T7473] EXT4-fs warning (device loop2): dx_probe:849: Enable large directory feature to access it [ 67.832448][ T7473] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.738: Corrupt directory, running e2fsck is recommended [ 67.875773][ T7473] EXT4-fs warning (device loop2): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 67.966413][ T7499] loop5: detected capacity change from 0 to 128 [ 68.011403][ T7499] Process accounting resumed [ 68.033246][ T7499] FAT-fs (loop5): error, corrupted file size (i_pos 548, 512) [ 68.040826][ T7499] FAT-fs (loop5): Filesystem has been set read-only [ 68.064419][ T5277] FAT-fs (loop5): error, corrupted file size (i_pos 548, 512) [ 68.082840][ T7514] loop6: detected capacity change from 0 to 512 [ 68.110345][ T7514] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 68.130898][ T7514] EXT4-fs (loop6): orphan cleanup on readonly fs [ 68.139792][ T7514] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.740: Failed to acquire dquot type 1 [ 68.157072][ T7514] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.740: bg 0: block 40: padding at end of block bitmap is not set [ 68.181303][ T7532] loop2: detected capacity change from 0 to 512 [ 68.192249][ T7514] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 68.201542][ T7532] EXT4-fs: Ignoring removed nobh option [ 68.207642][ T7514] EXT4-fs (loop6): 1 truncate cleaned up [ 68.226112][ T7533] Driver unsupported XDP return value 0 on prog (id 627) dev N/A, expect packet loss! [ 68.257730][ T7532] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.751: iget: bad i_size value: 38620345925642 [ 68.288474][ T7538] ALSA: seq fatal error: cannot create timer (-22) [ 68.301539][ T7532] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.751: couldn't read orphan inode 15 (err -117) [ 68.551822][ T7575] netlink: 8 bytes leftover after parsing attributes in process `syz.6.767'. [ 68.590375][ T7575] ip6gre1: entered allmulticast mode [ 68.709969][ T7599] netlink: 4 bytes leftover after parsing attributes in process `syz.6.773'. [ 68.787897][ T7604] loop3: detected capacity change from 0 to 512 [ 68.799913][ T7604] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 68.821534][ T7604] EXT4-fs (loop3): 1 truncate cleaned up [ 69.037039][ T3664] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm kworker/u8:55: bg 0: block 5: invalid block bitmap [ 69.073378][ T3664] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1792 with error 28 [ 69.085977][ T3664] EXT4-fs (loop2): This should not happen!! Data will be lost [ 69.085977][ T3664] [ 69.095682][ T3664] EXT4-fs (loop2): Total free blocks count 0 [ 69.101783][ T3664] EXT4-fs (loop2): Free/Dirty block details [ 69.107715][ T3664] EXT4-fs (loop2): free_blocks=0 [ 69.112683][ T3664] EXT4-fs (loop2): dirty_blocks=1796 [ 69.118026][ T3664] EXT4-fs (loop2): Block reservation details [ 69.124081][ T3664] EXT4-fs (loop2): i_reserved_data_blocks=1796 [ 69.492860][ T7659] random: crng reseeded on system resumption [ 69.515989][ T7659] ÿÿÿÿÿÿ: renamed from vlan1 [ 69.631407][ T7681] netlink: 8 bytes leftover after parsing attributes in process `syz.7.786'. [ 69.685151][ T7685] netlink: 8 bytes leftover after parsing attributes in process `syz.7.789'. [ 69.715432][ T7691] loop5: detected capacity change from 0 to 128 [ 69.871564][ T29] kauditd_printk_skb: 57 callbacks suppressed [ 69.871582][ T29] audit: type=1326 audit(1755785816.665:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 69.906225][ T29] audit: type=1326 audit(1755785816.705:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 69.929725][ T29] audit: type=1326 audit(1755785816.705:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 69.953218][ T29] audit: type=1326 audit(1755785816.705:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 69.979684][ T29] audit: type=1326 audit(1755785816.705:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 70.003219][ T29] audit: type=1326 audit(1755785816.705:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 70.026559][ T29] audit: type=1326 audit(1755785816.705:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 70.049968][ T29] audit: type=1326 audit(1755785816.755:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 70.073317][ T29] audit: type=1326 audit(1755785816.755:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 70.096956][ T29] audit: type=1326 audit(1755785816.755:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7713 comm="syz.7.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff462ddebe9 code=0x7ffc0000 [ 70.132768][ T7718] random: crng reseeded on system resumption [ 70.185924][ T7731] loop2: detected capacity change from 0 to 512 [ 70.195152][ T7718] ÿÿÿÿÿÿ: renamed from vlan1 [ 70.200681][ T7731] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 70.259437][ T7731] EXT4-fs (loop2): 1 truncate cleaned up [ 70.283106][ T7731] EXT4-fs mount: 22 callbacks suppressed [ 70.283138][ T7731] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.316750][ T7739] netlink: 8 bytes leftover after parsing attributes in process `syz.7.805'. [ 70.416611][ T7739] ip6gre1: entered allmulticast mode [ 70.498215][ T7759] loop7: detected capacity change from 0 to 128 [ 70.501934][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.327266][ T7811] netlink: 8 bytes leftover after parsing attributes in process `syz.3.822'. [ 71.338904][ T7811] ip6gre1: entered allmulticast mode [ 71.511226][ T7826] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.587535][ T7826] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.647456][ T7826] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.715379][ T7826] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.777211][ T7850] bridge: RTM_NEWNEIGH with invalid ether address [ 71.786107][ T3625] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.802356][ T3625] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.832950][ T3625] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.851396][ T3625] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.001044][ T7877] netlink: 8 bytes leftover after parsing attributes in process `syz.5.840'. [ 72.803597][ T7929] loop5: detected capacity change from 0 to 512 [ 72.827589][ T7929] EXT4-fs: Ignoring removed nobh option [ 72.841857][ T7929] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #15: comm syz.5.860: iget: bad i_size value: 38620345925642 [ 72.872757][ T7929] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.860: couldn't read orphan inode 15 (err -117) [ 72.895315][ T7929] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.995021][ T7942] bridge: RTM_NEWNEIGH with invalid ether address [ 73.388930][ T8008] netlink: 'syz.7.868': attribute type 13 has an invalid length. [ 73.766562][ T70] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm kworker/u8:4: bg 0: block 5: invalid block bitmap [ 73.830484][ T8008] gretap0: refused to change device tx_queue_len [ 73.879674][ T70] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1512 with error 28 [ 73.881869][ T8008] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 73.892534][ T70] EXT4-fs (loop5): This should not happen!! Data will be lost [ 73.892534][ T70] [ 73.892584][ T70] EXT4-fs (loop5): Total free blocks count 0 [ 73.892600][ T70] EXT4-fs (loop5): Free/Dirty block details [ 73.892615][ T70] EXT4-fs (loop5): free_blocks=0 [ 73.935001][ T70] EXT4-fs (loop5): dirty_blocks=1516 [ 73.940406][ T70] EXT4-fs (loop5): Block reservation details [ 73.946453][ T70] EXT4-fs (loop5): i_reserved_data_blocks=1516 [ 73.953477][ T8064] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8064 comm=syz.2.872 [ 74.084510][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.135038][ T8097] loop2: detected capacity change from 0 to 512 [ 74.166972][ T8097] EXT4-fs: Ignoring removed oldalloc option [ 74.172970][ T8097] EXT4-fs: inline encryption not supported [ 74.179145][ T8097] EXT4-fs: Ignoring removed mblk_io_submit option [ 74.191080][ T8108] netlink: 204 bytes leftover after parsing attributes in process `syz.3.877'. [ 74.204662][ T8097] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.207898][ T8113] netlink: 12 bytes leftover after parsing attributes in process `syz.7.879'. [ 74.249699][ T8117] loop3: detected capacity change from 0 to 1024 [ 74.257520][ T8117] EXT4-fs: Ignoring removed bh option [ 74.266332][ T8117] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 74.290099][ T8097] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.876: bg 0: block 64: padding at end of block bitmap is not set [ 74.321189][ T8097] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.876: Failed to acquire dquot type 0 [ 74.335165][ T8117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.350482][ T8097] EXT4-fs (loop2): 1 truncate cleaned up [ 74.357664][ T8097] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 74.405693][ T8142] netlink: 12 bytes leftover after parsing attributes in process `syz.6.888'. [ 74.426463][ T8117] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.440020][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.549946][ T8163] netlink: 'syz.7.894': attribute type 13 has an invalid length. [ 74.588340][ T8161] loop3: detected capacity change from 0 to 8192 [ 74.598961][ T8173] loop6: detected capacity change from 0 to 128 [ 74.610074][ T8173] FAT-fs (loop6): Directory bread(block 32) failed [ 74.616869][ T8173] FAT-fs (loop6): Directory bread(block 33) failed [ 74.623602][ T8173] FAT-fs (loop6): Directory bread(block 34) failed [ 74.634865][ T8173] FAT-fs (loop6): Directory bread(block 35) failed [ 74.653334][ T8163] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.660638][ T8163] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.671095][ T8173] FAT-fs (loop6): Directory bread(block 36) failed [ 74.679895][ T8173] FAT-fs (loop6): Directory bread(block 37) failed [ 74.713536][ T8173] FAT-fs (loop6): Directory bread(block 38) failed [ 74.724753][ T8173] FAT-fs (loop6): Directory bread(block 39) failed [ 74.732294][ T8173] FAT-fs (loop6): Directory bread(block 40) failed [ 74.739249][ T8173] FAT-fs (loop6): Directory bread(block 41) failed [ 74.746739][ T8185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.901'. [ 74.752321][ T8163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.769700][ T8163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.801894][ T8173] FAT-fs (loop6): error, fat_free_clusters: deleting FAT entry beyond EOF [ 74.810525][ T8173] FAT-fs (loop6): Filesystem has been set read-only [ 74.826811][ T8188] loop2: detected capacity change from 0 to 164 [ 74.832073][ T8173] bio_check_eod: 75 callbacks suppressed [ 74.832093][ T8173] +}[@: attempt to access beyond end of device [ 74.832093][ T8173] loop6: rw=2049, sector=4184, nr_sectors = 16 limit=128 [ 74.839389][ T8188] rock: directory entry would overflow storage [ 74.853197][ T8173] +}[@: attempt to access beyond end of device [ 74.853197][ T8173] loop6: rw=2049, sector=4208, nr_sectors = 4 limit=128 [ 74.858606][ T8188] rock: sig=0x66, size=4, remaining=3 [ 74.871708][ T8173] Buffer I/O error on dev loop6, logical block 1052, lost async page write [ 74.890325][ T1035] syz2: Port: 1 Link DOWN [ 74.895057][ T8173] +}[@: attempt to access beyond end of device [ 74.895057][ T8173] loop6: rw=2049, sector=4216, nr_sectors = 4 limit=128 [ 74.908279][ T8173] Buffer I/O error on dev loop6, logical block 1054, lost async page write [ 74.921715][ T8173] +}[@: attempt to access beyond end of device [ 74.921715][ T8173] loop6: rw=2049, sector=4228, nr_sectors = 4 limit=128 [ 74.934933][ T8173] Buffer I/O error on dev loop6, logical block 1057, lost async page write [ 74.935190][ T3612] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.975911][ T3612] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.981178][ T8173] +}[@: attempt to access beyond end of device [ 74.981178][ T8173] loop6: rw=2049, sector=4236, nr_sectors = 4 limit=128 [ 74.997691][ T8173] Buffer I/O error on dev loop6, logical block 1059, lost async page write [ 74.997988][ T3612] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.017288][ T3612] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.028354][ T8173] +}[@: attempt to access beyond end of device [ 75.028354][ T8173] loop6: rw=2049, sector=4240, nr_sectors = 4 limit=128 [ 75.093066][ T8204] loop3: detected capacity change from 0 to 2048 [ 75.122939][ T29] kauditd_printk_skb: 198 callbacks suppressed [ 75.122957][ T29] audit: type=1400 audit(1755785821.925:1302): avc: denied { write } for pid=8208 comm="syz.7.911" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 75.148731][ T8212] loop7: detected capacity change from 0 to 1024 [ 75.155508][ T8212] EXT4-fs: Ignoring removed bh option [ 75.161875][ T8212] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 75.177967][ T8212] EXT4-fs error (device loop7): ext4_quota_enable:7128: comm syz.7.911: inode #2304: comm syz.7.911: iget: illegal inode # [ 75.187652][ T8204] loop3: p2 p3 p7 [ 75.202592][ T8212] EXT4-fs (loop7): Remounting filesystem read-only [ 75.209144][ T8212] EXT4-fs warning (device loop7): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 75.210841][ T8222] mmap: syz.5.914 (8222) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 75.238086][ T8212] EXT4-fs (loop7): mount failed [ 75.277048][ T29] audit: type=1326 audit(1755785822.075:1303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.300623][ T29] audit: type=1326 audit(1755785822.075:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.327611][ T29] audit: type=1326 audit(1755785822.075:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.351161][ T29] audit: type=1326 audit(1755785822.075:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.374568][ T29] audit: type=1326 audit(1755785822.075:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.398080][ T29] audit: type=1326 audit(1755785822.125:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd6671bd69f code=0x7ffc0000 [ 75.421367][ T29] audit: type=1326 audit(1755785822.125:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.444750][ T29] audit: type=1326 audit(1755785822.125:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.468591][ T29] audit: type=1326 audit(1755785822.125:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8237 comm="syz.3.916" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fd6671bebe9 code=0x7ffc0000 [ 75.511644][ T8246] netlink: 'syz.6.918': attribute type 13 has an invalid length. [ 75.581728][ T8257] loop3: detected capacity change from 0 to 512 [ 75.592432][ T8257] EXT4-fs: Ignoring removed nobh option [ 75.599280][ T8252] IPVS: Error connecting to the multicast addr [ 75.607287][ T8257] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.922: iget: bad i_size value: 38620345925642 [ 75.620581][ T8257] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.922: couldn't read orphan inode 15 (err -117) [ 75.635236][ T8257] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.813002][ T8300] loop2: detected capacity change from 0 to 128 [ 75.841005][ T8300] FAT-fs (loop2): Directory bread(block 32) failed [ 75.851635][ T8300] FAT-fs (loop2): Directory bread(block 33) failed [ 75.858355][ T8300] FAT-fs (loop2): Directory bread(block 34) failed [ 75.867016][ T8300] FAT-fs (loop2): Directory bread(block 35) failed [ 75.873806][ T8300] FAT-fs (loop2): Directory bread(block 36) failed [ 75.880563][ T8300] FAT-fs (loop2): Directory bread(block 37) failed [ 75.889861][ T8300] FAT-fs (loop2): Directory bread(block 38) failed [ 75.896742][ T8300] FAT-fs (loop2): Directory bread(block 39) failed [ 75.906710][ T8300] FAT-fs (loop2): Directory bread(block 40) failed [ 75.913569][ T8300] FAT-fs (loop2): Directory bread(block 41) failed [ 75.961712][ T8300] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 75.970377][ T8300] FAT-fs (loop2): Filesystem has been set read-only [ 75.982225][ T8300] +}[@: attempt to access beyond end of device [ 75.982225][ T8300] loop2: rw=2049, sector=4184, nr_sectors = 16 limit=128 [ 75.998296][ T8300] +}[@: attempt to access beyond end of device [ 75.998296][ T8300] loop2: rw=2049, sector=4208, nr_sectors = 4 limit=128 [ 76.011519][ T8300] Buffer I/O error on dev loop2, logical block 1052, lost async page write [ 76.022659][ T8300] +}[@: attempt to access beyond end of device [ 76.022659][ T8300] loop2: rw=2049, sector=4216, nr_sectors = 4 limit=128 [ 76.035842][ T8300] Buffer I/O error on dev loop2, logical block 1054, lost async page write [ 76.044574][ T8300] +}[@: attempt to access beyond end of device [ 76.044574][ T8300] loop2: rw=2049, sector=4228, nr_sectors = 4 limit=128 [ 76.057705][ T8300] Buffer I/O error on dev loop2, logical block 1057, lost async page write [ 76.066705][ T8300] Buffer I/O error on dev loop2, logical block 1059, lost async page write [ 76.253244][ T8335] loop2: detected capacity change from 0 to 8192 [ 76.364985][ T8376] loop2: detected capacity change from 0 to 2048 [ 76.457330][ T8376] loop2: p2 p3 p7 [ 76.478506][ T3610] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm kworker/u8:9: bg 0: block 5: invalid block bitmap [ 76.506851][ T3610] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1464 with error 28 [ 76.519432][ T3610] EXT4-fs (loop3): This should not happen!! Data will be lost [ 76.519432][ T3610] [ 76.529377][ T3610] EXT4-fs (loop3): Total free blocks count 0 [ 76.535414][ T3610] EXT4-fs (loop3): Free/Dirty block details [ 76.541367][ T3610] EXT4-fs (loop3): free_blocks=0 [ 76.546437][ T3610] EXT4-fs (loop3): dirty_blocks=1468 [ 76.551771][ T3610] EXT4-fs (loop3): Block reservation details [ 76.557849][ T3610] EXT4-fs (loop3): i_reserved_data_blocks=1468 [ 76.584928][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.621645][ T8428] loop3: detected capacity change from 0 to 1024 [ 76.632549][ T8428] EXT4-fs: Ignoring removed bh option [ 76.639723][ T8428] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 76.656769][ T8428] EXT4-fs error (device loop3): ext4_quota_enable:7128: comm syz.3.933: inode #2304: comm syz.3.933: iget: illegal inode # [ 76.672966][ T8434] IPVS: Error connecting to the multicast addr [ 76.686365][ T8428] EXT4-fs (loop3): Remounting filesystem read-only [ 76.693472][ T8428] EXT4-fs warning (device loop3): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 76.714943][ T8428] EXT4-fs (loop3): mount failed [ 77.098479][ T8467] loop5: detected capacity change from 0 to 8192 [ 77.230592][ T8482] netlink: 'syz.3.957': attribute type 13 has an invalid length. [ 77.646005][ T8537] netlink: 'syz.3.967': attribute type 13 has an invalid length. [ 77.658682][ T8537] gretap0: refused to change device tx_queue_len [ 77.665967][ T8537] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 77.780500][ T8548] netlink: 'syz.3.969': attribute type 10 has an invalid length. [ 77.790579][ T8548] team0: Port device dummy0 added [ 77.797182][ T8548] netlink: 'syz.3.969': attribute type 10 has an invalid length. [ 77.800652][ T8552] openvswitch: netlink: Message has 6 unknown bytes. [ 77.832766][ T8548] team0: Port device dummy0 removed [ 77.840397][ T8548] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 77.851574][ T8557] loop6: detected capacity change from 0 to 256 [ 77.874391][ T8555] wg2: entered promiscuous mode [ 77.879786][ T8555] wg2: entered allmulticast mode [ 77.895801][ T8562] netlink: 4 bytes leftover after parsing attributes in process `syz.2.974'. [ 77.917648][ T8564] loop5: detected capacity change from 0 to 1024 [ 77.925362][ T8564] EXT4-fs: Ignoring removed bh option [ 77.931557][ T8564] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 77.947114][ T8564] EXT4-fs error (device loop5): ext4_quota_enable:7128: comm syz.5.975: inode #2304: comm syz.5.975: iget: illegal inode # [ 77.960798][ T8564] EXT4-fs (loop5): Remounting filesystem read-only [ 77.967408][ T8564] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 77.982586][ T8564] EXT4-fs (loop5): mount failed [ 78.036345][ T8586] netlink: 4 bytes leftover after parsing attributes in process `syz.3.990'. [ 78.084853][ T8591] netlink: 'syz.5.981': attribute type 13 has an invalid length. [ 78.173129][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.6.986'. [ 78.204240][ T8602] team2: entered promiscuous mode [ 78.209336][ T8602] team2: entered allmulticast mode [ 78.261106][ T8646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.993'. [ 78.407635][ T8662] netlink: 4 bytes leftover after parsing attributes in process `syz.6.996'. [ 79.264506][ T8680] syzkaller0: entered allmulticast mode [ 79.270318][ T8680] syzkaller0: entered promiscuous mode [ 79.277250][ T8680] syzkaller0 (unregistering): left allmulticast mode [ 79.284089][ T8680] syzkaller0 (unregistering): left promiscuous mode [ 79.291628][ T8682] netlink: 'syz.2.999': attribute type 13 has an invalid length. [ 79.491819][ T8707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.506256][ T8707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.559030][ T8721] wg2: entered promiscuous mode [ 79.564026][ T8721] wg2: entered allmulticast mode [ 79.684596][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1022'. [ 79.775893][ T8750] loop3: detected capacity change from 0 to 8192 [ 79.832298][ T8762] loop5: detected capacity change from 0 to 128 [ 79.908973][ T8766] bio_check_eod: 2 callbacks suppressed [ 79.909054][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.909054][ T8766] loop5: rw=2049, sector=145, nr_sectors = 8 limit=128 [ 79.928317][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.928317][ T8766] loop5: rw=2049, sector=161, nr_sectors = 8 limit=128 [ 79.941855][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.941855][ T8766] loop5: rw=2049, sector=177, nr_sectors = 24 limit=128 [ 79.955794][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.955794][ T8766] loop5: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 79.969280][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.969280][ T8766] loop5: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 79.982883][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.982883][ T8766] loop5: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 79.996460][ T8766] syz.5.1028: attempt to access beyond end of device [ 79.996460][ T8766] loop5: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 80.015020][ T8766] syz.5.1028: attempt to access beyond end of device [ 80.015020][ T8766] loop5: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 80.028897][ T8766] syz.5.1028: attempt to access beyond end of device [ 80.028897][ T8766] loop5: rw=2049, sector=289, nr_sectors = 9 limit=128 [ 80.143665][ T8772] netlink: zone id is out of range [ 80.149814][ T8772] netlink: zone id is out of range [ 80.155200][ T8772] netlink: zone id is out of range [ 80.160361][ T8772] netlink: zone id is out of range [ 80.165980][ T8772] netlink: zone id is out of range [ 80.171797][ T8772] netlink: zone id is out of range [ 80.177247][ T8772] netlink: zone id is out of range [ 80.182773][ T8772] netlink: zone id is out of range [ 80.188279][ T8772] netlink: zone id is out of range [ 80.194079][ T8772] netlink: zone id is out of range [ 80.271326][ T8780] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1035'. [ 80.301465][ T8780] team2: entered promiscuous mode [ 80.306584][ T8780] team2: entered allmulticast mode [ 80.719878][ T8838] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1041'. [ 80.729243][ T8838] netem: change failed [ 80.785929][ T8844] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8844 comm=syz.5.1043 [ 80.836994][ T8848] syzkaller0: entered allmulticast mode [ 80.843080][ T8848] syzkaller0: entered promiscuous mode [ 80.847834][ T8852] loop7: detected capacity change from 0 to 164 [ 80.856533][ T8848] syzkaller0 (unregistering): left allmulticast mode [ 80.863295][ T8848] syzkaller0 (unregistering): left promiscuous mode [ 80.871169][ T8852] syz.7.1046: attempt to access beyond end of device [ 80.871169][ T8852] loop7: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 80.902115][ T29] kauditd_printk_skb: 119 callbacks suppressed [ 80.902132][ T29] audit: type=1400 audit(1755785827.695:1431): avc: denied { bind } for pid=8856 comm="syz.7.1047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 80.987660][ T29] audit: type=1400 audit(1755785827.785:1432): avc: denied { bind } for pid=8862 comm="syz.5.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 80.990544][ T8863] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1049'. [ 81.011880][ T29] audit: type=1400 audit(1755785827.785:1433): avc: denied { setopt } for pid=8862 comm="syz.5.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 81.062752][ T8863] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1049'. [ 81.192035][ T29] audit: type=1400 audit(1755785827.985:1434): avc: denied { read write } for pid=6007 comm="syz-executor" name="loop7" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.216656][ T29] audit: type=1400 audit(1755785827.985:1435): avc: denied { open } for pid=6007 comm="syz-executor" path="/dev/loop7" dev="devtmpfs" ino=107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.245689][ T29] audit: type=1400 audit(1755785828.025:1436): avc: denied { ioctl } for pid=3307 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=103 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 81.271589][ T29] audit: type=1400 audit(1755785828.035:1437): avc: denied { prog_load } for pid=8895 comm="syz.3.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 81.291067][ T29] audit: type=1400 audit(1755785828.035:1438): avc: denied { bpf } for pid=8895 comm="syz.3.1060" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 81.311758][ T29] audit: type=1400 audit(1755785828.045:1439): avc: denied { perfmon } for pid=8892 comm="syz.5.1057" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 81.332665][ T29] audit: type=1400 audit(1755785828.045:1440): avc: denied { map_create } for pid=8892 comm="syz.5.1057" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 81.418975][ T8904] netlink: 'syz.7.1062': attribute type 13 has an invalid length. [ 81.698419][ T8954] loop5: detected capacity change from 0 to 512 [ 81.706559][ T8954] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 81.725349][ T8954] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.739787][ T8954] ext4 filesystem being mounted at /200/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 81.763938][ T3816] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.800009][ T8971] loop6: detected capacity change from 0 to 164 [ 82.497675][ T8999] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8999 comm=syz.3.1091 [ 82.826044][ T9028] loop7: detected capacity change from 0 to 8192 [ 82.858052][ T9039] loop2: detected capacity change from 0 to 128 [ 84.300015][ T9152] loop6: detected capacity change from 0 to 8192 [ 84.402199][ T3610] ================================================================== [ 84.410408][ T3610] BUG: KCSAN: data-race in copy_folio_from_iter_atomic / fat16_ent_put [ 84.418674][ T3610] [ 84.421014][ T3610] write to 0xffff88810a2243f0 of 2 bytes by task 9152 on cpu 1: [ 84.428695][ T3610] fat16_ent_put+0x28/0x60 [ 84.433482][ T3610] fat_ent_write+0x69/0xe0 [ 84.437916][ T3610] fat_chain_add+0x15d/0x440 [ 84.442545][ T3610] fat_get_block+0x46c/0x5e0 [ 84.447342][ T3610] __block_write_begin_int+0x3fd/0xf90 [ 84.452844][ T3610] cont_write_begin+0x5fc/0x970 [ 84.457710][ T3610] fat_write_begin+0x4f/0xe0 [ 84.462309][ T3610] cont_write_begin+0x1ad/0x970 [ 84.467178][ T3610] fat_write_begin+0x4f/0xe0 [ 84.471802][ T3610] generic_cont_expand_simple+0xb0/0x150 [ 84.477451][ T3610] fat_cont_expand+0x3e/0x170 [ 84.482136][ T3610] fat_setattr+0x2a5/0x8a0 [ 84.486595][ T3610] notify_change+0x809/0x890 [ 84.491204][ T3610] do_ftruncate+0x34b/0x450 [ 84.495818][ T3610] __x64_sys_ftruncate+0x68/0xc0 [ 84.500786][ T3610] x64_sys_call+0x2d52/0x2ff0 [ 84.505475][ T3610] do_syscall_64+0xd2/0x200 [ 84.509991][ T3610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.515907][ T3610] [ 84.518329][ T3610] read to 0xffff88810a224200 of 512 bytes by task 3610 on cpu 0: [ 84.526138][ T3610] copy_folio_from_iter_atomic+0x7fc/0x1170 [ 84.532136][ T3610] generic_perform_write+0x2c2/0x490 [ 84.537480][ T3610] shmem_file_write_iter+0xc5/0xf0 [ 84.542619][ T3610] lo_rw_aio+0x6a0/0x760 [ 84.546906][ T3610] loop_process_work+0x52d/0xa60 [ 84.551871][ T3610] loop_workfn+0x31/0x40 [ 84.556130][ T3610] process_scheduled_works+0x4ce/0x9d0 [ 84.561608][ T3610] worker_thread+0x582/0x770 [ 84.566214][ T3610] kthread+0x486/0x510 [ 84.570309][ T3610] ret_from_fork+0xda/0x150 [ 84.574845][ T3610] ret_from_fork_asm+0x1a/0x30 [ 84.579895][ T3610] [ 84.582231][ T3610] Reported by Kernel Concurrency Sanitizer on: [ 84.588429][ T3610] CPU: 0 UID: 0 PID: 3610 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT(voluntary) [ 84.598336][ T3610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 84.608437][ T3610] Workqueue: loop6 loop_workfn [ 84.613225][ T3610] ==================================================================