last executing test programs: 1.885506447s ago: executing program 1 (id=419): socket$nl_route(0x10, 0x3, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000200)=[{0x0}], 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) flistxattr(0xffffffffffffffff, &(0x7f0000001140)=""/60, 0x3c) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x40903, 0x0) ioctl$TCSBRKP(r3, 0x5425, 0x5) ioctl$TCSBRKP(r3, 0x5425, 0x3) ppoll(&(0x7f0000000040)=[{r3, 0x3127}, {r3, 0xb99cc7ee19d5c67c}], 0x2, 0x0, 0x0, 0x0) r4 = io_uring_setup(0x2d08, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000380), &(0x7f00000003c0)=[0xfffffffffffffff7]}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0, 0x0, 0xf}, 0x18) execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r5 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) wait4(r7, 0x0, 0x40000000, 0x0) ptrace$getregset(0x4204, r7, 0x409, 0x0) 1.368388913s ago: executing program 2 (id=437): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) set_mempolicy(0x8006, 0x0, 0x5) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000380)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) 1.188733427s ago: executing program 2 (id=439): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) fremovexattr(0xffffffffffffffff, &(0x7f0000002040)=@known='system.sockprotoname\x00') 1.15661001s ago: executing program 2 (id=441): r0 = syz_open_dev$loop(0x0, 0x20081, 0x2a42) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88102) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r0, 0x1200, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 1.093249559s ago: executing program 2 (id=442): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f00000002c0)={[{@norecovery}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0xee, 0x474, &(0x7f00000004c0)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW") syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x53b, &(0x7f0000000b80)="$eJzs3cFvHFcZAPBvNl7HSZzaBQ5QqaWiRUkF2Y1r2locSpEQnCohyj0Ye2NZWXste93GVgXrvwAJIUDiBBcuSPwBSCgSF44IKRKcQSoCIUhBggN00OzO2mY9a2/SjTde/37SZN6b2Znvexu/2Zmdp9kAzq3nI+KNiPggTdOXImImX17Kp2h1pux17z94dymbkkjTt/6WRJIv6+4ryedX8s2mIuJrX4n4ZnI07tbO7p3Fer22mderzbWN6tbO7o3VtcWV2kptfX5+7tWF1xZeWbg5lHZejYjXv/Sn73/np19+/ZeffeePt/5y/VtZWtP5+sPteEgTx63sNL18capng81HDPYkytpT7lYuDbbN3mPMBwCA/rJz/I9ExKci4qWYiQvHn84CAAAAZ1D6hen4TxKRFpvssxwAAAA4Q0rtMbBJqZKPBZiOUqlS6Yzh/VhcLtUbW83P3G5sry93xsrORrl0e7Veu5mPFZ6NcpLV59rlg/rLPfX5iHg6Ir43c6ldryw16suj/vIDAAAAzokrPdf//5zpXP8DAAAAY2Z21AkAAAAAj53rfwAAABh/rv8BAABgrH31zTezKe3+/vXy2zvbdxpv31iubd2prG0vVZYamxuVlUZjpf3MvrWT9ldvNDY+F+vbd6vN2lazenVn99ZaY3u9eWs1pk6lQQAAAMART3/y3u+TiGh9/lJ7ykyOOingVEzsl5J8XtD7//BUZ/7eKSUFnIoLA7zmvYvFy50nwNk20bugT18Hxk951AkAI5ecsL7v4J3fdGalIecDAAAM37VPFN//P/l8vuWUH844nRjOr577/+nMqBIBTl37/v+gA3mcLMBYKQ80AhAYZx/2/v/J0vShEgIAAIZuuj0lpUr+9d50lEqVSsTV9s8ClJPbq/XazYh4KiJ+N1O+mNXn2lsmJ14zAAAAAAAAAAAAAAAAAAAAAAAAAAAdaZpECgAAAIy1iNKfk191nuV/bebF6d7vByaTf7d/EngyIt750Vs/uLvYbG7OZcv/vr+8+cN8+cuj+AYDAAAA6NW9Tm/P/zXqbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYN+8/eHepOw3w8kvDivvXL0bEbFH8iZhqz6eiHBGX/5HExKHtkoi4MIT4rb2I+HhR/CRLaz9kUfxhvAmtvaSVthXGj9n8XSiKf2UI8eE8u5cdf94o6v+leL49L+5/ExH/V39U/Y9/sX/8u9Cn/18dMMYz939e7Rt/L+KZieLjXzd+0if+CwPG/8bXd3f7rUt/HHGt+/nTPuIdjnBQqjbXNqpbO7s3VtcWV2ortfX5+blXF15beGXhZvX2ar2W/1sY47vP/uKD49p/ufDzL8mz6d/+Fwv2V/SZ9N/7dx98tFtpHY1//YWC+L/+Sf6Ko/FLeZxP5+Vs/bVuudUpH/bcz3773HHtXz5of/lh/v+v99tpryMd5dlB/3QAgMdga2f3zmK9Xtsc20J2lf4EpPEohcl4ItIY38K3s8L9Ye0wTdM061MFq+5FxCD7SWLILS0V53NQ6HsEGPWRCQAAGLaDk/5RZwIAAAAAAAAAAAAAAAAAAADn12k8Za035sEjkJNhPEIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//Yw3Xfw==") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0xb, &(0x7f0000001200)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f00000002c0)='sched_switch\x00', r1}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a80)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x1400, 0x11000}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x2, 0x0, 0x10800}, 0xc1) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000ff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600) 1.030906747s ago: executing program 1 (id=444): syz_open_dev$MSR(0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1c0000000000000, 0x4, &(0x7f0000006680)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x83b, &(0x7f0000000140)={0x0, 0x11e, 0x0, 0x1, 0x315}, &(0x7f0000000500)=0x0, &(0x7f0000000400)=0x0) r2 = socket(0x1d, 0x2, 0x6) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800e0001006970366772657461700000003800028014000700fe8000000000000000000001000000aa06000f00ff070000060003000100000006000e0011"], 0x6c}}, 0x44850) syz_io_uring_submit(r0, r1, &(0x7f0000000540)=@IORING_OP_ACCEPT={0xd, 0x40, 0x4, r2, 0x0, 0x0, 0x0, 0x80800}) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB='nonumtail=0,shortname=lower,shortname=mixed,utf8=1,iocharset=cp1251,nonumtail=0,rodir,shortname=win95,iocharset=utf8,check=relaxed,shortname=mixed,shortname=win95,errors=remount-ro,shortname=winnt,shortname=win95,uni_xlate=0,nonumtail=0,discard,nnonumtail=1,codepage=865,nonumtail=0,shortname=winnt,shortname=win95,Cscontext=unconfined_u,\x00'], 0x1, 0x36b, &(0x7f0000000a00)="$eJzs3U1vG1UXAODTvM1H85I6C4QECHFVNrCxkvAHGqFWQkQChRoVFkhTMgEr0zjyWEGuEHTHlt9RsWSHhPgDWcCeHbtsWHZRdVDsuPloCIvUHgrPI0X3xPce+4zHM7qb0dm//d3drc2yuZn1Yup6iqmImHoYsTiIhi4djlODeCaOux9vNW7/9tqHH3/y3ura2o31lG6u3np7JaV09fWfvvzq+2s/9/7/0Q9Xf5yNvcVP9/9Y+X3vpb2X9x/f+qJdpnaZtju9lKU7nU4vu1PkaaNdbjVT+qDIszJP7e0y756Y3yw6Ozv9lG1vLMzvdPOyTNl2P23l/dTrpF63n7LPs/Z2ajabaWE++DutB+vr2eownjtn3fVJFcQYdLur2cE1PPvUTOtBLQUBALW66P5/5pnu/6fD/n+Sju//+bc62P/PHF6/J9n/AwAAAAAAAAAAAADA8+BhVTWqqmqMxmr0kPDh/zWXx5g9df5P/dVdH+N17MG9uYji293Wbms4DudXN6MdReSxFI14dHBbGBnGN99du7GUBhZj4e43g/xrv0S0/ncyfzkasXh2/vIwPz3Jj4NxOuaP569EI148O3/lzPyZePONY/nNaMSvn0UnitgY3N6O8r9eTumd99dO5c8O1gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw39BMI6/GsO/9biviSuwe9u9vHi1YPNkff5j/pL/+UjTi0dn9+ZfO7M9/OV65XO+xAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBI2b+3lRVF3p1UMOr5P3hlZhT8ddal4fL7p6auxARrLop86lm94eOqqsZV6txkT+VFgumI885gdfgrufhnvRAR56yZjYj6v41/YlDXHQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADqc9T0u+5KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqFPZv7eVFUXeHWNQ9zECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8T/4MAAD//yeQEY0=") r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r6}, 0x10) r7 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) sendfile(r7, r7, 0x0, 0x800000009) fcntl$lock(r4, 0x6, &(0x7f0000000000)={0x0, 0x1, 0x3a, 0x8, 0xffffffffffffffff}) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x40, 0x0, &(0x7f0000000140)) rmdir(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 813.894685ms ago: executing program 2 (id=451): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000010100008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) fremovexattr(0xffffffffffffffff, &(0x7f0000002040)=@known='system.sockprotoname\x00') 795.255957ms ago: executing program 1 (id=453): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'ip6gre0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001240)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x4000000, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x449, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x1, 0x0, 0x1fc, 0x0, 0xfffffc80, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3f, 0x0, 0x0, 0x2, 0xffffffff, 0x2, 0xfff, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xfffffffc, 0xd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xbab, 0x0, 0x272, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x4, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x0, 0x0, 0xb97, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x5e, 0xfffffffc, 0x8, 0x0, 0x0, 0x400000, 0x7, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xb3c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x400, 0x0, 0x0, 0xd79, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x75, 0x100, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x0, 0x0, 0x0, 0xfffc, 0x6}, {0xff}, 0x0, 0x7f}}]}}]}, 0x45c}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x88, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x58, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x200, 0xa}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000) r4 = socket$netlink(0x10, 0x3, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000a40)='GPL\x00') r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48284b70043dc6124d877142a48448b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d4023f210fa34b63a715a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f01000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb796ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab04000000ffe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decace0200f404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef29cd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf0100483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6c354463d7d0917fc80e5009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab4000000000000000028df75cf43f8ecc8d37b126602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89fa516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f49198e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85eff010000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1099e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c391339878b699644c96bd6ea589765ed2a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac4741201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6d00000000000000000000008f6555f3b7d5021dfc8eb504f1e4fef716d60f0d50b03fc014fd3dff46f56750f0ba4f1b9f7de5c17e7d1f18522897edab8e9e76b667ec6b01908400f55e16f0cfbf026be5f5acc681053f697d62b3545aec4606e190216c22c1d8807b6c43f0f0a4b53619fe5c9412821c3816194a5e29cf12cc7a197b5bdafb096d2d7f6be483814c92ef29c3a21c169794c7de3b4c706f4de5f4b93c831944c7b66fa49f317aa22dbc211e19f031c4f8bee14ecd5eb061a052044adc4dd1b63a1500a9c0e09dbba23f2726a55975efb4519d864d984dcb3a1dcafa1124a6b004029a706478df3be2438d2e35e6ca674dc190143a0b6f7db3408c0c08011e5d8f54711a0bd410ab53a15b1596cb77d2b58df2d8d8"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r6, 0x0) r7 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r7, &(0x7f0000002300)={&(0x7f0000000040)=@id={0x1e, 0x3, 0x3, {0x4e20, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x4) sendmsg$tipc(r7, &(0x7f00000002c0)={&(0x7f0000000280)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x480c0}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_config_ext={0x100000001, 0xdd5}, 0x1004, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r8 = io_uring_setup(0x68ac, &(0x7f0000000480)={0x0, 0x10000000, 0x1880, 0x2}) r9 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r9, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3f, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000) close_range(r8, 0xffffffffffffffff, 0x0) accept4(r6, 0x0, 0x0, 0x400000000000000) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x600) 782.310849ms ago: executing program 2 (id=454): socket$nl_route(0x10, 0x3, 0x0) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000200)=[{0x0}], 0x1) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) flistxattr(0xffffffffffffffff, &(0x7f0000001140)=""/60, 0x3c) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x40903, 0x0) ioctl$TCSBRKP(r3, 0x5425, 0x5) ioctl$TCSBRKP(r3, 0x5425, 0x3) ppoll(&(0x7f0000000040)=[{r3, 0x3127}, {r3, 0xb99cc7ee19d5c67c}], 0x2, 0x0, 0x0, 0x0) r4 = io_uring_setup(0x2d08, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000380), &(0x7f00000003c0)=[0xfffffffffffffff7]}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r0, 0x0, 0xf}, 0x18) execve(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r5 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) wait4(r7, 0x0, 0x40000000, 0x0) ptrace$getregset(0x4204, r7, 0x409, 0x0) 709.628518ms ago: executing program 0 (id=456): unshare(0x2c020400) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f00000010c0)) 692.92762ms ago: executing program 4 (id=457): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000e80)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x74, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x48, 0x3, 0x0, 0x1, [{0x44, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x38, 0xb, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x80000000}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xc}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xcc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000080)) openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r1, &(0x7f0000000180)='2', 0x1, 0xfecc) socket$nl_route(0x10, 0x3, 0x0) r2 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x1100, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r3}, &(0x7f0000000180), &(0x7f0000000000)=r2}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x3}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r4}, 0x10) r5 = syz_io_uring_setup(0x4e4, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x4001, 0x400252}, &(0x7f0000000640)=0x0, &(0x7f00000004c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1f, 0x0, 0xf9b7a26b18f77d51}) io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0) 625.434649ms ago: executing program 0 (id=458): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x58, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3a}}}}, @IPSET_ATTR_IP2={0x18, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @rand_addr=' \x01\x00'}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e1f}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 592.854303ms ago: executing program 0 (id=460): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0xa, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x8}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) setregid(0x0, 0x0) r1 = fsmount(0xffffffffffffffff, 0x0, 0x82) fchdir(r1) fcntl$notify(0xffffffffffffffff, 0x402, 0x1a) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x841, 0x1) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="28000000030605000000000000000000000000000500"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x200000000006, 0x2, 0x4, 0x7ffc0002}]}) 557.636148ms ago: executing program 4 (id=461): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a70fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETGROUP(r0, 0x400454cd, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000e"], 0x50) syz_extract_tcp_res$synack(&(0x7f0000000040)={0x41424344, 0x41424344}, 0x1, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344, 0x41424344}, 0x1, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000040)={0x41424344}, 0x1, 0x0) syz_emit_ethernet(0xfffffffffffffd1f, &(0x7f0000000080)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f1be72", 0x0, 0x6, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x4e24, 0x4e22, r2, r3, 0x0, 0x0, 0x0, 0x1, 0x8, 0x0, 0xcdc, {[@sack_perm, @exp_fastopen={0xfe, 0x0, 0xf989, "c7f806eb9d3a95"}]}}, {"8d488c1e948ece97d0e80332ebbef40f748cde771135de4bfde438f7109cd4becaf92da5cbbc81c4bb6e44f89cca150374828d2236e45c5afe9b3cd94a3535a087ffd0cf8339cce7b131d487736db1dbea3f2c635208922f036728573134f3c7"}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000ab02000000000000060000007110ac000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x94) write$tun(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[@ANYBLOB="ffffffffffff0180c200000186dd65105d9b01f3060120010000000000000000000000000000fe80000000000000000000000000004216080404ff40ff03fe8000000000000000000000000000bbff010000000000000000000000000001fc010000000000000000000000000001fe8000000000000000000000000000bb2c0002b8680000002b0c000800000000fe8000000000000000000000000000aa00000000000000000000ffffe0000002fc000000000000000000000000000001ff020000000000000000000000000001fe8000000000000000000000000000aafc01000000000000000000000000000008005730680000004e234e24", @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="f1c206fb907800050000040c2a38382b551b6835a94b02040200000113121f8f7c050c442f02b6099e2b9f4d1efc0000da86c60d8c32c148af27d0d0c084f19f4741e8269d649da99f10b5ed4f83edcf4b6348f5a66deca286693758d1ee8930bf745efcdd073a2da3946f590065fe4f0dcaf8ba6d04d42cd78ffec8288417a3b21432b8b18cf7635badd089aa000000002c7f07cd404658428d65b6e83471dfd50cc690d36757534dfdd7846f304750cc71840b04693b2a8d74daec9a09e89969eb757c382b0d33e9db901190e7c47f08da09ba071c28ab9ef4647854f5124b3cf897c6315657bca10f45155424b7a9d0388b0f5f4659e70f2427de864360db6d7935275381526b2d0ff45de1aa398b5b5baf36aa07158a939af72a2d87f7abd54069cb487aa5"], 0x229) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r7}, &(0x7f0000000180), &(0x7f00000001c0)=r6}, 0x20) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 545.38704ms ago: executing program 0 (id=462): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setregid(0x0, 0x0) fsopen(0x0, 0x0) sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x0) 508.157245ms ago: executing program 0 (id=463): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f00000002c0)={[{@norecovery}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0xee, 0x474, &(0x7f00000004c0)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW") syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x53b, &(0x7f0000000b80)="$eJzs3cFvHFcZAPBvNl7HSZzaBQ5QqaWiRUkF2Y1r2locSpEQnCohyj0Ye2NZWXste93GVgXrvwAJIUDiBBcuSPwBSCgSF44IKRKcQSoCIUhBggN00OzO2mY9a2/SjTde/37SZN6b2Znvexu/2Zmdp9kAzq3nI+KNiPggTdOXImImX17Kp2h1pux17z94dymbkkjTt/6WRJIv6+4ryedX8s2mIuJrX4n4ZnI07tbO7p3Fer22mderzbWN6tbO7o3VtcWV2kptfX5+7tWF1xZeWbg5lHZejYjXv/Sn73/np19+/ZeffeePt/5y/VtZWtP5+sPteEgTx63sNL18capng81HDPYkytpT7lYuDbbN3mPMBwCA/rJz/I9ExKci4qWYiQvHn84CAAAAZ1D6hen4TxKRFpvssxwAAAA4Q0rtMbBJqZKPBZiOUqlS6Yzh/VhcLtUbW83P3G5sry93xsrORrl0e7Veu5mPFZ6NcpLV59rlg/rLPfX5iHg6Ir43c6ldryw16suj/vIDAAAAzokrPdf//5zpXP8DAAAAY2Z21AkAAAAAj53rfwAAABh/rv8BAABgrH31zTezKe3+/vXy2zvbdxpv31iubd2prG0vVZYamxuVlUZjpf3MvrWT9ldvNDY+F+vbd6vN2lazenVn99ZaY3u9eWs1pk6lQQAAAMART3/y3u+TiGh9/lJ7ykyOOingVEzsl5J8XtD7//BUZ/7eKSUFnIoLA7zmvYvFy50nwNk20bugT18Hxk951AkAI5ecsL7v4J3fdGalIecDAAAM37VPFN//P/l8vuWUH844nRjOr577/+nMqBIBTl37/v+gA3mcLMBYKQ80AhAYZx/2/v/J0vShEgIAAIZuuj0lpUr+9d50lEqVSsTV9s8ClJPbq/XazYh4KiJ+N1O+mNXn2lsmJ14zAAAAAAAAAAAAAAAAAAAAAAAAAAAdaZpECgAAAIy1iNKfk191nuV/bebF6d7vByaTf7d/EngyIt750Vs/uLvYbG7OZcv/vr+8+cN8+cuj+AYDAAAA6NW9Tm/P/zXqbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYN+8/eHepOw3w8kvDivvXL0bEbFH8iZhqz6eiHBGX/5HExKHtkoi4MIT4rb2I+HhR/CRLaz9kUfxhvAmtvaSVthXGj9n8XSiKf2UI8eE8u5cdf94o6v+leL49L+5/ExH/V39U/Y9/sX/8u9Cn/18dMMYz939e7Rt/L+KZieLjXzd+0if+CwPG/8bXd3f7rUt/HHGt+/nTPuIdjnBQqjbXNqpbO7s3VtcWV2ortfX5+blXF15beGXhZvX2ar2W/1sY47vP/uKD49p/ufDzL8mz6d/+Fwv2V/SZ9N/7dx98tFtpHY1//YWC+L/+Sf6Ko/FLeZxP5+Vs/bVuudUpH/bcz3773HHtXz5of/lh/v+v99tpryMd5dlB/3QAgMdga2f3zmK9Xtsc20J2lf4EpPEohcl4ItIY38K3s8L9Ye0wTdM061MFq+5FxCD7SWLILS0V53NQ6HsEGPWRCQAAGLaDk/5RZwIAAAAAAAAAAAAAAAAAAADn12k8Za035sEjkJNhPEIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//Yw3Xfw==") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0xb, &(0x7f0000001200)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f00000002c0)='sched_switch\x00', r1}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a80)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x1400, 0x11000}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x2, 0x0, 0x10800}, 0xc1) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000ff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600) 507.627275ms ago: executing program 1 (id=464): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) fremovexattr(0xffffffffffffffff, &(0x7f0000002040)=@known='system.sockprotoname\x00') 494.710526ms ago: executing program 3 (id=465): r0 = syz_open_dev$loop(0x0, 0x20081, 0x2a42) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88102) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000001280)={r0, 0x1200, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 471.644549ms ago: executing program 0 (id=466): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) write(0xffffffffffffffff, &(0x7f0000004200)='t', 0x1) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3ffff) memfd_create(0x0, 0x7) openat$nvram(0xffffffffffffff9c, 0x0, 0x88002, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 440.155643ms ago: executing program 3 (id=467): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000c40)={'filter\x00', 0x104, 0x4, 0x3c8, 0x110, 0x110, 0x110, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'netdevsim0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010101, 0x8, 0x1}}}, {{@arp={@loopback, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00', {}, {}, 0x0, 0x20}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x80ca, 0x8}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 439.625433ms ago: executing program 1 (id=468): bpf$PROG_LOAD(0x5, &(0x7f0000000dc0)={0xb, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x97a3}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x1000000009, 0x690bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0xef, 0x3d27}, 0x400, 0x32, 0x43a1bd76, 0x7, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x3) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x4c, 0x10, 0x439, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x3, 0x610c0}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @sit={{0x8}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @private=0xa010102}, @IFLA_IPTUN_6RD_PREFIX={0x14, 0xb, @private1={0xfc, 0x1, '\x00', 0x1}}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x1c0, 0xc8, 0x8, 0x0, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, [0x0, 0x0, 0xff], [], 'erspan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1}}, @common=@inet=@socket3={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x13}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x8, 0x2, 0x9, 0x8001, 'pptp\x00', 'syz0\x00', {0x6f7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000ac0)=@newtaction={0x80, 0x30, 0x1, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_ct={0x68, 0x1, 0x0, 0x0, {{0x7}, {0x40, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xfdb, 0x0, 0xffffffffffffffff}}, @TCA_CT_MARK={0x8, 0x10, 0x80000000}, @TCA_CT_LABELS={0x14, 0x7, "0118aae167fe4bb4d318e45cb16cfc7a"}, @TCA_CT_ACTION={0x6, 0x3, 0x3}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x20004000}, 0x10000800) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000240)='kfree\x00', r9, 0x0, 0x20}, 0x18) socket$nl_route(0x10, 0x3, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) r11 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) sendmsg$nl_xfrm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="5c0100001000130700000000fcdbdf25e0000001000000000000002000000000ff020000000000000000000000000001000400004e2100020000000021000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fc010000000000000000000000000000000004d632000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000090000000000000001000000ffffffff0000000000000000010000800000000043050000000000000400000000000000ffffffffffffff7f000000000000000001000000000000000000000000000000000000002cbd70000035000002000000500000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000060000000210466d38547aa140db9a200000000c538c7cb7a0c001c00", @ANYRES32=r12], 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014) r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r13}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$evdev(&(0x7f00000001c0), 0x2, 0x8001) 439.255563ms ago: executing program 4 (id=469): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd88500000004"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') write$tcp_mem(r4, 0x0, 0x0) r5 = syz_io_uring_setup(0x116c, &(0x7f0000000000)={0x0, 0x7f36, 0x0, 0x1, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}) io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r5, 0x18, &(0x7f00000001c0)={0x79c, r3, 0x32, {0xb, 0x100004000}, 0x2}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0xe0, &(0x7f0000000240)={0x3, 0x14, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) read(r0, 0x0, 0x0) preadv2(r0, &(0x7f0000000000)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/209, 0xd1}], 0x2, 0xe6, 0xc00, 0x16) 418.920496ms ago: executing program 3 (id=470): r0 = socket$kcm(0x10, 0x2, 0x0) io_uring_setup(0x1d48, &(0x7f0000000340)={0x0, 0x60b140, 0x0, 0x6, 0x3a2}) r1 = socket$rxrpc(0x21, 0x2, 0xa) listen(r1, 0x4) recvmmsg(r1, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x18) sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0b03feff4f00021202004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140), 0x14) r4 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x171) fgetxattr(r4, &(0x7f00000003c0)=@known='security.selinux\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12a2}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x6, 0xf, 0x8, 0x41}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r6}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001900)="2e00000011008188040900000000000000a1810031000000000f000000048002002d1f00000000000000e2000000", 0x2e}], 0x1}, 0x20000000) 266.087035ms ago: executing program 3 (id=471): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0x22c7, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) set_mempolicy(0x8006, 0x0, 0x5) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000380)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) 243.347038ms ago: executing program 3 (id=472): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000940)=ANY=[], 0x361, 0x0) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="fec0"], 0x50) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0) 190.224286ms ago: executing program 4 (id=473): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0xa, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32=0x0, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x40f00, 0x8}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) setregid(0x0, 0x0) r1 = fsmount(0xffffffffffffffff, 0x0, 0x82) fchdir(r1) fcntl$notify(0xffffffffffffffff, 0x402, 0x1a) setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x841, 0x1) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000000306050000000000000000000000000005000100"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x200000000006, 0x2, 0x4, 0x7ffc0002}]}) 148.194151ms ago: executing program 4 (id=474): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setregid(0x0, 0x0) fsopen(0x0, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 113.228785ms ago: executing program 3 (id=475): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x400000000000000) 64.685141ms ago: executing program 4 (id=476): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f00000002c0)={[{@norecovery}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}]}, 0xee, 0x474, &(0x7f00000004c0)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW") syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f00000001c0), 0xff, 0x53b, &(0x7f0000000b80)="$eJzs3cFvHFcZAPBvNl7HSZzaBQ5QqaWiRUkF2Y1r2locSpEQnCohyj0Ye2NZWXste93GVgXrvwAJIUDiBBcuSPwBSCgSF44IKRKcQSoCIUhBggN00OzO2mY9a2/SjTde/37SZN6b2Znvexu/2Zmdp9kAzq3nI+KNiPggTdOXImImX17Kp2h1pux17z94dymbkkjTt/6WRJIv6+4ryedX8s2mIuJrX4n4ZnI07tbO7p3Fer22mderzbWN6tbO7o3VtcWV2kptfX5+7tWF1xZeWbg5lHZejYjXv/Sn73/np19+/ZeffeePt/5y/VtZWtP5+sPteEgTx63sNL18capng81HDPYkytpT7lYuDbbN3mPMBwCA/rJz/I9ExKci4qWYiQvHn84CAAAAZ1D6hen4TxKRFpvssxwAAAA4Q0rtMbBJqZKPBZiOUqlS6Yzh/VhcLtUbW83P3G5sry93xsrORrl0e7Veu5mPFZ6NcpLV59rlg/rLPfX5iHg6Ir43c6ldryw16suj/vIDAAAAzokrPdf//5zpXP8DAAAAY2Z21AkAAAAAj53rfwAAABh/rv8BAABgrH31zTezKe3+/vXy2zvbdxpv31iubd2prG0vVZYamxuVlUZjpf3MvrWT9ldvNDY+F+vbd6vN2lazenVn99ZaY3u9eWs1pk6lQQAAAMART3/y3u+TiGh9/lJ7ykyOOingVEzsl5J8XtD7//BUZ/7eKSUFnIoLA7zmvYvFy50nwNk20bugT18Hxk951AkAI5ecsL7v4J3fdGalIecDAAAM37VPFN//P/l8vuWUH844nRjOr577/+nMqBIBTl37/v+gA3mcLMBYKQ80AhAYZx/2/v/J0vShEgIAAIZuuj0lpUr+9d50lEqVSsTV9s8ClJPbq/XazYh4KiJ+N1O+mNXn2lsmJ14zAAAAAAAAAAAAAAAAAAAAAAAAAAAdaZpECgAAAIy1iNKfk191nuV/bebF6d7vByaTf7d/EngyIt750Vs/uLvYbG7OZcv/vr+8+cN8+cuj+AYDAAAA6NW9Tm/P/zXqbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYN+8/eHepOw3w8kvDivvXL0bEbFH8iZhqz6eiHBGX/5HExKHtkoi4MIT4rb2I+HhR/CRLaz9kUfxhvAmtvaSVthXGj9n8XSiKf2UI8eE8u5cdf94o6v+leL49L+5/ExH/V39U/Y9/sX/8u9Cn/18dMMYz939e7Rt/L+KZieLjXzd+0if+CwPG/8bXd3f7rUt/HHGt+/nTPuIdjnBQqjbXNqpbO7s3VtcWV2ortfX5+blXF15beGXhZvX2ar2W/1sY47vP/uKD49p/ufDzL8mz6d/+Fwv2V/SZ9N/7dx98tFtpHY1//YWC+L/+Sf6Ko/FLeZxP5+Vs/bVuudUpH/bcz3773HHtXz5of/lh/v+v99tpryMd5dlB/3QAgMdga2f3zmK9Xtsc20J2lf4EpPEohcl4ItIY38K3s8L9Ye0wTdM061MFq+5FxCD7SWLILS0V53NQ6HsEGPWRCQAAGLaDk/5RZwIAAAAAAAAAAAAAAAAAAADn12k8Za035sEjkJNhPEIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//Yw3Xfw==") r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001140)={0x11, 0xb, &(0x7f0000001200)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f00000002c0)='sched_switch\x00', r1}, 0x18) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a80)=@newlink={0x38, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x1400, 0x11000}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x2, 0x0, 0x10800}, 0xc1) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000ff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r5, &(0x7f0000000100)=ANY=[], 0x32600) 0s ago: executing program 1 (id=477): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000006000000080000000d00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="01000800ba83000000000000"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000002000000714beeb37f0aa12800007500020018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, 0x0, &(0x7f00000000c0)) syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc888, &(0x7f0000002340)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0], 0x4, 0x273, &(0x7f0000000680)="$eJzs281qE1EYxvGnH9ra2k60Wm1FfFEE3QxtvIJQWhADSm3EDxCmdqIh06RkQiUitju3Xkdx6U4Qb6AbL0BcuOvGZRfiSCexTdoUdWFGzf+3OW85fcI5vGfCWWS27r5aLuZDN+9V1dtj6pfWtS2l1Ks+1fU0xt64Pqpm67o6lv10/va9+zcy2ezsvNlcZuFa2sxGL7x7+vz1xffV4TtvRt8OaDP1cOtL+vPm+ObE1reFJ4XQCqGVylXzbLFcrnqLgW9LhbDomt26/NELfSuUQr/SMp8PyisrNfNKSyNDKxU/DM0r1azo16xatmqlZt5jr1Ay13VtZEj4mdzG/LyXSXoV+LMqlYw3I2nywExuI5EFAQCARP2d9//A5/7fCdz/u8HO/f9B4/ltxf0fAAAAAAAAAAAAAAAAAAAAAIB/wXYUOVEUOT/GI1L8hk/U+PuYpCFJw5KOSxqRNCrJkZSSdELSSUljkk5JOi1pXNIZSWclTTR9VtJ7xUGH9b+P/ncFnv/uRv+7W9OLu4PS8svV3GquPtbnM3kVFMjXlBx9jXvZUK/nrmdnpyyW0rnltUZ+bTXX15qflrNzYNrlp+t5a80PxOduN5+Ws3PA2uXTbfODunKpKe/K0YdHKivQUnwm9/Ivps1mbmb35Sfj//vfubarbf9c97D5ev4Xzkc01bY//ZrsT3bvkMLas6IXBH6FgoKCYrdI+psJnbDX9KRXAgAAAAAAAAAAAAAAAAD4HZ34OWHSewQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYL/vAQAA//94NGA9") seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50) r4 = dup3(r2, r3, 0x80000) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) munlockall() r6 = eventfd2(0x0, 0x0) splice(r1, &(0x7f0000000900)=0x1, r1, &(0x7f0000000940)=0x7, 0x80000001, 0x6) read$eventfd(r6, &(0x7f0000000040), 0x8) socket$can_j1939(0x1d, 0x2, 0x7) mq_notify(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x10000032, 0x4, @thr={&(0x7f0000000480)="9bc74e148e336ed4da3f201626971269292232f9c2dfa06a168f8c9d13bdbcfd7fc0101dd8b7e70c90c82d88aae8169f8a7f4bc885b2097fbcc8256dff68c8c5c4fbd1bb5f4d07875be872e692c178dd9b885975063558411ed5a47a7cb6c9f481c8ae6b7d1be748c3eb930b33a95f443baca754470410dad167acc2218e1d0eb073e2f7b6d804ba74664886c2213e8d68", &(0x7f0000000400)="1a74a7eb17e77a5130cb27e879871cf0687fc4253a27c8933a3d07d62cccd73fc5e8acedabb29fb22bef1ec45dd150c46b2c3f5614b3148d77e3c6e8"}}) fsopen(&(0x7f0000000040)='btrfs\x00', 0x1) accept4$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e, 0x80400) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000000ddff00850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r8}, 0x10) unlink(0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009c0000000b"], 0x50) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='sys_enter\x00', r10}, 0x18) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)=ANY=[@ANYRESDEC=r4], 0x50) memfd_secret(0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, 0x0) clock_nanosleep(0x7, 0x37dc12502000000, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) kernel console output (not intermixed with test programs): [ 23.251712][ T29] audit: type=1400 audit(1768394801.063:62): avc: denied { search } for pid=3200 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.273931][ T29] audit: type=1400 audit(1768394801.063:63): avc: denied { search } for pid=3200 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=477 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.296602][ T29] audit: type=1400 audit(1768394801.063:64): avc: denied { search } for pid=3200 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=481 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.319506][ T29] audit: type=1400 audit(1768394801.063:65): avc: denied { search } for pid=3200 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 23.342520][ T29] audit: type=1400 audit(1768394801.073:66): avc: denied { read open } for pid=3201 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts. [ 26.929544][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 26.929560][ T29] audit: type=1400 audit(1768394804.743:70): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.958628][ T29] audit: type=1400 audit(1768394804.773:71): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.960797][ T3299] cgroup: Unknown subsys name 'net' [ 26.986391][ T29] audit: type=1400 audit(1768394804.803:72): avc: denied { unmount } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 27.145267][ T3299] cgroup: Unknown subsys name 'cpuset' [ 27.151529][ T3299] cgroup: Unknown subsys name 'rlimit' [ 27.343134][ T29] audit: type=1400 audit(1768394805.153:73): avc: denied { setattr } for pid=3299 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.366467][ T29] audit: type=1400 audit(1768394805.163:74): avc: denied { create } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.387019][ T29] audit: type=1400 audit(1768394805.163:75): avc: denied { write } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 27.407370][ T29] audit: type=1400 audit(1768394805.163:76): avc: denied { read } for pid=3299 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.427784][ T29] audit: type=1400 audit(1768394805.183:77): avc: denied { read } for pid=3046 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 27.441179][ T3309] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.449364][ T29] audit: type=1400 audit(1768394805.193:78): avc: denied { mounton } for pid=3299 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.482041][ T29] audit: type=1400 audit(1768394805.193:79): avc: denied { mount } for pid=3299 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.494969][ T3299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.735703][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 28.773013][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 28.798801][ T3320] chnl_net:caif_netlink_parms(): no params data found [ 28.808063][ T3324] chnl_net:caif_netlink_parms(): no params data found [ 28.849017][ T3319] chnl_net:caif_netlink_parms(): no params data found [ 28.898763][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.906004][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.913252][ T3315] bridge_slave_0: entered allmulticast mode [ 28.920174][ T3315] bridge_slave_0: entered promiscuous mode [ 28.945544][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.952620][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.959861][ T3315] bridge_slave_1: entered allmulticast mode [ 28.966502][ T3315] bridge_slave_1: entered promiscuous mode [ 28.994620][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.001809][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.009080][ T3316] bridge_slave_0: entered allmulticast mode [ 29.015655][ T3316] bridge_slave_0: entered promiscuous mode [ 29.029838][ T3324] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.036980][ T3324] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.044116][ T3324] bridge_slave_0: entered allmulticast mode [ 29.050568][ T3324] bridge_slave_0: entered promiscuous mode [ 29.061978][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.069164][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.076659][ T3316] bridge_slave_1: entered allmulticast mode [ 29.083133][ T3316] bridge_slave_1: entered promiscuous mode [ 29.091932][ T3320] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.099087][ T3320] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.106328][ T3320] bridge_slave_0: entered allmulticast mode [ 29.112826][ T3320] bridge_slave_0: entered promiscuous mode [ 29.119516][ T3324] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.126693][ T3324] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.133941][ T3324] bridge_slave_1: entered allmulticast mode [ 29.140589][ T3324] bridge_slave_1: entered promiscuous mode [ 29.148013][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.167219][ T3320] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.174452][ T3320] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.181652][ T3320] bridge_slave_1: entered allmulticast mode [ 29.188201][ T3320] bridge_slave_1: entered promiscuous mode [ 29.200738][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.234690][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.243904][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.251180][ T3319] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.258684][ T3319] bridge_slave_0: entered allmulticast mode [ 29.265097][ T3319] bridge_slave_0: entered promiscuous mode [ 29.277795][ T3324] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.292443][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.301832][ T3319] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.309043][ T3319] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.316246][ T3319] bridge_slave_1: entered allmulticast mode [ 29.322731][ T3319] bridge_slave_1: entered promiscuous mode [ 29.330457][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.340839][ T3324] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.350884][ T3315] team0: Port device team_slave_0 added [ 29.368313][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.383316][ T3315] team0: Port device team_slave_1 added [ 29.414721][ T3316] team0: Port device team_slave_0 added [ 29.421702][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.436268][ T3324] team0: Port device team_slave_0 added [ 29.447471][ T3316] team0: Port device team_slave_1 added [ 29.454041][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.463947][ T3320] team0: Port device team_slave_0 added [ 29.470368][ T3324] team0: Port device team_slave_1 added [ 29.476342][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.483352][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.509373][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.535854][ T3320] team0: Port device team_slave_1 added [ 29.541743][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.548743][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.574741][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.608260][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.615263][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.641254][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.653026][ T3319] team0: Port device team_slave_0 added [ 29.659014][ T3324] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.666006][ T3324] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.691964][ T3324] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.709266][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.716296][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.742389][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.754148][ T3319] team0: Port device team_slave_1 added [ 29.760199][ T3324] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.767313][ T3324] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.793408][ T3324] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.805139][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.812112][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.838178][ T3320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.870044][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.877097][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.903075][ T3320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.920690][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.927714][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 29.953651][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.974269][ T3315] hsr_slave_0: entered promiscuous mode [ 29.980505][ T3315] hsr_slave_1: entered promiscuous mode [ 29.988022][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.995020][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 30.021088][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 30.068938][ T3316] hsr_slave_0: entered promiscuous mode [ 30.075216][ T3316] hsr_slave_1: entered promiscuous mode [ 30.081105][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 30.087121][ T3316] Cannot create hsr debugfs directory [ 30.095466][ T3324] hsr_slave_0: entered promiscuous mode [ 30.101451][ T3324] hsr_slave_1: entered promiscuous mode [ 30.107418][ T3324] debugfs: 'hsr0' already exists in 'hsr' [ 30.113143][ T3324] Cannot create hsr debugfs directory [ 30.130829][ T3320] hsr_slave_0: entered promiscuous mode [ 30.136954][ T3320] hsr_slave_1: entered promiscuous mode [ 30.142725][ T3320] debugfs: 'hsr0' already exists in 'hsr' [ 30.148584][ T3320] Cannot create hsr debugfs directory [ 30.166343][ T3319] hsr_slave_0: entered promiscuous mode [ 30.172436][ T3319] hsr_slave_1: entered promiscuous mode [ 30.178469][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 30.184238][ T3319] Cannot create hsr debugfs directory [ 30.395126][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.404395][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.413344][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.425159][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.452599][ T3320] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 30.461844][ T3320] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 30.474987][ T3320] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 30.484565][ T3320] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.518047][ T3324] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.526968][ T3324] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.537989][ T3324] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.551812][ T3324] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.577886][ T3316] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.589518][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.597744][ T3316] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.610404][ T3316] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.628928][ T3316] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.661995][ T3319] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 30.670988][ T3319] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 30.682204][ T3319] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 30.691552][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.700943][ T3319] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 30.713779][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.720927][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.739023][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.746173][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.775266][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.808801][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.821089][ T3324] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.836650][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.843705][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.861615][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.868744][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.879823][ T3324] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.892388][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.899504][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.921402][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.930433][ T1740] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.937535][ T1740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.947216][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.976635][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.992510][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.999660][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.017763][ T3319] 8021q: adding VLAN 0 to HW filter on device team0 [ 31.028775][ T383] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.035857][ T383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.049388][ T383] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.056575][ T383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.072010][ T383] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.079121][ T383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.099863][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.137495][ T3316] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 31.223518][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.241947][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.263739][ T3324] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.297377][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 31.354707][ T3315] veth0_vlan: entered promiscuous mode [ 31.362537][ T3315] veth1_vlan: entered promiscuous mode [ 31.414248][ T3320] veth0_vlan: entered promiscuous mode [ 31.429811][ T3315] veth0_macvtap: entered promiscuous mode [ 31.445350][ T3320] veth1_vlan: entered promiscuous mode [ 31.452363][ T3315] veth1_macvtap: entered promiscuous mode [ 31.495832][ T3319] veth0_vlan: entered promiscuous mode [ 31.503643][ T3319] veth1_vlan: entered promiscuous mode [ 31.514960][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.535693][ T3316] veth0_vlan: entered promiscuous mode [ 31.546527][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.563043][ T3316] veth1_vlan: entered promiscuous mode [ 31.572805][ T409] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.586076][ T3319] veth0_macvtap: entered promiscuous mode [ 31.593928][ T3320] veth0_macvtap: entered promiscuous mode [ 31.602761][ T3319] veth1_macvtap: entered promiscuous mode [ 31.609519][ T409] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.619593][ T409] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.631639][ T3320] veth1_macvtap: entered promiscuous mode [ 31.638461][ T409] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.663575][ T3324] veth0_vlan: entered promiscuous mode [ 31.676207][ T3324] veth1_vlan: entered promiscuous mode [ 31.685455][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.693947][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.708089][ T3315] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.708476][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.737118][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.746743][ T3316] veth0_macvtap: entered promiscuous mode [ 31.766888][ T409] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.778130][ T3316] veth1_macvtap: entered promiscuous mode [ 31.798206][ T409] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.811071][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.821860][ T409] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.835971][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.864972][ T3324] veth0_macvtap: entered promiscuous mode [ 31.872567][ T409] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.888422][ T3324] veth1_macvtap: entered promiscuous mode [ 32.018956][ T409] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.053306][ T409] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.068321][ T409] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.079665][ T3324] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.090925][ T3324] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.118668][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 32.118686][ T29] audit: type=1400 audit(1768394809.933:112): avc: denied { setopt } for pid=3494 comm="syz.1.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.210917][ T29] audit: type=1400 audit(1768394809.963:113): avc: denied { map_create } for pid=3491 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.229926][ T29] audit: type=1400 audit(1768394809.963:114): avc: denied { map_read map_write } for pid=3491 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.249572][ T29] audit: type=1400 audit(1768394809.993:115): avc: denied { prog_run } for pid=3491 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.268301][ T29] audit: type=1400 audit(1768394810.013:116): avc: denied { bind } for pid=3494 comm="syz.1.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 32.287567][ T29] audit: type=1400 audit(1768394810.013:117): avc: denied { name_bind } for pid=3494 comm="syz.1.6" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 32.309354][ T29] audit: type=1400 audit(1768394810.013:118): avc: denied { node_bind } for pid=3494 comm="syz.1.6" saddr=172.20.20.170 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 32.331582][ T29] audit: type=1400 audit(1768394810.013:119): avc: denied { name_connect } for pid=3494 comm="syz.1.6" dest=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 32.368257][ T409] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.401035][ T409] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.466924][ T29] audit: type=1400 audit(1768394810.273:120): avc: denied { create } for pid=3499 comm="syz.1.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 32.588564][ T409] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.613151][ T29] audit: type=1400 audit(1768394810.323:121): avc: denied { perfmon } for pid=3499 comm="syz.1.7" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 32.635917][ T3505] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7'. [ 32.645426][ T409] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.654244][ T409] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.692163][ T409] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.721208][ T3510] loop4: detected capacity change from 0 to 128 [ 32.726276][ T409] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.758614][ T3510] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 32.765131][ T409] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.780182][ T3512] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8'. [ 32.789576][ T3512] netem: change failed [ 32.806855][ T3510] loop4: detected capacity change from 0 to 128 [ 32.815635][ T409] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.854036][ T3514] loop0: detected capacity change from 0 to 128 [ 32.866508][ T3510] syz.4.5: attempt to access beyond end of device [ 32.866508][ T3510] loop4: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 32.891096][ T3514] FAT-fs (loop0): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 32.913069][ T3510] syz.4.5: attempt to access beyond end of device [ 32.913069][ T3510] loop4: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 32.997303][ T3525] loop3: detected capacity change from 0 to 128 [ 33.009579][ T3525] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 33.047266][ T3525] loop3: detected capacity change from 0 to 128 [ 33.069604][ T3530] capability: warning: `syz.4.14' uses deprecated v2 capabilities in a way that may be insecure [ 33.082684][ T3525] syz.3.12: attempt to access beyond end of device [ 33.082684][ T3525] loop3: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 33.111845][ T3525] syz.3.12: attempt to access beyond end of device [ 33.111845][ T3525] loop3: rw=2049, sector=146, nr_sectors = 8 limit=128 [ 33.142819][ T3524] syz.3.12: attempt to access beyond end of device [ 33.142819][ T3524] loop3: rw=2049, sector=138, nr_sectors = 16 limit=128 [ 33.241598][ T3543] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17'. [ 33.250437][ T3543] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 33.258055][ T3543] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 33.266603][ T3543] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 33.274003][ T3543] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 33.291810][ T3545] loop3: detected capacity change from 0 to 128 [ 33.299176][ T3545] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 33.310742][ T3545] loop3: detected capacity change from 0 to 128 [ 33.321467][ T3545] syz.3.18: attempt to access beyond end of device [ 33.321467][ T3545] loop3: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 33.335921][ T3545] syz.3.18: attempt to access beyond end of device [ 33.335921][ T3545] loop3: rw=2049, sector=146, nr_sectors = 8 limit=128 [ 33.350547][ T3545] syz.3.18: attempt to access beyond end of device [ 33.350547][ T3545] loop3: rw=8390657, sector=152, nr_sectors = 2 limit=128 [ 33.364142][ T3545] Buffer I/O error on dev loop3, logical block 76, lost async page write [ 33.375422][ T3545] syz.3.18: attempt to access beyond end of device [ 33.375422][ T3545] loop3: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 33.389159][ T3545] syz.3.18: attempt to access beyond end of device [ 33.389159][ T3545] loop3: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 33.402963][ T3545] Buffer I/O error on dev loop3, logical block 73, lost async page write [ 33.411545][ T3545] Buffer I/O error on dev loop3, logical block 74, lost async page write [ 33.420775][ T3545] Buffer I/O error on dev loop3, logical block 75, lost async page write [ 33.429665][ T3545] Buffer I/O error on dev loop3, logical block 76, lost async page write [ 33.451813][ T3544] Buffer I/O error on dev loop3, logical block 73, lost async page write [ 33.460582][ T3544] Buffer I/O error on dev loop3, logical block 74, lost async page write [ 33.469303][ T3544] Buffer I/O error on dev loop3, logical block 75, lost async page write [ 33.478242][ T3544] Buffer I/O error on dev loop3, logical block 76, lost async page write [ 33.619031][ T3548] loop3: detected capacity change from 0 to 512 [ 33.626050][ T3548] ======================================================= [ 33.626050][ T3548] WARNING: The mand mount option has been deprecated and [ 33.626050][ T3548] and is ignored by this kernel. Remove the mand [ 33.626050][ T3548] option from the mount to silence this warning. [ 33.626050][ T3548] ======================================================= [ 33.662191][ T3548] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 33.675442][ T3548] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 33.689121][ T3548] EXT4-fs (loop3): 1 truncate cleaned up [ 33.696226][ T3548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.845461][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.937314][ T3562] loop4: detected capacity change from 0 to 512 [ 33.946972][ T3562] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 33.957944][ T3562] EXT4-fs (loop4): 1 truncate cleaned up [ 33.964056][ T3562] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.994092][ T3565] Zero length message leads to an empty skb [ 34.705966][ T3578] netlink: 28 bytes leftover after parsing attributes in process `syz.0.26'. [ 34.732466][ T2381] Bluetooth: hci0: Frame reassembly failed (-84) [ 34.781720][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.992607][ T3601] loop0: detected capacity change from 0 to 128 [ 35.009220][ T3601] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 35.048066][ T3601] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 35.166314][ T3608] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.36: corrupted inode contents [ 35.178879][ T3608] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #3: comm syz.4.36: mark_inode_dirty error [ 35.190869][ T3608] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.36: corrupted inode contents [ 35.203000][ T3608] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.36: mark_inode_dirty error [ 35.214831][ T3608] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.36: Failed to acquire dquot type 0 [ 35.227488][ T3608] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.36: corrupted inode contents [ 35.239774][ T3608] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #16: comm syz.4.36: mark_inode_dirty error [ 35.252400][ T3608] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.36: corrupted inode contents [ 35.265251][ T3608] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.36: mark_inode_dirty error [ 35.276642][ T3608] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.36: corrupted inode contents [ 35.288636][ T3608] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 35.292715][ T3618] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 35.297756][ T3608] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.36: corrupted inode contents [ 35.317280][ T3608] EXT4-fs error (device loop4): ext4_truncate:4635: inode #16: comm syz.4.36: mark_inode_dirty error [ 35.328555][ T3608] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 35.338016][ T3608] EXT4-fs (loop4): 1 truncate cleaned up [ 35.344282][ T3608] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 35.357893][ T3608] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 35.475958][ T3608] syz.4.36 (3608) used greatest stack depth: 9696 bytes left [ 35.511949][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 35.555330][ T3622] netlink: 12 bytes leftover after parsing attributes in process `syz.0.39'. [ 35.626268][ T3627] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 35.933537][ T3636] netlink: 4 bytes leftover after parsing attributes in process `syz.4.45'. [ 35.933728][ T3630] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #3: comm syz.0.42: corrupted inode contents [ 35.967241][ T3636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 35.974714][ T3636] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 35.982530][ T3636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 35.990012][ T3636] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 35.992887][ T3630] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #3: comm syz.0.42: mark_inode_dirty error [ 36.042665][ T3630] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #3: comm syz.0.42: corrupted inode contents [ 36.067365][ T3630] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.42: mark_inode_dirty error [ 36.085953][ T1651] Bluetooth: hci1: Frame reassembly failed (-84) [ 36.092968][ T3630] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.42: Failed to acquire dquot type 0 [ 36.105641][ T3630] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.42: corrupted inode contents [ 36.117751][ T3630] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #16: comm syz.0.42: mark_inode_dirty error [ 36.129258][ T3630] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.42: corrupted inode contents [ 36.142744][ T3630] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.42: mark_inode_dirty error [ 36.155233][ T3630] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.42: corrupted inode contents [ 36.167123][ T3630] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem [ 36.176023][ T3630] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.42: corrupted inode contents [ 36.195089][ T3630] EXT4-fs error (device loop0): ext4_truncate:4635: inode #16: comm syz.0.42: mark_inode_dirty error [ 36.206379][ T3630] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem [ 36.227351][ T3630] EXT4-fs (loop0): 1 truncate cleaned up [ 36.238643][ T3630] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.251766][ T3630] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.291777][ T3650] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.48: corrupted inode contents [ 36.333008][ T3650] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #3: comm syz.4.48: mark_inode_dirty error [ 36.362395][ T3650] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.48: corrupted inode contents [ 36.374207][ T3650] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.48: mark_inode_dirty error [ 36.386916][ T3650] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.48: Failed to acquire dquot type 0 [ 36.398768][ T3650] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.48: corrupted inode contents [ 36.414816][ T3650] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #16: comm syz.4.48: mark_inode_dirty error [ 36.430810][ T3650] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.48: corrupted inode contents [ 36.447582][ T3650] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.48: mark_inode_dirty error [ 36.459376][ T3650] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.48: corrupted inode contents [ 36.471842][ T3650] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 36.480924][ T3650] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.48: corrupted inode contents [ 36.493050][ T3650] EXT4-fs error (device loop4): ext4_truncate:4635: inode #16: comm syz.4.48: mark_inode_dirty error [ 36.493624][ T3630] syz.0.42 (3630) used greatest stack depth: 9680 bytes left [ 36.512249][ T3650] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 36.541552][ T3650] EXT4-fs (loop4): 1 truncate cleaned up [ 36.548239][ T3650] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.562350][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.575856][ T3650] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.640013][ T3656] infiniband syz0: set active [ 36.644934][ T3656] infiniband syz0: added bond0 [ 36.662395][ T3656] RDS/IB: syz0: added [ 36.666858][ T3656] smc: adding ib device syz0 with port count 1 [ 36.673266][ T3656] smc: ib device syz0 port 1 has no pnetid [ 36.786225][ T3582] Bluetooth: hci0: command 0x1003 tx timeout [ 36.787387][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 36.818401][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 36.935816][ T3664] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 36.949880][ T3664] EXT4-fs (loop0): 1 truncate cleaned up [ 36.956281][ T3664] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 36.985522][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.040478][ T3667] netlink: 28 bytes leftover after parsing attributes in process `syz.0.53'. [ 37.053006][ T3669] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 37.061787][ T3667] syz.0.53 uses obsolete (PF_INET,SOCK_PACKET) [ 37.087910][ T3673] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 37.144583][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 37.171068][ T29] kauditd_printk_skb: 895 callbacks suppressed [ 37.171082][ T29] audit: type=1400 audit(1768394814.983:1011): avc: denied { write } for pid=3674 comm="syz.4.56" name="anycast6" dev="proc" ino=4026532733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 37.257778][ T3677] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 37.370583][ T3681] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.58: corrupted inode contents [ 37.388634][ T3681] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #3: comm syz.1.58: mark_inode_dirty error [ 37.412475][ T3681] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.58: corrupted inode contents [ 37.425074][ T3681] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.58: mark_inode_dirty error [ 37.436725][ T3681] Quota error (device loop1): write_blk: dquota write failed [ 37.444254][ T3681] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 37.455276][ T3681] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.58: Failed to acquire dquot type 0 [ 37.487536][ T3681] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.58: corrupted inode contents [ 37.506175][ T3681] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #16: comm syz.1.58: mark_inode_dirty error [ 37.576990][ T3681] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.58: corrupted inode contents [ 37.590749][ T3681] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.58: mark_inode_dirty error [ 37.602957][ T3681] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.58: corrupted inode contents [ 37.615470][ T3681] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 37.624302][ T3681] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.58: corrupted inode contents [ 37.636803][ T3681] EXT4-fs error (device loop1): ext4_truncate:4635: inode #16: comm syz.1.58: mark_inode_dirty error [ 37.648428][ T3681] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 37.660258][ T3681] EXT4-fs (loop1): 1 truncate cleaned up [ 37.667409][ T3681] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 37.681336][ T3681] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.071238][ T29] audit: type=1326 audit(1768394815.883:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca9aaf749 code=0x7ffc0000 [ 38.094610][ T29] audit: type=1326 audit(1768394815.883:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca9aaf749 code=0x7ffc0000 [ 38.118716][ T29] audit: type=1326 audit(1768394815.883:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7faca9aaf749 code=0x7ffc0000 [ 38.142254][ T29] audit: type=1326 audit(1768394815.883:1015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca9aaf749 code=0x7ffc0000 [ 38.165631][ T29] audit: type=1326 audit(1768394815.883:1016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3687 comm="syz.0.60" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faca9aaf749 code=0x7ffc0000 [ 38.186419][ T3581] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 38.194675][ T44] Bluetooth: hci1: command 0x1003 tx timeout [ 38.202098][ T3692] set_capacity_and_notify: 15 callbacks suppressed [ 38.202115][ T3692] loop3: detected capacity change from 0 to 512 [ 38.235610][ T3692] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.61: corrupted inode contents [ 38.247720][ T3692] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #3: comm syz.3.61: mark_inode_dirty error [ 38.259447][ T3692] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.61: corrupted inode contents [ 38.271199][ T3692] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.61: mark_inode_dirty error [ 38.282850][ T3692] Quota error (device loop3): write_blk: dquota write failed [ 38.291819][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.301988][ T3692] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 38.334762][ T3692] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.61: Failed to acquire dquot type 0 [ 38.355036][ T3692] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.61: corrupted inode contents [ 38.367347][ T3692] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #16: comm syz.3.61: mark_inode_dirty error [ 38.379254][ T3692] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.61: corrupted inode contents [ 38.391113][ T3692] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.61: mark_inode_dirty error [ 38.402677][ T3692] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.61: corrupted inode contents [ 38.415034][ T3692] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 38.423719][ T3692] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.61: corrupted inode contents [ 38.435839][ T3692] EXT4-fs error (device loop3): ext4_truncate:4635: inode #16: comm syz.3.61: mark_inode_dirty error [ 38.454797][ T3700] loop0: detected capacity change from 0 to 128 [ 38.463226][ T3700] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 38.473758][ T3692] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 38.483318][ T3692] EXT4-fs (loop3): 1 truncate cleaned up [ 38.489654][ T3692] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 38.511493][ T3700] loop0: detected capacity change from 0 to 128 [ 38.522075][ T3692] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 38.542314][ T3700] bio_check_eod: 192 callbacks suppressed [ 38.542327][ T3700] syz.0.64: attempt to access beyond end of device [ 38.542327][ T3700] loop0: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 38.582394][ T3700] syz.0.64: attempt to access beyond end of device [ 38.582394][ T3700] loop0: rw=2049, sector=146, nr_sectors = 8 limit=128 [ 38.624737][ T3700] syz.0.64: attempt to access beyond end of device [ 38.624737][ T3700] loop0: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 38.653905][ T3700] syz.0.64: attempt to access beyond end of device [ 38.653905][ T3700] loop0: rw=2049, sector=138, nr_sectors = 16 limit=128 [ 38.735161][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.819136][ T3708] loop1: detected capacity change from 0 to 2048 [ 39.431446][ T31] Bluetooth: hci0: Frame reassembly failed (-84) [ 39.677900][ T3729] loop0: detected capacity change from 0 to 128 [ 39.685117][ T3729] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 39.800526][ T3729] 9p: Could not find request transport: fd0x00000000000000060x0000000000000009 [ 39.943946][ T3737] loop3: detected capacity change from 0 to 512 [ 39.987917][ T3737] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.73: corrupted inode contents [ 39.999840][ T3737] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #3: comm syz.3.73: mark_inode_dirty error [ 40.013782][ T3737] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.73: corrupted inode contents [ 40.025828][ T3737] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.73: mark_inode_dirty error [ 40.037492][ T3737] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.73: Failed to acquire dquot type 0 [ 40.049448][ T3737] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.73: corrupted inode contents [ 40.062016][ T3737] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #16: comm syz.3.73: mark_inode_dirty error [ 40.073589][ T3737] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.73: corrupted inode contents [ 40.085801][ T3737] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.73: mark_inode_dirty error [ 40.097123][ T3737] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.73: corrupted inode contents [ 40.109226][ T3737] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 40.118263][ T3737] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.73: corrupted inode contents [ 40.130802][ T3737] EXT4-fs error (device loop3): ext4_truncate:4635: inode #16: comm syz.3.73: mark_inode_dirty error [ 40.142875][ T3743] loop0: detected capacity change from 0 to 128 [ 40.145850][ T3737] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 40.150502][ T3743] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 40.198408][ T3737] EXT4-fs (loop3): 1 truncate cleaned up [ 40.216854][ T3737] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.235131][ T3737] ext4 filesystem being mounted at /9/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.271045][ T3749] loop2: detected capacity change from 0 to 128 [ 40.313626][ T3749] vfat: Unknown parameter '0xffffffffffffffff18446744073709551615' [ 40.352408][ T3749] loop2: detected capacity change from 0 to 128 [ 40.365844][ T3749] syz.2.77: attempt to access beyond end of device [ 40.365844][ T3749] loop2: rw=2049, sector=138, nr_sectors = 8 limit=128 [ 40.390512][ T3754] rdma_rxe: rxe_newlink: failed to add bond0 [ 40.409088][ T3749] syz.2.77: attempt to access beyond end of device [ 40.409088][ T3749] loop2: rw=2049, sector=146, nr_sectors = 8 limit=128 [ 40.442554][ T3749] syz.2.77: attempt to access beyond end of device [ 40.442554][ T3749] loop2: rw=2049, sector=138, nr_sectors = 16 limit=128 [ 40.560377][ T3763] loop0: detected capacity change from 0 to 128 [ 40.600890][ T3765] EXT4-fs: Ignoring removed oldalloc option [ 40.617808][ T3765] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.630855][ T3765] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 40.644976][ T3765] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.82: bg 0: block 217: padding at end of block bitmap is not set [ 40.659333][ T3765] EXT4-fs (loop2): Remounting filesystem read-only [ 40.687037][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.780092][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.886995][ T3778] netlink: 8 bytes leftover after parsing attributes in process `syz.3.86'. [ 41.022580][ T1651] Bluetooth: hci1: Frame reassembly failed (-84) [ 41.039413][ T2381] Bluetooth: hci2: Frame reassembly failed (-84) [ 41.494466][ T3790] Bluetooth: hci0: command 0x1003 tx timeout [ 41.494488][ T3581] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 41.765142][ T3806] FAULT_INJECTION: forcing a failure. [ 41.765142][ T3806] name failslab, interval 1, probability 0, space 0, times 1 [ 41.777876][ T3806] CPU: 0 UID: 0 PID: 3806 Comm: syz.0.95 Not tainted syzkaller #0 PREEMPT(voluntary) [ 41.777900][ T3806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 41.777944][ T3806] Call Trace: [ 41.777952][ T3806] [ 41.777979][ T3806] __dump_stack+0x1d/0x30 [ 41.778001][ T3806] dump_stack_lvl+0x95/0xd0 [ 41.778020][ T3806] dump_stack+0x15/0x1b [ 41.778037][ T3806] should_fail_ex+0x265/0x280 [ 41.778099][ T3806] should_failslab+0x8c/0xb0 [ 41.778119][ T3806] kmem_cache_alloc_noprof+0x69/0x4b0 [ 41.778138][ T3806] ? skb_clone+0x151/0x1f0 [ 41.778230][ T3806] skb_clone+0x151/0x1f0 [ 41.778292][ T3806] __netlink_deliver_tap+0x2c9/0x500 [ 41.778324][ T3806] netlink_unicast+0x66b/0x690 [ 41.778352][ T3806] netlink_sendmsg+0x58b/0x6b0 [ 41.778381][ T3806] ? __pfx_netlink_sendmsg+0x10/0x10 [ 41.778422][ T3806] __sock_sendmsg+0x145/0x180 [ 41.778441][ T3806] ____sys_sendmsg+0x31e/0x4a0 [ 41.778522][ T3806] ___sys_sendmsg+0x17b/0x1d0 [ 41.778570][ T3806] __x64_sys_sendmsg+0xd4/0x160 [ 41.778602][ T3806] x64_sys_call+0x17ba/0x3000 [ 41.778633][ T3806] do_syscall_64+0xca/0x2b0 [ 41.778675][ T3806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 41.778694][ T3806] RIP: 0033:0x7faca9aaf749 [ 41.778778][ T3806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 41.778829][ T3806] RSP: 002b:00007faca850f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 41.778927][ T3806] RAX: ffffffffffffffda RBX: 00007faca9d05fa0 RCX: 00007faca9aaf749 [ 41.778946][ T3806] RDX: 0000000020040000 RSI: 00002000000003c0 RDI: 0000000000000008 [ 41.778957][ T3806] RBP: 00007faca850f090 R08: 0000000000000000 R09: 0000000000000000 [ 41.778968][ T3806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 41.779042][ T3806] R13: 00007faca9d06038 R14: 00007faca9d05fa0 R15: 00007fff8bb5fb68 [ 41.779059][ T3806] [ 41.779072][ T3806] netlink: 4 bytes leftover after parsing attributes in process `syz.0.95'. [ 41.981538][ T3806] hsr_slave_0: left promiscuous mode [ 41.987791][ T3806] hsr_slave_1: left promiscuous mode [ 42.142256][ T3811] netlink: 12 bytes leftover after parsing attributes in process `syz.4.97'. [ 42.256466][ T3815] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.98: corrupted inode contents [ 42.268898][ T3815] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #3: comm syz.4.98: mark_inode_dirty error [ 42.280998][ T3815] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.98: corrupted inode contents [ 42.292968][ T3815] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.98: mark_inode_dirty error [ 42.304448][ T3815] __quota_error: 131 callbacks suppressed [ 42.304464][ T3815] Quota error (device loop4): write_blk: dquota write failed [ 42.317874][ T3815] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 42.327998][ T3815] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.98: Failed to acquire dquot type 0 [ 42.339677][ T3815] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.98: corrupted inode contents [ 42.352307][ T3815] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #16: comm syz.4.98: mark_inode_dirty error [ 42.363877][ T3815] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.98: corrupted inode contents [ 42.376063][ T3815] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.98: mark_inode_dirty error [ 42.387619][ T3815] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.98: corrupted inode contents [ 42.399747][ T3815] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 42.408650][ T3815] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.98: corrupted inode contents [ 42.420667][ T3815] EXT4-fs error (device loop4): ext4_truncate:4635: inode #16: comm syz.4.98: mark_inode_dirty error [ 42.431896][ T3815] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 42.441413][ T3815] EXT4-fs (loop4): 1 truncate cleaned up [ 42.447742][ T3815] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.461164][ T3815] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 42.591879][ T3828] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 42.616539][ T3828] EXT4-fs (loop1): 1 truncate cleaned up [ 42.622942][ T3828] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.654208][ T29] audit: type=1326 audit(1768394820.463:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.677611][ T29] audit: type=1326 audit(1768394820.463:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.715627][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.725017][ T29] audit: type=1326 audit(1768394820.523:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.748434][ T29] audit: type=1326 audit(1768394820.523:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.771864][ T29] audit: type=1326 audit(1768394820.523:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.795227][ T29] audit: type=1326 audit(1768394820.523:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.818666][ T29] audit: type=1326 audit(1768394820.523:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.842037][ T29] audit: type=1326 audit(1768394820.523:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3827 comm="syz.1.102" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4439b8f749 code=0x7ffc0000 [ 42.885829][ T3833] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.923616][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.944279][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.055294][ T2381] Bluetooth: hci0: Frame reassembly failed (-84) [ 43.094437][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 43.094469][ T3582] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 43.100574][ T3790] Bluetooth: hci2: command 0x1003 tx timeout [ 43.108071][ T3645] Bluetooth: hci1: command 0x1003 tx timeout [ 43.126079][ T3849] netlink: 14 bytes leftover after parsing attributes in process `syz.1.108'. [ 43.135409][ T3849] hsr_slave_0: left promiscuous mode [ 43.141054][ T3849] hsr_slave_1: left promiscuous mode [ 43.840133][ T1651] Bluetooth: hci1: Frame reassembly failed (-84) [ 43.847720][ T3861] set_capacity_and_notify: 4 callbacks suppressed [ 43.847736][ T3861] loop1: detected capacity change from 0 to 128 [ 43.861367][ T3861] /dev/loop1: Can't open blockdev [ 43.917469][ T3861] IPv6: sit1: Disabled Multicast RS [ 43.923645][ T3861] sit1: entered allmulticast mode [ 44.115868][ T3870] loop1: detected capacity change from 0 to 512 [ 44.140530][ T3870] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.112: corrupted inode contents [ 44.152671][ T3870] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #3: comm syz.1.112: mark_inode_dirty error [ 44.165157][ T3870] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.112: corrupted inode contents [ 44.177490][ T3870] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.112: mark_inode_dirty error [ 44.189451][ T3870] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.112: Failed to acquire dquot type 0 [ 44.201243][ T3870] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.112: corrupted inode contents [ 44.213557][ T3870] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #16: comm syz.1.112: mark_inode_dirty error [ 44.227066][ T3870] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.112: corrupted inode contents [ 44.239365][ T3870] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.112: mark_inode_dirty error [ 44.250825][ T3870] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.112: corrupted inode contents [ 44.250860][ T3877] netlink: 8 bytes leftover after parsing attributes in process `syz.3.114'. [ 44.269848][ T3870] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 44.280401][ T3870] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.112: corrupted inode contents [ 44.287400][ T3877] netlink: 388 bytes leftover after parsing attributes in process `syz.3.114'. [ 44.293431][ T3870] EXT4-fs error (device loop1): ext4_truncate:4635: inode #16: comm syz.1.112: mark_inode_dirty error [ 44.313019][ T3870] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 44.322625][ T3870] EXT4-fs (loop1): 1 truncate cleaned up [ 44.328858][ T3870] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.341556][ T3870] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 44.392634][ T3881] xt_TCPMSS: Only works on TCP SYN packets [ 44.399722][ T3881] random: crng reseeded on system resumption [ 44.406748][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.470310][ T3888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.119'. [ 44.597117][ T3893] FAULT_INJECTION: forcing a failure. [ 44.597117][ T3893] name failslab, interval 1, probability 0, space 0, times 0 [ 44.609841][ T3893] CPU: 0 UID: 0 PID: 3893 Comm: syz.1.122 Not tainted syzkaller #0 PREEMPT(voluntary) [ 44.609864][ T3893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 44.609876][ T3893] Call Trace: [ 44.609888][ T3893] [ 44.609895][ T3893] __dump_stack+0x1d/0x30 [ 44.609998][ T3893] dump_stack_lvl+0x95/0xd0 [ 44.610017][ T3893] dump_stack+0x15/0x1b [ 44.610035][ T3893] should_fail_ex+0x265/0x280 [ 44.610056][ T3893] should_failslab+0x8c/0xb0 [ 44.610084][ T3893] kmem_cache_alloc_lru_noprof+0x6d/0x4c0 [ 44.610105][ T3893] ? alloc_inode+0x9a/0x170 [ 44.610171][ T3893] alloc_inode+0x9a/0x170 [ 44.610189][ T3893] alloc_anon_inode+0x1e/0x170 [ 44.610213][ T3893] aio_setup_ring+0x91/0x760 [ 44.610240][ T3893] ioctx_alloc+0x2aa/0x4c0 [ 44.610265][ T3893] __se_sys_io_setup+0x6b/0x1b0 [ 44.610433][ T3893] __x64_sys_io_setup+0x31/0x40 [ 44.610524][ T3893] x64_sys_call+0x2a8e/0x3000 [ 44.610546][ T3893] do_syscall_64+0xca/0x2b0 [ 44.610621][ T3893] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 44.610640][ T3893] RIP: 0033:0x7f4439b8f749 [ 44.610654][ T3893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 44.610689][ T3893] RSP: 002b:00007f44385ef038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 44.610706][ T3893] RAX: ffffffffffffffda RBX: 00007f4439de5fa0 RCX: 00007f4439b8f749 [ 44.610717][ T3893] RDX: 0000000000000000 RSI: 0000200000002400 RDI: 00000000000008f0 [ 44.610727][ T3893] RBP: 00007f44385ef090 R08: 0000000000000000 R09: 0000000000000000 [ 44.610738][ T3893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 44.610749][ T3893] R13: 00007f4439de6038 R14: 00007f4439de5fa0 R15: 00007ffdedde9cf8 [ 44.610838][ T3893] [ 44.822989][ T3895] loop2: detected capacity change from 0 to 128 [ 44.928533][ T3900] loop1: detected capacity change from 0 to 512 [ 44.960703][ T3900] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.125: corrupted inode contents [ 44.984170][ T3900] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #3: comm syz.1.125: mark_inode_dirty error [ 44.996677][ T3900] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #3: comm syz.1.125: corrupted inode contents [ 45.009438][ T3900] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #3: comm syz.1.125: mark_inode_dirty error [ 45.021338][ T3900] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.125: Failed to acquire dquot type 0 [ 45.033468][ T3900] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.125: corrupted inode contents [ 45.054170][ T3900] EXT4-fs error (device loop1): ext4_dirty_inode:6502: inode #16: comm syz.1.125: mark_inode_dirty error [ 45.066152][ T3900] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.125: corrupted inode contents [ 45.078696][ T3900] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #16: comm syz.1.125: mark_inode_dirty error [ 45.093896][ T3900] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.125: corrupted inode contents [ 45.105979][ T3581] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 45.113961][ T3900] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 45.123354][ T3900] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.125: corrupted inode contents [ 45.145236][ T3900] EXT4-fs error (device loop1): ext4_truncate:4635: inode #16: comm syz.1.125: mark_inode_dirty error [ 45.164659][ T3900] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 45.215888][ T3900] EXT4-fs (loop1): 1 truncate cleaned up [ 45.223770][ T3900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.236721][ T3900] ext4 filesystem being mounted at /34/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.242351][ T3910] loop2: detected capacity change from 0 to 512 [ 45.277147][ T3910] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #3: comm syz.2.128: corrupted inode contents [ 45.302610][ T3910] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #3: comm syz.2.128: mark_inode_dirty error [ 45.326191][ T3910] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #3: comm syz.2.128: corrupted inode contents [ 45.346366][ T3910] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.128: mark_inode_dirty error [ 45.358643][ T3910] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.128: Failed to acquire dquot type 0 [ 45.370607][ T3910] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.128: corrupted inode contents [ 45.383151][ T3910] EXT4-fs error (device loop2): ext4_dirty_inode:6502: inode #16: comm syz.2.128: mark_inode_dirty error [ 45.394757][ T3910] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.128: corrupted inode contents [ 45.407339][ T3910] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.128: mark_inode_dirty error [ 45.418776][ T3910] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.128: corrupted inode contents [ 45.431461][ T3910] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 45.452103][ T3910] EXT4-fs error (device loop2): ext4_do_update_inode:5617: inode #16: comm syz.2.128: corrupted inode contents [ 45.464262][ T3910] EXT4-fs error (device loop2): ext4_truncate:4635: inode #16: comm syz.2.128: mark_inode_dirty error [ 45.475830][ T3910] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 45.493680][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.503729][ T3910] EXT4-fs (loop2): 1 truncate cleaned up [ 45.510678][ T3910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.523362][ T3910] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.598316][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.636926][ T2381] Bluetooth: hci0: Frame reassembly failed (-84) [ 45.896044][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 45.899828][ T3645] Bluetooth: hci1: command 0x1003 tx timeout [ 45.990100][ T3935] netlink: 12 bytes leftover after parsing attributes in process `syz.1.138'. [ 46.052141][ T3939] netlink: 14 bytes leftover after parsing attributes in process `syz.1.140'. [ 46.166306][ T3947] FAULT_INJECTION: forcing a failure. [ 46.166306][ T3947] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 46.179650][ T3947] CPU: 1 UID: 0 PID: 3947 Comm: syz.0.143 Not tainted syzkaller #0 PREEMPT(voluntary) [ 46.179682][ T3947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 46.179696][ T3947] Call Trace: [ 46.179703][ T3947] [ 46.179713][ T3947] __dump_stack+0x1d/0x30 [ 46.179805][ T3947] dump_stack_lvl+0x95/0xd0 [ 46.179830][ T3947] dump_stack+0x15/0x1b [ 46.179864][ T3947] should_fail_ex+0x265/0x280 [ 46.179894][ T3947] should_fail+0xb/0x20 [ 46.179913][ T3947] should_fail_usercopy+0x1a/0x20 [ 46.179989][ T3947] _copy_to_user+0x20/0xa0 [ 46.180156][ T3947] simple_read_from_buffer+0xb5/0x130 [ 46.180185][ T3947] proc_fail_nth_read+0x10e/0x150 [ 46.180292][ T3947] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 46.180329][ T3947] vfs_read+0x1a8/0x770 [ 46.180351][ T3947] ? __rcu_read_unlock+0x4f/0x70 [ 46.180378][ T3947] ? __fget_files+0x184/0x1c0 [ 46.180475][ T3947] ? mutex_lock+0x58/0x90 [ 46.180502][ T3947] ksys_read+0xda/0x1a0 [ 46.180526][ T3947] __x64_sys_read+0x40/0x50 [ 46.180615][ T3947] x64_sys_call+0x2889/0x3000 [ 46.180646][ T3947] do_syscall_64+0xca/0x2b0 [ 46.180692][ T3947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.180722][ T3947] RIP: 0033:0x7faca9aae15c [ 46.180762][ T3947] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 46.180780][ T3947] RSP: 002b:00007faca850f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 46.180803][ T3947] RAX: ffffffffffffffda RBX: 00007faca9d05fa0 RCX: 00007faca9aae15c [ 46.180820][ T3947] RDX: 000000000000000f RSI: 00007faca850f0a0 RDI: 0000000000000004 [ 46.180836][ T3947] RBP: 00007faca850f090 R08: 0000000000000000 R09: 0000000000000000 [ 46.180860][ T3947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 46.180903][ T3947] R13: 00007faca9d06038 R14: 00007faca9d05fa0 R15: 00007fff8bb5fb68 [ 46.180926][ T3947] [ 46.383663][ T3950] netlink: 28 bytes leftover after parsing attributes in process `syz.1.144'. [ 46.392691][ T3950] netlink: 108 bytes leftover after parsing attributes in process `syz.1.144'. [ 46.449000][ T3950] netlink: 28 bytes leftover after parsing attributes in process `syz.1.144'. [ 46.459362][ T3950] netlink: 108 bytes leftover after parsing attributes in process `syz.1.144'. [ 46.468449][ T3950] netlink: 84 bytes leftover after parsing attributes in process `syz.1.144'. [ 46.850508][ T1740] Bluetooth: hci1: Frame reassembly failed (-84) [ 46.893666][ T3965] loop1: detected capacity change from 0 to 128 [ 46.953031][ T3968] netlink: 14 bytes leftover after parsing attributes in process `syz.4.151'. [ 46.962393][ T3968] hsr_slave_0: left promiscuous mode [ 46.968442][ T3968] hsr_slave_1: left promiscuous mode [ 47.155421][ T3977] loop4: detected capacity change from 0 to 512 [ 47.162725][ T3977] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 47.174388][ T3977] EXT4-fs (loop4): invalid journal inode [ 47.180302][ T3977] EXT4-fs (loop4): can't get journal size [ 47.187286][ T3977] EXT4-fs (loop4): 1 truncate cleaned up [ 47.193415][ T3977] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.365761][ T3986] loop3: detected capacity change from 0 to 1024 [ 47.387190][ T3986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.412677][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.425846][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.470191][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 47.470207][ T29] audit: type=1326 audit(1768394825.283:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.500610][ T29] audit: type=1326 audit(1768394825.283:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.501374][ T3994] loop3: detected capacity change from 0 to 128 [ 47.524121][ T29] audit: type=1326 audit(1768394825.283:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.553870][ T29] audit: type=1326 audit(1768394825.283:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.567266][ T3994] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 47.577427][ T29] audit: type=1326 audit(1768394825.283:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.596249][ T3994] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 47.612298][ T29] audit: type=1326 audit(1768394825.283:1328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.644754][ T29] audit: type=1326 audit(1768394825.283:1329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.668107][ T29] audit: type=1326 audit(1768394825.283:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.691465][ T29] audit: type=1326 audit(1768394825.283:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.712812][ T3581] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 47.714813][ T29] audit: type=1326 audit(1768394825.283:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3993 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcca682f749 code=0x7ffc0000 [ 47.745840][ T3997] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 47.862616][ T4007] loop4: detected capacity change from 0 to 512 [ 47.885033][ T4007] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 47.909030][ T4007] EXT4-fs (loop4): 1 truncate cleaned up [ 47.915850][ T4007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.929698][ T3316] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 47.938401][ T3316] FAT-fs (loop3): Filesystem has been set read-only [ 47.946791][ T3316] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 47.977770][ T4015] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 48.001728][ T4015] EXT4-fs (loop3): orphan cleanup on readonly fs [ 48.015411][ T4015] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.163: Failed to acquire dquot type 1 [ 48.028227][ T4015] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.163: bg 0: block 40: padding at end of block bitmap is not set [ 48.042913][ T4015] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6689: Corrupt filesystem [ 48.052157][ T4015] EXT4-fs (loop3): 1 truncate cleaned up [ 48.058468][ T4015] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 48.087602][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.098003][ T4023] netlink: 8 bytes leftover after parsing attributes in process `syz.1.165'. [ 48.120630][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.330747][ T4038] netlink: 12 bytes leftover after parsing attributes in process `syz.4.170'. [ 48.346853][ T383] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.357249][ T383] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.366696][ T4038] netlink: 'syz.4.170': attribute type 4 has an invalid length. [ 48.411845][ T383] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.424287][ T383] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 48.670489][ T4045] Invalid logical block size (4608) [ 48.864488][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 48.969778][ T4058] set_capacity_and_notify: 4 callbacks suppressed [ 48.969795][ T4058] loop4: detected capacity change from 0 to 512 [ 48.982906][ T4060] loop1: detected capacity change from 0 to 1024 [ 48.990132][ T4058] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.009175][ T4058] EXT4-fs (loop4): too many log groups per flexible block group [ 49.019847][ T4058] EXT4-fs (loop4): failed to initialize mballoc (-12) [ 49.028471][ T4058] EXT4-fs (loop4): mount failed [ 49.038252][ T4060] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.063858][ T4058] lo speed is unknown, defaulting to 1000 [ 49.069940][ T4058] lo speed is unknown, defaulting to 1000 [ 49.076245][ T4058] lo speed is unknown, defaulting to 1000 [ 49.077420][ T4066] loop3: detected capacity change from 0 to 512 [ 49.083435][ T4058] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 49.099265][ T4058] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 49.112176][ T4058] lo speed is unknown, defaulting to 1000 [ 49.118662][ T4066] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 49.119359][ T4058] lo speed is unknown, defaulting to 1000 [ 49.135301][ T4058] lo speed is unknown, defaulting to 1000 [ 49.141596][ T4058] lo speed is unknown, defaulting to 1000 [ 49.148603][ T4058] lo speed is unknown, defaulting to 1000 [ 49.155281][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.164441][ T4067] smc: removing ib device syz0 [ 49.179659][ T4066] EXT4-fs (loop3): 1 truncate cleaned up [ 49.187589][ T4066] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.398700][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.546557][ T4092] netlink: '+}[@': attribute type 6 has an invalid length. [ 49.686005][ T4120] loop3: detected capacity change from 0 to 512 [ 49.710193][ T4120] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.193: corrupted inode contents [ 49.730734][ T4120] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #3: comm syz.3.193: mark_inode_dirty error [ 49.742929][ T4120] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.193: corrupted inode contents [ 49.755336][ T4120] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.193: mark_inode_dirty error [ 49.784125][ T4120] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.193: Failed to acquire dquot type 0 [ 49.799451][ T4120] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.193: corrupted inode contents [ 49.812488][ T4120] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #16: comm syz.3.193: mark_inode_dirty error [ 49.825270][ T4120] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.193: corrupted inode contents [ 49.839428][ T4120] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.193: mark_inode_dirty error [ 49.851478][ T4120] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.193: corrupted inode contents [ 49.863616][ T4120] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 49.872877][ T4120] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.193: corrupted inode contents [ 49.886346][ T4120] EXT4-fs error (device loop3): ext4_truncate:4635: inode #16: comm syz.3.193: mark_inode_dirty error [ 49.898735][ T4120] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 49.922448][ T4120] EXT4-fs (loop3): 1 truncate cleaned up [ 49.929574][ T4120] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.943212][ T4120] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.211022][ T4148] lo speed is unknown, defaulting to 1000 [ 50.220036][ T4148] lo speed is unknown, defaulting to 1000 [ 50.236913][ T4148] lo speed is unknown, defaulting to 1000 [ 50.272591][ T4152] loop2: detected capacity change from 0 to 128 [ 50.283309][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.368741][ T4158] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 50.398928][ T4148] infiniband syz1: set active [ 50.403713][ T4148] infiniband syz1: added lo [ 50.408651][ T3481] lo speed is unknown, defaulting to 1000 [ 50.434810][ T4148] RDS/IB: syz1: added [ 50.448182][ T4148] smc: adding ib device syz1 with port count 1 [ 50.455133][ T4148] smc: ib device syz1 port 1 has no pnetid [ 50.467272][ T3481] lo speed is unknown, defaulting to 1000 [ 50.473150][ T4148] lo speed is unknown, defaulting to 1000 [ 50.527202][ T4148] lo speed is unknown, defaulting to 1000 [ 50.564846][ T4171] loop3: detected capacity change from 0 to 164 [ 50.578591][ T4171] iso9660: Unknown parameter '00000000000000000005' [ 50.618402][ T4174] lo speed is unknown, defaulting to 1000 [ 50.630558][ T4171] loop3: detected capacity change from 0 to 128 [ 50.678868][ T4174] lo speed is unknown, defaulting to 1000 [ 50.771847][ T4148] lo speed is unknown, defaulting to 1000 [ 50.930712][ T4148] lo speed is unknown, defaulting to 1000 [ 51.065779][ T4148] lo speed is unknown, defaulting to 1000 [ 51.151218][ T4177] mmap: syz.4.217 (4177) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 51.177131][ T4196] SELinux: security_context_str_to_sid (O*3!L;(x?8>${S7#!g.&[n٦9P9\ETWq3H*8YYLGR!I*' ) failed with errno=-22 [ 51.297873][ T4200] __nla_validate_parse: 9 callbacks suppressed [ 51.297894][ T4200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.224'. [ 51.313103][ T4200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.224'. [ 51.331821][ T4200] loop2: detected capacity change from 0 to 512 [ 51.343332][ T4200] EXT4-fs: Mount option(s) incompatible with ext2 [ 51.404798][ T4196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'. [ 51.413801][ T4196] netlink: 20 bytes leftover after parsing attributes in process `syz.3.220'. [ 51.498935][ C1] hrtimer: interrupt took 43486 ns [ 51.594895][ T2381] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 51.606685][ T4196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.220'. [ 51.615663][ T4196] netlink: 20 bytes leftover after parsing attributes in process `syz.3.220'. [ 51.800282][ T2381] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 51.810477][ T2381] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 51.819932][ T2381] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 52.030781][ T4194] lo speed is unknown, defaulting to 1000 [ 52.037181][ T4194] lo speed is unknown, defaulting to 1000 [ 52.121925][ T4219] syz.0.229 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 52.149884][ T4219] loop0: detected capacity change from 0 to 128 [ 52.375954][ T4242] loop0: detected capacity change from 0 to 128 [ 52.485931][ T29] kauditd_printk_skb: 561 callbacks suppressed [ 52.486054][ T29] audit: type=1400 audit(1768394830.303:1890): avc: denied { unmount } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 52.524816][ T4249] Invalid logical block size (4608) [ 52.571032][ T29] audit: type=1400 audit(1768394830.363:1891): avc: denied { read } for pid=4248 comm="syz.0.239" dev="nsfs" ino=4026532865 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.592206][ T29] audit: type=1400 audit(1768394830.363:1892): avc: denied { open } for pid=4248 comm="syz.0.239" path="net:[4026532865]" dev="nsfs" ino=4026532865 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.615606][ T29] audit: type=1400 audit(1768394830.363:1893): avc: denied { create } for pid=4248 comm="syz.0.239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 52.635680][ T29] audit: type=1400 audit(1768394830.363:1894): avc: denied { bind } for pid=4245 comm="syz.2.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 52.654958][ T29] audit: type=1400 audit(1768394830.363:1895): avc: denied { write } for pid=4245 comm="syz.2.238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 52.675787][ T29] audit: type=1400 audit(1768394830.373:1896): avc: denied { create } for pid=4248 comm="syz.0.239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 52.695401][ T29] audit: type=1400 audit(1768394830.373:1897): avc: denied { ioctl } for pid=4248 comm="syz.0.239" path="socket:[7191]" dev="sockfs" ino=7191 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 52.720041][ T29] audit: type=1400 audit(1768394830.373:1898): avc: denied { module_request } for pid=4248 comm="syz.0.239" kmod="netdev-syzkaller1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 52.793622][ T29] audit: type=1400 audit(1768394830.583:1899): avc: denied { sys_module } for pid=4248 comm="syz.0.239" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 52.892395][ T4263] ext4: Unknown parameter 'appraise_type' [ 52.903795][ T4258] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.958637][ T4271] FAULT_INJECTION: forcing a failure. [ 52.958637][ T4271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 52.971981][ T4271] CPU: 0 UID: 0 PID: 4271 Comm: syz.1.244 Not tainted syzkaller #0 PREEMPT(voluntary) [ 52.972013][ T4271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 52.972101][ T4271] Call Trace: [ 52.972109][ T4271] [ 52.972117][ T4271] __dump_stack+0x1d/0x30 [ 52.972187][ T4271] dump_stack_lvl+0x95/0xd0 [ 52.972211][ T4271] dump_stack+0x15/0x1b [ 52.972233][ T4271] should_fail_ex+0x265/0x280 [ 52.972258][ T4271] should_fail+0xb/0x20 [ 52.972279][ T4271] should_fail_usercopy+0x1a/0x20 [ 52.972376][ T4271] _copy_from_user+0x1c/0xb0 [ 52.972406][ T4271] ___sys_sendmsg+0xc1/0x1d0 [ 52.972520][ T4271] __x64_sys_sendmsg+0xd4/0x160 [ 52.972590][ T4271] x64_sys_call+0x17ba/0x3000 [ 52.972617][ T4271] do_syscall_64+0xca/0x2b0 [ 52.972654][ T4271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.972742][ T4271] RIP: 0033:0x7f4439b8f749 [ 52.972759][ T4271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.972784][ T4271] RSP: 002b:00007f44385ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 52.972806][ T4271] RAX: ffffffffffffffda RBX: 00007f4439de5fa0 RCX: 00007f4439b8f749 [ 52.972820][ T4271] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 52.972834][ T4271] RBP: 00007f44385ef090 R08: 0000000000000000 R09: 0000000000000000 [ 52.972847][ T4271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.972861][ T4271] R13: 00007f4439de6038 R14: 00007f4439de5fa0 R15: 00007ffdedde9cf8 [ 52.972957][ T4271] [ 53.202774][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.227753][ T4278] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.268792][ T4300] FAULT_INJECTION: forcing a failure. [ 53.268792][ T4300] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 53.282025][ T4300] CPU: 1 UID: 0 PID: 4300 Comm: syz.3.249 Not tainted syzkaller #0 PREEMPT(voluntary) [ 53.282152][ T4300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 53.282167][ T4300] Call Trace: [ 53.282174][ T4300] [ 53.282183][ T4300] __dump_stack+0x1d/0x30 [ 53.282208][ T4300] dump_stack_lvl+0x95/0xd0 [ 53.282254][ T4300] dump_stack+0x15/0x1b [ 53.282277][ T4300] should_fail_ex+0x265/0x280 [ 53.282355][ T4300] should_fail+0xb/0x20 [ 53.282374][ T4300] should_fail_usercopy+0x1a/0x20 [ 53.282397][ T4300] _copy_from_user+0x1c/0xb0 [ 53.282447][ T4300] __sys_bpf+0x183/0x7c0 [ 53.282545][ T4300] __x64_sys_bpf+0x41/0x50 [ 53.282604][ T4300] x64_sys_call+0x28e1/0x3000 [ 53.282631][ T4300] do_syscall_64+0xca/0x2b0 [ 53.282669][ T4300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.282757][ T4300] RIP: 0033:0x7fcca682f749 [ 53.282774][ T4300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.282793][ T4300] RSP: 002b:00007fcca528f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 53.282814][ T4300] RAX: ffffffffffffffda RBX: 00007fcca6a85fa0 RCX: 00007fcca682f749 [ 53.282828][ T4300] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 53.282883][ T4300] RBP: 00007fcca528f090 R08: 0000000000000000 R09: 0000000000000000 [ 53.282897][ T4300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.282910][ T4300] R13: 00007fcca6a86038 R14: 00007fcca6a85fa0 R15: 00007ffd1ef421f8 [ 53.282931][ T4300] [ 53.448843][ T4278] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.519454][ T4278] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.540202][ T4345] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 53.561867][ T4345] EXT4-fs (loop2): invalid journal inode [ 53.568024][ T4345] EXT4-fs (loop2): can't get journal size [ 53.588686][ T4345] EXT4-fs (loop2): 1 truncate cleaned up [ 53.595041][ T4345] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.616036][ T4278] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.626626][ T4352] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 53.641872][ T4352] EXT4-fs (loop3): 1 truncate cleaned up [ 53.648575][ T4352] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.685202][ T4324] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.685238][ T4324] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.685330][ T4324] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.685557][ T4324] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.720022][ T4322] Bluetooth: hci0: Frame reassembly failed (-84) [ 53.836053][ T4360] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 53.854467][ T4360] EXT4-fs (loop0): 1 truncate cleaned up [ 53.867012][ T4360] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.898409][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.047882][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.081065][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.096835][ T4377] ref_ctr_offset mismatch. inode: 0xc2 offset: 0x0 ref_ctr_offset(old): 0x24 ref_ctr_offset(new): 0x0 [ 54.145656][ T4377] capability: warning: `syz.2.261' uses 32-bit capabilities (legacy support in use) [ 54.163274][ T4377] set_capacity_and_notify: 6 callbacks suppressed [ 54.163294][ T4377] loop2: detected capacity change from 0 to 512 [ 54.189041][ T4377] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.201779][ T4377] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.226338][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.521881][ T4395] loop0: detected capacity change from 0 to 512 [ 54.533858][ T4397] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.548013][ T4395] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 54.560750][ T4395] EXT4-fs (loop0): 1 truncate cleaned up [ 54.568149][ T4395] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.590519][ T4397] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.628192][ T4397] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.689532][ T4397] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 54.734764][ T4322] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.749611][ T4322] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.759111][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.765470][ T4330] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.779901][ T4324] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.800588][ T4403] loop0: detected capacity change from 0 to 512 [ 54.900894][ T4409] loop3: detected capacity change from 0 to 1024 [ 54.940428][ T4409] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.001510][ T4415] Invalid logical block size (4608) [ 55.022784][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.080653][ T4417] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.107975][ T4417] FAULT_INJECTION: forcing a failure. [ 55.107975][ T4417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 55.121188][ T4417] CPU: 0 UID: 0 PID: 4417 Comm: syz.3.274 Not tainted syzkaller #0 PREEMPT(voluntary) [ 55.121244][ T4417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 55.121295][ T4417] Call Trace: [ 55.121304][ T4417] [ 55.121314][ T4417] __dump_stack+0x1d/0x30 [ 55.121414][ T4417] dump_stack_lvl+0x95/0xd0 [ 55.121439][ T4417] dump_stack+0x15/0x1b [ 55.121537][ T4417] should_fail_ex+0x265/0x280 [ 55.121566][ T4417] ? __pfx_ppp_ioctl+0x10/0x10 [ 55.121602][ T4417] should_fail+0xb/0x20 [ 55.121628][ T4417] should_fail_usercopy+0x1a/0x20 [ 55.121739][ T4417] _copy_from_user+0x1c/0xb0 [ 55.121848][ T4417] ppp_get_filter+0x3e/0x160 [ 55.121884][ T4417] ? mutex_lock+0x58/0x90 [ 55.121923][ T4417] ppp_ioctl+0xb93/0x11c0 [ 55.121958][ T4417] ? __fget_files+0x184/0x1c0 [ 55.122030][ T4417] ? __pfx_ppp_ioctl+0x10/0x10 [ 55.122110][ T4417] __se_sys_ioctl+0xce/0x140 [ 55.122149][ T4417] __x64_sys_ioctl+0x43/0x50 [ 55.122189][ T4417] x64_sys_call+0x14b0/0x3000 [ 55.122337][ T4417] do_syscall_64+0xca/0x2b0 [ 55.122384][ T4417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.122476][ T4417] RIP: 0033:0x7fcca682f749 [ 55.122497][ T4417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.122520][ T4417] RSP: 002b:00007fcca528f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.122541][ T4417] RAX: ffffffffffffffda RBX: 00007fcca6a85fa0 RCX: 00007fcca682f749 [ 55.122555][ T4417] RDX: 0000200000000080 RSI: 0000000040107447 RDI: 0000000000000006 [ 55.122633][ T4417] RBP: 00007fcca528f090 R08: 0000000000000000 R09: 0000000000000000 [ 55.122650][ T4417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.122666][ T4417] R13: 00007fcca6a86038 R14: 00007fcca6a85fa0 R15: 00007ffd1ef421f8 [ 55.122767][ T4417] [ 55.379666][ T4430] loop3: detected capacity change from 0 to 512 [ 55.388569][ T4430] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 55.397681][ T4430] EXT4-fs (loop3): invalid journal inode [ 55.403612][ T4430] EXT4-fs (loop3): can't get journal size [ 55.411149][ T4430] EXT4-fs (loop3): 1 truncate cleaned up [ 55.417435][ T4430] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.706734][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.734506][ T3645] Bluetooth: hci0: command 0x1003 tx timeout [ 55.735377][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 55.752101][ T4325] Bluetooth: hci1: Frame reassembly failed (-84) [ 55.772133][ T4448] netlink: 8 bytes leftover after parsing attributes in process `syz.2.287'. [ 55.942558][ T4458] loop3: detected capacity change from 0 to 512 [ 55.951285][ T4458] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 55.969454][ T4458] EXT4-fs (loop3): invalid journal inode [ 55.976726][ T4458] EXT4-fs (loop3): can't get journal size [ 55.986595][ T4458] EXT4-fs (loop3): 1 truncate cleaned up [ 55.996372][ T4458] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.202971][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.404721][ T4472] loop3: detected capacity change from 0 to 512 [ 56.411561][ T4472] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 56.421049][ T4472] EXT4-fs (loop3): invalid journal inode [ 56.426899][ T4472] EXT4-fs (loop3): can't get journal size [ 56.433502][ T4472] EXT4-fs (loop3): 1 truncate cleaned up [ 56.440166][ T4472] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 56.496545][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.533971][ T3007] udevd[3007]: worker [3308] terminated by signal 33 (Unknown signal 33) [ 56.652746][ T4481] FAULT_INJECTION: forcing a failure. [ 56.652746][ T4481] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 56.666034][ T4481] CPU: 1 UID: 0 PID: 4481 Comm: syz.2.297 Not tainted syzkaller #0 PREEMPT(voluntary) [ 56.666078][ T4481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 56.666151][ T4481] Call Trace: [ 56.666159][ T4481] [ 56.666168][ T4481] __dump_stack+0x1d/0x30 [ 56.666260][ T4481] dump_stack_lvl+0x95/0xd0 [ 56.666281][ T4481] dump_stack+0x15/0x1b [ 56.666325][ T4481] should_fail_ex+0x265/0x280 [ 56.666383][ T4481] should_fail+0xb/0x20 [ 56.666402][ T4481] should_fail_usercopy+0x1a/0x20 [ 56.666426][ T4481] _copy_from_user+0x1c/0xb0 [ 56.666462][ T4481] ___sys_sendmsg+0xc1/0x1d0 [ 56.666578][ T4481] __x64_sys_sendmsg+0xd4/0x160 [ 56.666621][ T4481] x64_sys_call+0x17ba/0x3000 [ 56.666686][ T4481] do_syscall_64+0xca/0x2b0 [ 56.666811][ T4481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.666840][ T4481] RIP: 0033:0x7fbc9af0f749 [ 56.666948][ T4481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.667041][ T4481] RSP: 002b:00007fbc9996f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.667062][ T4481] RAX: ffffffffffffffda RBX: 00007fbc9b165fa0 RCX: 00007fbc9af0f749 [ 56.667074][ T4481] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000005 [ 56.667086][ T4481] RBP: 00007fbc9996f090 R08: 0000000000000000 R09: 0000000000000000 [ 56.667098][ T4481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.667110][ T4481] R13: 00007fbc9b166038 R14: 00007fbc9b165fa0 R15: 00007ffff7b506c8 [ 56.667134][ T4481] [ 56.873075][ T4487] loop4: detected capacity change from 0 to 512 [ 56.880666][ T4487] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 56.891919][ T4487] EXT4-fs (loop4): 1 truncate cleaned up [ 56.898234][ T4487] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 57.038535][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.064315][ T4503] loop4: detected capacity change from 0 to 512 [ 57.071847][ T4503] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 57.080760][ T4503] EXT4-fs (loop4): invalid journal inode [ 57.088075][ T4503] EXT4-fs (loop4): can't get journal size [ 57.095757][ T4503] EXT4-fs (loop4): 1 truncate cleaned up [ 57.106716][ T4503] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 57.128898][ T4508] loop1: detected capacity change from 0 to 128 [ 57.234454][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 57.298326][ T4505] lo speed is unknown, defaulting to 1000 [ 57.306333][ T4505] lo speed is unknown, defaulting to 1000 [ 57.546615][ T29] kauditd_printk_skb: 1100 callbacks suppressed [ 57.546640][ T29] audit: type=1400 audit(1768394835.363:3000): avc: denied { read } for pid=4551 comm=FF name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 57.576280][ T29] audit: type=1400 audit(1768394835.363:3001): avc: denied { open } for pid=4551 comm=FF path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 57.747397][ T29] audit: type=1400 audit(1768394835.563:3002): avc: denied { setopt } for pid=4551 comm=FF scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.766418][ T29] audit: type=1400 audit(1768394835.563:3003): avc: denied { bind } for pid=4551 comm=FF scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.784926][ T29] audit: type=1400 audit(1768394835.563:3004): avc: denied { name_bind } for pid=4551 comm=FF src=28164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 57.806143][ T29] audit: type=1400 audit(1768394835.563:3005): avc: denied { node_bind } for pid=4551 comm=FF src=28164 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 57.826233][ T29] audit: type=1400 audit(1768394835.563:3006): avc: denied { shutdown } for pid=4551 comm=FF scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.826799][ T44] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 57.845148][ T29] audit: type=1400 audit(1768394835.563:3007): avc: denied { connect } for pid=4551 comm=FF scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 57.845180][ T29] audit: type=1400 audit(1768394835.563:3008): avc: denied { name_connect } for pid=4551 comm=FF dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 57.845221][ T29] audit: type=1400 audit(1768394835.563:3009): avc: denied { read } for pid=4551 comm=FF lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 57.845279][ T3645] Bluetooth: hci1: command 0x1003 tx timeout [ 58.560337][ T4570] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.628922][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 58.638504][ T4577] Invalid logical block size (4608) [ 58.719950][ T4584] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 58.736372][ T4584] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8801e019, mo2=0000] [ 58.756326][ T4584] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.333: lblock 2 mapped to illegal pblock 2 (length 1) [ 58.824489][ T4584] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.333: lblock 0 mapped to illegal pblock 48 (length 1) [ 58.839521][ T4584] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.333: Failed to acquire dquot type 0 [ 58.851023][ T4584] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem [ 58.860898][ T4584] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.333: mark_inode_dirty error [ 58.892243][ T4584] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117) [ 58.912749][ T4584] EXT4-fs (loop4): 1 orphan inode deleted [ 58.919093][ T4584] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 58.931335][ T4322] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:50: lblock 1 mapped to illegal pblock 1 (length 1) [ 58.954494][ T4593] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 58.954585][ T4322] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:50: Failed to release dquot type 0 [ 58.975437][ T4593] EXT4-fs (loop3): invalid journal inode [ 58.981246][ T4593] EXT4-fs (loop3): can't get journal size [ 59.005815][ T4593] EXT4-fs (loop3): 1 truncate cleaned up [ 59.012218][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.022119][ T4593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.035237][ T3324] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 59.063679][ T3324] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem [ 59.073263][ T3324] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error [ 59.074333][ T4600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.340'. [ 59.143876][ T4598] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 59.205521][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.206042][ T4605] set_capacity_and_notify: 4 callbacks suppressed [ 59.206079][ T4605] loop4: detected capacity change from 0 to 512 [ 59.260867][ T4605] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.338: corrupted inode contents [ 59.274977][ T4605] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #3: comm syz.4.338: mark_inode_dirty error [ 59.310360][ T4605] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #3: comm syz.4.338: corrupted inode contents [ 59.332545][ T4605] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #3: comm syz.4.338: mark_inode_dirty error [ 59.357001][ T4605] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.338: Failed to acquire dquot type 0 [ 59.375433][ T4605] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.338: corrupted inode contents [ 59.401856][ T4622] Invalid logical block size (4608) [ 59.404672][ T4605] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #16: comm syz.4.338: mark_inode_dirty error [ 59.431897][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 59.441797][ T4605] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.338: corrupted inode contents [ 59.453943][ T4605] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #16: comm syz.4.338: mark_inode_dirty error [ 59.465367][ T4605] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.338: corrupted inode contents [ 59.477360][ T4605] EXT4-fs error (device loop4) in ext4_orphan_del:303: Corrupt filesystem [ 59.489331][ T4605] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #16: comm syz.4.338: corrupted inode contents [ 59.501983][ T4605] EXT4-fs error (device loop4): ext4_truncate:4635: inode #16: comm syz.4.338: mark_inode_dirty error [ 59.513514][ T4605] EXT4-fs error (device loop4) in ext4_process_orphan:345: Corrupt filesystem [ 59.523051][ T4605] EXT4-fs (loop4): 1 truncate cleaned up [ 59.569433][ T4605] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.614556][ T4605] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.793909][ T4637] netlink: 8 bytes leftover after parsing attributes in process `syz.3.351'. [ 59.813355][ T4637] loop3: detected capacity change from 0 to 512 [ 59.825217][ T4641] FAULT_INJECTION: forcing a failure. [ 59.825217][ T4641] name failslab, interval 1, probability 0, space 0, times 0 [ 59.837873][ T4641] CPU: 1 UID: 0 PID: 4641 Comm: syz.2.352 Not tainted syzkaller #0 PREEMPT(voluntary) [ 59.837959][ T4641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 59.838031][ T4641] Call Trace: [ 59.838037][ T4641] [ 59.838044][ T4641] __dump_stack+0x1d/0x30 [ 59.838074][ T4641] dump_stack_lvl+0x95/0xd0 [ 59.838102][ T4641] dump_stack+0x15/0x1b [ 59.838128][ T4641] should_fail_ex+0x265/0x280 [ 59.838151][ T4641] should_failslab+0x8c/0xb0 [ 59.838174][ T4641] kmem_cache_alloc_noprof+0x69/0x4b0 [ 59.838199][ T4641] ? sctp_get_port_local+0x438/0xae0 [ 59.838242][ T4641] sctp_get_port_local+0x438/0xae0 [ 59.838359][ T4641] sctp_do_bind+0x398/0x4b0 [ 59.838401][ T4641] sctp_connect_new_asoc+0x153/0x3a0 [ 59.838524][ T4641] sctp_sendmsg+0xf10/0x18d0 [ 59.838562][ T4641] ? selinux_socket_sendmsg+0xe1/0x1b0 [ 59.838588][ T4641] ? __pfx_sctp_sendmsg+0x10/0x10 [ 59.838641][ T4641] inet_sendmsg+0xc5/0xd0 [ 59.838671][ T4641] __sock_sendmsg+0x102/0x180 [ 59.838693][ T4641] ____sys_sendmsg+0x345/0x4a0 [ 59.838807][ T4641] ___sys_sendmsg+0x17b/0x1d0 [ 59.838908][ T4641] __sys_sendmmsg+0x178/0x300 [ 59.838951][ T4641] __x64_sys_sendmmsg+0x57/0x70 [ 59.838980][ T4641] x64_sys_call+0x1e28/0x3000 [ 59.839029][ T4641] do_syscall_64+0xca/0x2b0 [ 59.839072][ T4641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.839097][ T4641] RIP: 0033:0x7fbc9af0f749 [ 59.839116][ T4641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.839196][ T4641] RSP: 002b:00007fbc9996f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 59.839220][ T4641] RAX: ffffffffffffffda RBX: 00007fbc9b165fa0 RCX: 00007fbc9af0f749 [ 59.839236][ T4641] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000003 [ 59.839252][ T4641] RBP: 00007fbc9996f090 R08: 0000000000000000 R09: 0000000000000000 [ 59.839269][ T4641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.839282][ T4641] R13: 00007fbc9b166038 R14: 00007fbc9b165fa0 R15: 00007ffff7b506c8 [ 59.839300][ T4641] [ 59.844225][ T4637] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 60.045000][ T4643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.353'. [ 60.090039][ T4645] loop0: detected capacity change from 0 to 2048 [ 60.115534][ T3324] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 60.127394][ T4645] Alternate GPT is invalid, using primary GPT. [ 60.133899][ T4645] loop0: p2 p3 p7 [ 60.185299][ T4637] netlink: 'syz.3.351': attribute type 10 has an invalid length. [ 60.198498][ T4637] team0: Port device dummy0 added [ 60.228750][ T4653] loop0: detected capacity change from 0 to 128 [ 60.235839][ T4637] netlink: 'syz.3.351': attribute type 10 has an invalid length. [ 60.250041][ T4637] team0: Port device dummy0 removed [ 60.258393][ T4637] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 60.284737][ T4655] netlink: 14 bytes leftover after parsing attributes in process `syz.4.359'. [ 60.404568][ T4662] loop4: detected capacity change from 0 to 512 [ 60.422539][ T4662] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 60.454170][ T4662] EXT4-fs (loop4): 1 truncate cleaned up [ 60.669975][ T4670] netlink: 20 bytes leftover after parsing attributes in process `syz.3.365'. [ 60.733065][ T4679] loop4: detected capacity change from 0 to 512 [ 60.743934][ T4679] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 60.760222][ T4679] EXT4-fs (loop4): invalid journal inode [ 60.769560][ T4679] EXT4-fs (loop4): can't get journal size [ 60.777202][ T4679] EXT4-fs (loop4): 1 truncate cleaned up [ 60.930556][ T4687] loop3: detected capacity change from 0 to 512 [ 60.977093][ T4687] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.369: corrupted inode contents [ 60.995018][ T4687] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #3: comm syz.3.369: mark_inode_dirty error [ 61.007061][ T4687] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #3: comm syz.3.369: corrupted inode contents [ 61.019327][ T4687] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.369: mark_inode_dirty error [ 61.032444][ T4687] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.369: Failed to acquire dquot type 0 [ 61.044873][ T4687] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.369: corrupted inode contents [ 61.056908][ T4687] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #16: comm syz.3.369: mark_inode_dirty error [ 61.068664][ T4687] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.369: corrupted inode contents [ 61.089842][ T4687] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.369: mark_inode_dirty error [ 61.116939][ T4687] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.369: corrupted inode contents [ 61.153757][ T4687] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 61.168520][ T4687] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.369: corrupted inode contents [ 61.186201][ T4687] EXT4-fs error (device loop3): ext4_truncate:4635: inode #16: comm syz.3.369: mark_inode_dirty error [ 61.211888][ T4687] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 61.224570][ T4698] Invalid logical block size (4608) [ 61.233095][ T4687] EXT4-fs (loop3): 1 truncate cleaned up [ 61.263176][ T4700] loop4: detected capacity change from 0 to 512 [ 61.272392][ T4700] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 61.281443][ T4687] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 61.302791][ T4700] EXT4-fs (loop4): invalid journal inode [ 61.310801][ T4700] EXT4-fs (loop4): can't get journal size [ 61.329355][ T4700] EXT4-fs (loop4): 1 truncate cleaned up [ 61.535368][ T4705] loop0: detected capacity change from 0 to 1024 [ 61.623853][ T4711] netlink: 20 bytes leftover after parsing attributes in process `syz.2.377'. [ 61.835878][ T4383] IPVS: starting estimator thread 0... [ 61.897489][ T4733] netlink: 12 bytes leftover after parsing attributes in process `syz.3.383'. [ 61.906479][ T4733] netlink: 12 bytes leftover after parsing attributes in process `syz.3.383'. [ 61.944537][ T4730] IPVS: using max 2208 ests per chain, 110400 per kthread [ 61.993738][ T4733] loop3: detected capacity change from 0 to 512 [ 62.003430][ T4733] EXT4-fs: Mount option(s) incompatible with ext2 [ 62.210213][ T4744] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 62.241291][ T4744] EXT4-fs (loop2): invalid journal inode [ 62.260688][ T4744] EXT4-fs (loop2): can't get journal size [ 62.274779][ T4744] EXT4-fs (loop2): 1 truncate cleaned up [ 62.458035][ T4725] lo speed is unknown, defaulting to 1000 [ 62.464336][ T4725] lo speed is unknown, defaulting to 1000 [ 62.842780][ T29] kauditd_printk_skb: 240 callbacks suppressed [ 62.842874][ T29] audit: type=1400 audit(1768394840.653:3243): avc: denied { execute } for pid=4774 comm="syz.0.399" dev="tmpfs" ino=63 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 62.844992][ T4775] process 'syz.0.399' launched '/dev/fd/11' with NULL argv: empty string added [ 62.879885][ T29] audit: type=1400 audit(1768394840.693:3244): avc: denied { execute_no_trans } for pid=4774 comm="syz.0.399" path=2F6D656D66643A5B0BDB58AE5B1A02FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=63 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 63.080115][ T29] audit: type=1326 audit(1768394840.893:3245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.103972][ T4775] atomic_op ffff88811bb40928 conn xmit_atomic 0000000000000000 [ 63.113157][ T29] audit: type=1326 audit(1768394840.893:3246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.136836][ T29] audit: type=1326 audit(1768394840.893:3247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.160334][ T29] audit: type=1326 audit(1768394840.893:3248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.184374][ T29] audit: type=1326 audit(1768394840.893:3249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.208317][ T29] audit: type=1326 audit(1768394840.893:3250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.231674][ T29] audit: type=1326 audit(1768394840.893:3251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.255032][ T29] audit: type=1326 audit(1768394840.893:3252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz.2.403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbc9af0f749 code=0x7ffc0000 [ 63.558238][ T4830] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #3: comm syz.0.414: corrupted inode contents [ 63.570449][ T4830] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #3: comm syz.0.414: mark_inode_dirty error [ 63.582382][ T4830] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #3: comm syz.0.414: corrupted inode contents [ 63.595021][ T4830] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.414: mark_inode_dirty error [ 63.607125][ T4830] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.414: Failed to acquire dquot type 0 [ 63.619144][ T4830] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.414: corrupted inode contents [ 63.669093][ T4830] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #16: comm syz.0.414: mark_inode_dirty error [ 63.684293][ T3645] Bluetooth: hci0: sending frame failed (-49) [ 63.690465][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 63.690551][ T4830] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.414: corrupted inode contents [ 63.709507][ T4830] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.414: mark_inode_dirty error [ 63.733080][ T4830] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.414: corrupted inode contents [ 63.746218][ T4830] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem [ 63.755023][ T4830] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #16: comm syz.0.414: corrupted inode contents [ 63.767103][ T4830] EXT4-fs error (device loop0): ext4_truncate:4635: inode #16: comm syz.0.414: mark_inode_dirty error [ 63.790478][ T4830] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem [ 63.801870][ T4830] EXT4-fs (loop0): 1 truncate cleaned up [ 63.808459][ T4830] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.998614][ T4866] EXT4-fs error (device loop3): ext4_iget_extra_inode:5073: inode #12: comm syz.3.428: corrupted in-inode xattr: e_value size too large [ 64.427176][ T4901] set_capacity_and_notify: 7 callbacks suppressed [ 64.427190][ T4901] loop2: detected capacity change from 0 to 512 [ 64.447012][ T4901] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 64.479993][ T4901] EXT4-fs (loop2): invalid journal inode [ 64.491077][ T4901] EXT4-fs (loop2): can't get journal size [ 64.518763][ T4901] EXT4-fs (loop2): 1 truncate cleaned up [ 64.541413][ T4910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.444'. [ 64.591532][ T4910] loop1: detected capacity change from 0 to 512 [ 64.606689][ T4910] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 64.795030][ T4933] netlink: 1072 bytes leftover after parsing attributes in process `syz.1.453'. [ 64.979837][ T4950] loop3: detected capacity change from 0 to 128 [ 64.992101][ T4952] netlink: 12 bytes leftover after parsing attributes in process `syz.0.460'. [ 65.096864][ T4319] Bluetooth: hci0: Frame reassembly failed (-84) [ 65.153319][ T4978] netlink: 14 bytes leftover after parsing attributes in process `syz.3.470'. [ 65.163891][ T4978] hsr_slave_0: left promiscuous mode [ 65.169746][ T4978] hsr_slave_1: left promiscuous mode [ 65.188704][ T4974] ip6t_rpfilter: unknown options [ 65.336257][ T4996] loop3: detected capacity change from 0 to 1024 [ 65.392084][ T4999] netlink: 12 bytes leftover after parsing attributes in process `syz.4.473'. [ 65.461468][ T5004] loop4: detected capacity change from 0 to 512 [ 65.468588][ T5004] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 65.477521][ T5004] EXT4-fs (loop4): invalid journal inode [ 65.483169][ T5004] EXT4-fs (loop4): can't get journal size [ 65.489637][ T5004] EXT4-fs (loop4): 1 truncate cleaned up [ 65.567144][ T5009] loop1: detected capacity change from 0 to 128 [ 65.601910][ T5004] ================================================================== [ 65.610047][ T5004] BUG: KCSAN: data-race in __wb_update_bandwidth / percpu_counter_add_batch [ 65.618752][ T5004] [ 65.621099][ T5004] read-write to 0xffff88810198b948 of 8 bytes by interrupt on cpu 1: [ 65.629192][ T5004] percpu_counter_add_batch+0x110/0x130 [ 65.634857][ T5004] __wb_writeout_add+0x42/0x1b0 [ 65.639733][ T5004] __folio_end_writeback+0x14b/0x360 [ 65.645052][ T5004] folio_end_writeback_no_dropbehind+0x6d/0x1b0 [ 65.651320][ T5004] folio_end_writeback+0x1c/0x70 [ 65.656384][ T5004] ext4_finish_bio+0x459/0x8c0 [ 65.661183][ T5004] ext4_end_bio+0x27b/0x380 [ 65.665722][ T5004] bio_endio+0x37e/0x420 [ 65.669995][ T5004] blk_update_request+0x336/0x730 [ 65.675046][ T5004] blk_mq_end_request+0x26/0x50 [ 65.680271][ T5004] lo_complete_rq+0x98/0x140 [ 65.684881][ T5004] blk_done_softirq+0x77/0xb0 [ 65.689838][ T5004] handle_softirqs+0xba/0x290 [ 65.694596][ T5004] run_ksoftirqd+0x1c/0x30 [ 65.699041][ T5004] smpboot_thread_fn+0x32b/0x530 [ 65.704017][ T5004] kthread+0x489/0x510 [ 65.708123][ T5004] ret_from_fork+0x149/0x290 [ 65.712747][ T5004] ret_from_fork_asm+0x1a/0x30 [ 65.717547][ T5004] [ 65.719897][ T5004] read to 0xffff88810198b948 of 8 bytes by task 5004 on cpu 0: [ 65.727578][ T5004] __wb_update_bandwidth+0x98/0x5d0 [ 65.732819][ T5004] do_writepages+0x2dd/0x310 [ 65.737441][ T5004] file_write_and_wait_range+0x156/0x2c0 [ 65.743100][ T5004] generic_buffers_fsync_noflush+0x45/0x130 [ 65.749015][ T5004] ext4_sync_file+0x1ab/0x690 [ 65.753758][ T5004] vfs_fsync_range+0x10d/0x130 [ 65.758560][ T5004] ext4_buffered_write_iter+0x34f/0x3c0 [ 65.764151][ T5004] ext4_file_write_iter+0x387/0xf60 [ 65.769466][ T5004] vfs_write+0x52a/0x960 [ 65.773817][ T5004] ksys_write+0xda/0x1a0 [ 65.778080][ T5004] __x64_sys_write+0x40/0x50 [ 65.782701][ T5004] x64_sys_call+0x2847/0x3000 [ 65.787415][ T5004] do_syscall_64+0xca/0x2b0 [ 65.791959][ T5004] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.797881][ T5004] [ 65.800229][ T5004] value changed: 0x0000000000000150 -> 0x0000000000000160 [ 65.807362][ T5004] [ 65.809705][ T5004] Reported by Kernel Concurrency Sanitizer on: [ 65.815898][ T5004] CPU: 0 UID: 0 PID: 5004 Comm: syz.4.476 Not tainted syzkaller #0 PREEMPT(voluntary) [ 65.825549][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 65.835637][ T5004] ================================================================== [ 67.174467][ T3645] Bluetooth: hci0: command 0x1003 tx timeout [ 67.174468][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110