last executing test programs: 512.818324ms ago: executing program 3 (id=4): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@cgroup=r1, 0x6, 0x0, 0x50d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, r2, 0x15, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x30) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x15, 0x0, @void}, 0x10) getsockopt$inet_opts(r3, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000000)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f0000000280), 0x1, 0x51f, &(0x7f0000000580)="$eJzs3c9vI1cdAPDvOHHi/OgmLT0AgnZpCwtarZN426jqAcoRoUqIHkHahsQbRbHjKHZKE/awPXNFohIneuQP4NwTB25cENy4LAckfkSgDRIHoxlPst6svTGbTRziz0cazXvzZv19L868t/NizwtgZF2PiPsRMRERH0TEXH48ybd4t7Ol5z08uLd6eHBvNYl2+/2/J1l5eiy6/k1qJn/NUkR8/9OIHyVPxm3u7W+u1GrVnTy/0KpvLzT39m9t1FfWq+vVrUpleWl58e3bb1WeW1tfrU/kqS8/+N39b/wkrdZsfqS7Hf+zpNPePkURUTyOkxqPiO8+c7DLZSxvz8SwK8IzKUTESxHxWnb9z8VY9m4CAFdZuz0X7bnuPABw1RWyObCkUM7nAmajUCiXO3N4L8d0odZotm7ebexurXXmyuajWLi7Uasu5nOF81FM0vxSln6Ur5zI346IFyPiZ5NTWb682qitDfM/PgAwwmZOjP//muyM/wDAFVcadgUAgAvXZ/zv95lWAOAKcP8PAKPH+A8Ao6eUPcNhatjVAAAukPt/ABg9xn8AGCnfe++9dGsf5s+/Xvtwb3ez8eGttWpzs1zfXS2vNna2y+uNxnr2zJ76aa9XazS2l96M3Y/mv7ndbC009/bv1Bu7W6072XO971SL2Vm+WQAAw/Tiq5/9MUlH5Hemsi261nIoDrVmwHkrDLsCwNCM9UkDV5/VvmB0neEe3/QAXBE9luh9TCl6fEGo3W63z69KwDm78QXz/zCquub/fQoYRow5fxhd5v9hdLXbyaBr/segJwIAl5s5fqDP3/9fyve/yv848MO1k2d8cp61AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvtaP3fcr4W+GwUCuVyxAsRMR/F5O5GrboYEdci4g+Txck0vzTkOgMAZ1X4S5Kv/3Vj7o3Zx4pemTlOTkTEj3/x/s8/Wmm1dn4fMZH8Y/LoeOuT/Hjl4msPAJzuaJzO9l038g8P7q0ebRdZn79+OyJKnfiHBxNxeBx/PMazfSmKETH9zyTPdyRdcxdncf/jiPh8r/YnMZvNgXRWPj0ZP439woXGLzwWv5CVdfbpz+Jzz6EuMGo+S/ufd3tdf4W4nu17X/+lrIc6u7z/S19q9TDrAx/FP+r/xvr0f9cHjfHmb77TSU09WfZxxBfHI45iH3b1P0fxkz7x3xgw/p++9Mpr/crav4y4Eb3jd8daaNW3F5p7+7c26ivr1fXqVqWyvLS8+PbttyoL2Rz1Qv/R4G/v3LzWryxt/3Sf+KVT2v/VAdv/6X8++MFXnhL/66/3il+Il58SPx0TvzZg/JXpX5f6laXx1/q0/7T3/+aA8R/8ef+JZcMBgOFp7u1vrtRq1Z2nJa4dRpx2zv9lIgY7+bf5D+tS1HmkE+m7cAmq0TPxra4jM3GOsSb6XIw/fb3zazoZ0f2L3W4/U6x+PcbzmHUDLoPjiz4i/j3sygAAAAAAAAAAAAAAAD1dxLejht1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArq7/BgAA//8BoMnq") madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) socket$nl_route(0x10, 0x3, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef0f38f605c9000000ec66b88e008ec02d1aa80000460f1c460041ae", 0x4b}], 0x1, 0x74, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) ioctl$KVM_RUN(r7, 0xae80, 0x0) write(r4, &(0x7f00000190c0)="fa", 0x1) 447.902596ms ago: executing program 1 (id=2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000540)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0xfffe, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x3, 0x6b}, @timestamp={0x44, 0xc, 0x5, 0x3, 0x0, [0xd, 0x0]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000280)={[0x1ffc9380, 0x1000000000, 0x8, 0x41, 0x2000000, 0x2000000, 0x2004cb, 0xffffffffeffffffd, 0xa1d, 0x2, 0x4, 0x0, 0x3, 0x2, 0x2, 0xfffffffffffffffd], 0xffe9c000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000400)=@arm64={0x3e, 0x6, 0x5, '\x00', 0xe15}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = syz_io_uring_setup(0xec4, &(0x7f00000003c0)={0x0, 0xfffffffc, 0x2, 0x3, 0x34b}, &(0x7f0000000500), &(0x7f0000000600), &(0x7f0000000000)) rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8) r4 = gettid() tkill(r4, 0x1b) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) io_uring_enter(r3, 0xe7f, 0xe876, 0x3, &(0x7f0000000040)={[0xfffffffffffffffc]}, 0x8) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000440)={{0x0, 0x8080000, 0x6, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0xb000, 0xc, 0x0, 0xfc, 0x1, 0x0, 0x0, 0x3, 0x7}, {0x200000, 0x5000, 0x1f, 0x0, 0x7, 0x4, 0xa2, 0xfd, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0xe, 0x0, 0x0, 0xfe, 0x1, 0x0, 0xf4, 0xfc, 0x9, 0x10}, {0xeeee8000, 0x8000000, 0x4, 0x1, 0x4, 0x8, 0x1, 0x3, 0xfc, 0x3c}, {0x0, 0x0, 0xf, 0xfd, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x30000, 0xa, 0xfe, 0x0, 0x0, 0x17}, {0x3000, 0x3000, 0x19, 0x0, 0x0, 0x1, 0x0, 0xca, 0x4, 0x0, 0x0, 0x3}, {0x80a0000}, {0xdddd1000}, 0xddf8fffb, 0x0, 0x7000, 0x50, 0x0, 0xf801, 0x3000, [0x80000000, 0x0, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 360.248999ms ago: executing program 0 (id=1): socket$inet6(0xa, 0x3, 0x38) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000002700)=""/79, 0x0, 0x60000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/198, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000180), 0x2, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe") pwrite64(0xffffffffffffffff, &(0x7f0000000140)='2', 0x1, 0x2cf2) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000340)={0x2, 0x1, 0x0, 0x0, 0x0, 0xeeef0000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, 0x0) 222.406773ms ago: executing program 1 (id=6): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@cgroup=r1, 0x6, 0x0, 0x50d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, r2, 0x15, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x30) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x15, 0x0, @void}, 0x10) getsockopt$inet_opts(r3, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000000)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f0000000280), 0x1, 0x51f, &(0x7f0000000580)="$eJzs3c9vI1cdAPDvOHHi/OgmLT0AgnZpCwtarZN426jqAcoRoUqIHkHahsQbRbHjKHZKE/awPXNFohIneuQP4NwTB25cENy4LAckfkSgDRIHoxlPst6svTGbTRziz0cazXvzZv19L868t/NizwtgZF2PiPsRMRERH0TEXH48ybd4t7Ol5z08uLd6eHBvNYl2+/2/J1l5eiy6/k1qJn/NUkR8/9OIHyVPxm3u7W+u1GrVnTy/0KpvLzT39m9t1FfWq+vVrUpleWl58e3bb1WeW1tfrU/kqS8/+N39b/wkrdZsfqS7Hf+zpNPePkURUTyOkxqPiO8+c7DLZSxvz8SwK8IzKUTESxHxWnb9z8VY9m4CAFdZuz0X7bnuPABw1RWyObCkUM7nAmajUCiXO3N4L8d0odZotm7ebexurXXmyuajWLi7Uasu5nOF81FM0vxSln6Ur5zI346IFyPiZ5NTWb682qitDfM/PgAwwmZOjP//muyM/wDAFVcadgUAgAvXZ/zv95lWAOAKcP8PAKPH+A8Ao6eUPcNhatjVAAAukPt/ABg9xn8AGCnfe++9dGsf5s+/Xvtwb3ez8eGttWpzs1zfXS2vNna2y+uNxnr2zJ76aa9XazS2l96M3Y/mv7ndbC009/bv1Bu7W6072XO971SL2Vm+WQAAw/Tiq5/9MUlH5Hemsi261nIoDrVmwHkrDLsCwNCM9UkDV5/VvmB0neEe3/QAXBE9luh9TCl6fEGo3W63z69KwDm78QXz/zCquub/fQoYRow5fxhd5v9hdLXbyaBr/segJwIAl5s5fqDP3/9fyve/yv848MO1k2d8cp61AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvtaP3fcr4W+GwUCuVyxAsRMR/F5O5GrboYEdci4g+Txck0vzTkOgMAZ1X4S5Kv/3Vj7o3Zx4pemTlOTkTEj3/x/s8/Wmm1dn4fMZH8Y/LoeOuT/Hjl4msPAJzuaJzO9l038g8P7q0ebRdZn79+OyJKnfiHBxNxeBx/PMazfSmKETH9zyTPdyRdcxdncf/jiPh8r/YnMZvNgXRWPj0ZP439woXGLzwWv5CVdfbpz+Jzz6EuMGo+S/ufd3tdf4W4nu17X/+lrIc6u7z/S19q9TDrAx/FP+r/xvr0f9cHjfHmb77TSU09WfZxxBfHI45iH3b1P0fxkz7x3xgw/p++9Mpr/crav4y4Eb3jd8daaNW3F5p7+7c26ivr1fXqVqWyvLS8+PbttyoL2Rz1Qv/R4G/v3LzWryxt/3Sf+KVT2v/VAdv/6X8++MFXnhL/66/3il+Il58SPx0TvzZg/JXpX5f6laXx1/q0/7T3/+aA8R/8ef+JZcMBgOFp7u1vrtRq1Z2nJa4dRpx2zv9lIgY7+bf5D+tS1HmkE+m7cAmq0TPxra4jM3GOsSb6XIw/fb3zazoZ0f2L3W4/U6x+PcbzmHUDLoPjiz4i/j3sygAAAAAAAAAAAAAAAD1dxLejht1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArq7/BgAA//8BoMnq") madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) socket$nl_route(0x10, 0x3, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef0f38f605c9000000ec66b88e008ec02d1aa80000460f1c460041ae", 0x4b}], 0x1, 0x74, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) ioctl$KVM_RUN(r7, 0xae80, 0x0) write(r4, &(0x7f00000190c0)="fa", 0x1) syz_open_procfs(0x0, &(0x7f0000019080)='net/ip_tables_names\x00') 0s ago: executing program 0 (id=7): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@cgroup=r1, 0x6, 0x0, 0x50d6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, r2, 0x15, 0x0, @val=@kprobe_multi=@syms={0x0, 0x0, 0x0}}, 0x30) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x15, 0x0, @void}, 0x10) getsockopt$inet_opts(r3, 0x0, 0x9, 0xffffffffffffffff, &(0x7f0000000000)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x8800, &(0x7f0000000280), 0x1, 0x51f, &(0x7f0000000580)="$eJzs3c9vI1cdAPDvOHHi/OgmLT0AgnZpCwtarZN426jqAcoRoUqIHkHahsQbRbHjKHZKE/awPXNFohIneuQP4NwTB25cENy4LAckfkSgDRIHoxlPst6svTGbTRziz0cazXvzZv19L868t/NizwtgZF2PiPsRMRERH0TEXH48ybd4t7Ol5z08uLd6eHBvNYl2+/2/J1l5eiy6/k1qJn/NUkR8/9OIHyVPxm3u7W+u1GrVnTy/0KpvLzT39m9t1FfWq+vVrUpleWl58e3bb1WeW1tfrU/kqS8/+N39b/wkrdZsfqS7Hf+zpNPePkURUTyOkxqPiO8+c7DLZSxvz8SwK8IzKUTESxHxWnb9z8VY9m4CAFdZuz0X7bnuPABw1RWyObCkUM7nAmajUCiXO3N4L8d0odZotm7ebexurXXmyuajWLi7Uasu5nOF81FM0vxSln6Ur5zI346IFyPiZ5NTWb682qitDfM/PgAwwmZOjP//muyM/wDAFVcadgUAgAvXZ/zv95lWAOAKcP8PAKPH+A8Ao6eUPcNhatjVAAAukPt/ABg9xn8AGCnfe++9dGsf5s+/Xvtwb3ez8eGttWpzs1zfXS2vNna2y+uNxnr2zJ76aa9XazS2l96M3Y/mv7ndbC009/bv1Bu7W6072XO971SL2Vm+WQAAw/Tiq5/9MUlH5Hemsi261nIoDrVmwHkrDLsCwNCM9UkDV5/VvmB0neEe3/QAXBE9luh9TCl6fEGo3W63z69KwDm78QXz/zCquub/fQoYRow5fxhd5v9hdLXbyaBr/segJwIAl5s5fqDP3/9fyve/yv848MO1k2d8cp61AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMvtaP3fcr4W+GwUCuVyxAsRMR/F5O5GrboYEdci4g+Txck0vzTkOgMAZ1X4S5Kv/3Vj7o3Zx4pemTlOTkTEj3/x/s8/Wmm1dn4fMZH8Y/LoeOuT/Hjl4msPAJzuaJzO9l038g8P7q0ebRdZn79+OyJKnfiHBxNxeBx/PMazfSmKETH9zyTPdyRdcxdncf/jiPh8r/YnMZvNgXRWPj0ZP439woXGLzwWv5CVdfbpz+Jzz6EuMGo+S/ufd3tdf4W4nu17X/+lrIc6u7z/S19q9TDrAx/FP+r/xvr0f9cHjfHmb77TSU09WfZxxBfHI45iH3b1P0fxkz7x3xgw/p++9Mpr/crav4y4Eb3jd8daaNW3F5p7+7c26ivr1fXqVqWyvLS8+PbttyoL2Rz1Qv/R4G/v3LzWryxt/3Sf+KVT2v/VAdv/6X8++MFXnhL/66/3il+Il58SPx0TvzZg/JXpX5f6laXx1/q0/7T3/+aA8R/8ef+JZcMBgOFp7u1vrtRq1Z2nJa4dRpx2zv9lIgY7+bf5D+tS1HmkE+m7cAmq0TPxra4jM3GOsSb6XIw/fb3zazoZ0f2L3W4/U6x+PcbzmHUDLoPjiz4i/j3sygAAAAAAAAAAAAAAAD1dxLejht1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArq7/BgAA//8BoMnq") madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) socket$nl_route(0x10, 0x3, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef0f38f605c9000000ec66b88e008ec02d1aa80000460f1c460041ae", 0x4b}], 0x1, 0x74, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x20) ioctl$KVM_RUN(r4, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 14.404929][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 14.404942][ T28] audit: type=1400 audit(1781247239.541:59): avc: denied { transition } for pid=225 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.408958][ T28] audit: type=1400 audit(1781247239.541:60): avc: denied { noatsecure } for pid=225 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.411872][ T28] audit: type=1400 audit(1781247239.541:61): avc: denied { write } for pid=225 comm="sh" path="pipe:[14801]" dev="pipefs" ino=14801 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 14.415009][ T28] audit: type=1400 audit(1781247239.541:62): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.417768][ T28] audit: type=1400 audit(1781247239.541:63): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.113' (ED25519) to the list of known hosts. [ 21.301881][ T28] audit: type=1400 audit(1781247246.441:64): avc: denied { mounton } for pid=279 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.302985][ T279] cgroup: Unknown subsys name 'net' [ 21.324552][ T28] audit: type=1400 audit(1781247246.441:65): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.351803][ T28] audit: type=1400 audit(1781247246.461:66): avc: denied { unmount } for pid=279 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.351949][ T279] cgroup: Unknown subsys name 'devices' [ 21.492765][ T279] cgroup: Unknown subsys name 'hugetlb' [ 21.498369][ T279] cgroup: Unknown subsys name 'rlimit' [ 21.601383][ T28] audit: type=1400 audit(1781247246.741:67): avc: denied { setattr } for pid=279 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 21.624614][ T28] audit: type=1400 audit(1781247246.741:68): avc: denied { mounton } for pid=279 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 21.633229][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 21.649394][ T28] audit: type=1400 audit(1781247246.741:69): avc: denied { mount } for pid=279 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 21.680997][ T28] audit: type=1400 audit(1781247246.791:70): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.706413][ T28] audit: type=1400 audit(1781247246.791:71): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.735120][ T28] audit: type=1400 audit(1781247246.871:72): avc: denied { read } for pid=279 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.760732][ T28] audit: type=1400 audit(1781247246.871:73): avc: denied { open } for pid=279 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 21.760984][ T279] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 22.917331][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.924407][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.931835][ T288] device bridge_slave_0 entered promiscuous mode [ 22.939723][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.946816][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 22.954385][ T288] device bridge_slave_1 entered promiscuous mode [ 22.971464][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.978520][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 22.985999][ T287] device bridge_slave_0 entered promiscuous mode [ 22.995974][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.003056][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.010470][ T287] device bridge_slave_1 entered promiscuous mode [ 23.044089][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.051170][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.058456][ T290] device bridge_slave_0 entered promiscuous mode [ 23.067137][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.074308][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.081706][ T290] device bridge_slave_1 entered promiscuous mode [ 23.177051][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.184215][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.191600][ T289] device bridge_slave_0 entered promiscuous mode [ 23.198246][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.205361][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.212679][ T291] device bridge_slave_0 entered promiscuous mode [ 23.223211][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.230247][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.237698][ T291] device bridge_slave_1 entered promiscuous mode [ 23.244341][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.251464][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.258735][ T289] device bridge_slave_1 entered promiscuous mode [ 23.358519][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.365847][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.373131][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.380141][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.391986][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.399033][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.406388][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.413410][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.461617][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.468666][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.475955][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.482995][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.493104][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.500138][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.507406][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.514430][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.558616][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.565958][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.573324][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.580499][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.588053][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.595218][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.602609][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.610134][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.617992][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.625400][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.645888][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.653465][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.661727][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.668739][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.676274][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.684565][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.691593][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.699099][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.706730][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.714243][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.735616][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.743779][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.750812][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.758123][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.766570][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.773644][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.781109][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.789195][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.796219][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.804602][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.813857][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.822158][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.829181][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.861098][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.869320][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.878521][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.886570][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.895218][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.902261][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.909744][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.917761][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.925750][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.937517][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.945114][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.954865][ T288] device veth0_vlan entered promiscuous mode [ 23.967993][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 23.975994][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.984505][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 23.992856][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.002048][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.009505][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.017723][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.025722][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.037723][ T288] device veth1_macvtap entered promiscuous mode [ 24.047103][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.054563][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.062131][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.070401][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.078800][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.085876][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.093369][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 24.101668][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.109749][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.116808][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.124269][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.132641][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.140701][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.148539][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 24.157014][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.165420][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.172508][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.179933][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.191427][ T287] device veth0_vlan entered promiscuous mode [ 24.201150][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.209432][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.224259][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.232972][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.241563][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.249533][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.257730][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.265932][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.282312][ T289] device veth0_vlan entered promiscuous mode [ 24.292662][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.301347][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.309722][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.317895][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.326140][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 24.334319][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.342406][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 24.350375][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.358752][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.366304][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.374314][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.382541][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.396526][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.405036][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.416004][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.424247][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.433816][ T287] device veth1_macvtap entered promiscuous mode [ 24.449713][ T288] request_module fs-gadgetfs succeeded, but still no fs? [ 24.454839][ T290] device veth0_vlan entered promiscuous mode [ 24.464298][ T289] device veth1_macvtap entered promiscuous mode [ 24.471557][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.479237][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.487095][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.495467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.503799][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.512099][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.520313][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.528394][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.536563][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.544153][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.566420][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 24.576431][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.585219][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.593726][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.602781][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.611401][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.638410][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 24.647787][ T315] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.652755][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.673572][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.681773][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.689923][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.697627][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.706666][ T291] device veth0_vlan entered promiscuous mode [ 24.718555][ T313] loop3: detected capacity change from 0 to 512 [ 24.731642][ T290] device veth1_macvtap entered promiscuous mode [ 24.747016][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.761464][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 24.769600][ T313] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 24.785093][ T320] loop0: detected capacity change from 0 to 2048 [ 24.794613][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 24.798588][ T313] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 24.815768][ T291] device veth1_macvtap entered promiscuous mode [ 24.828560][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 24.871189][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.890716][ T327] loop1: detected capacity change from 0 to 512 [ 24.891718][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 24.918875][ T320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 24.920028][ T327] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 24.928078][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.944562][ T327] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 24.990442][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.013626][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.047367][ T322] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 25.074497][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.082960][ T8] ------------[ cut here ]------------ [ 25.088431][ T8] kernel BUG at fs/ext4/inode.c:2763! [ 25.100467][ T326] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.112514][ T8] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.118636][ T8] CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted syzkaller #0 [ 25.125931][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 25.135988][ T8] Workqueue: writeback wb_workfn (flush-7:0) [ 25.141991][ T8] RIP: 0010:ext4_writepages+0x30c2/0x30e0 [ 25.147701][ T8] Code: 89 84 ff 84 db 75 31 e8 3c 86 84 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 7c 24 10 4c 8b 6c 24 40 e9 08 d3 ff ff e8 1e 86 84 ff <0f> 0b e8 17 86 84 ff e8 7e 85 13 ff eb 93 e8 0b 86 84 ff e8 72 85 [ 25.167290][ T8] RSP: 0018:ffffc90000087100 EFLAGS: 00010293 [ 25.173338][ T8] RAX: ffffffff81ecf762 RBX: 0000008410000000 RCX: ffff88810029e540 [ 25.181292][ T8] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 25.189245][ T8] RBP: ffffc90000087470 R08: ffff88810c473987 R09: 1ffff1102188e730 [ 25.197201][ T8] R10: dffffc0000000000 R11: ffffed102188e731 R12: dffffc0000000000 [ 25.205155][ T8] R13: ffff8881136ba000 R14: 0000008000000000 R15: 1ffff92000010e4c [ 25.213107][ T8] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.222021][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.228584][ T8] CR2: 0000000000200000 CR3: 00000001218cc000 CR4: 00000000003526a0 [ 25.236545][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.244509][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.252470][ T8] Call Trace: [ 25.255733][ T8] [ 25.258646][ T8] ? __dev_queue_xmit+0x10ea/0x3470 [ 25.263839][ T8] ? __dev_queue_xmit+0x258/0x3470 [ 25.268929][ T8] ? __cfi_ext4_writepages+0x10/0x10 [ 25.274198][ T8] ? __cfi___dev_queue_xmit+0x10/0x10 [ 25.279550][ T8] ? ___neigh_create+0xbab/0x1e20 [ 25.284555][ T8] ? __neigh_create+0x31/0x40 [ 25.289216][ T8] ? ip6_finish_output2+0xa56/0x18a0 [ 25.294491][ T8] ? __kasan_check_write+0x14/0x20 [ 25.299584][ T8] ? _raw_write_lock_bh+0x94/0xf0 [ 25.304592][ T8] ? __cfi__raw_write_lock_bh+0x10/0x10 [ 25.310123][ T8] ? __kasan_check_write+0x14/0x20 [ 25.315215][ T8] ? __cfi_ext4_writepages+0x10/0x10 [ 25.320491][ T8] do_writepages+0x3a4/0x5f0 [ 25.325073][ T8] ? __cfi_do_writepages+0x10/0x10 [ 25.330169][ T8] ? __kasan_check_write+0x14/0x20 [ 25.335258][ T8] ? _raw_spin_lock+0x94/0xf0 [ 25.339918][ T8] __writeback_single_inode+0xc6/0xad0 [ 25.345360][ T8] ? inode_io_list_move_locked+0x366/0x3d0 [ 25.351149][ T8] writeback_sb_inodes+0xa10/0x15d0 [ 25.356336][ T8] ? queue_io+0x4c0/0x4c0 [ 25.360650][ T8] ? __kasan_check_read+0x11/0x20 [ 25.365654][ T8] ? queue_io+0x382/0x4c0 [ 25.369969][ T8] wb_writeback+0x40b/0x9d0 [ 25.374458][ T8] ? inode_cgwb_move_to_attached+0x3e0/0x3e0 [ 25.380422][ T8] ? set_worker_desc+0x1ba/0x1f0 [ 25.385343][ T8] ? __kasan_check_write+0x14/0x20 [ 25.390436][ T8] ? kvm_sched_clock_read+0x18/0x40 [ 25.395626][ T8] ? sched_clock+0x9/0x10 [ 25.399941][ T8] ? sched_clock_cpu+0x6e/0x260 [ 25.404776][ T8] wb_workfn+0x378/0xeb0 [ 25.409006][ T8] ? __cfi_wb_workfn+0x10/0x10 [ 25.413749][ T8] ? kthread_data+0x50/0xc0 [ 25.418237][ T8] ? _raw_spin_unlock+0x4c/0x70 [ 25.423159][ T8] ? finish_task_switch+0x16b/0x7b0 [ 25.428341][ T8] ? __switch_to_asm+0x3a/0x60 [ 25.433090][ T8] ? __schedule+0xbae/0x1500 [ 25.437670][ T8] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 25.443197][ T8] process_one_work+0x71f/0xc40 [ 25.448038][ T8] worker_thread+0xa29/0x11e0 [ 25.452706][ T8] kthread+0x281/0x320 [ 25.456757][ T8] ? __cfi_worker_thread+0x10/0x10 [ 25.461849][ T8] ? __cfi_kthread+0x10/0x10 [ 25.466420][ T8] ret_from_fork+0x1f/0x30 [ 25.470822][ T8] [ 25.473821][ T8] Modules linked in: [ 25.532578][ T8] ---[ end trace 0000000000000000 ]--- [ 25.538395][ T8] RIP: 0010:ext4_writepages+0x30c2/0x30e0 [ 25.544548][ T8] Code: 89 84 ff 84 db 75 31 e8 3c 86 84 ff 49 bc 00 00 00 00 00 fc ff df 4c 8b 7c 24 10 4c 8b 6c 24 40 e9 08 d3 ff ff e8 1e 86 84 ff <0f> 0b e8 17 86 84 ff e8 7e 85 13 ff eb 93 e8 0b 86 84 ff e8 72 85 [ 25.564360][ T8] RSP: 0018:ffffc90000087100 EFLAGS: 00010293 [ 25.570453][ T8] RAX: ffffffff81ecf762 RBX: 0000008410000000 RCX: ffff88810029e540 [ 25.579320][ T8] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 25.587738][ T8] RBP: ffffc90000087470 R08: ffff88810c473987 R09: 1ffff1102188e730 [ 25.596140][ T8] R10: dffffc0000000000 R11: ffffed102188e731 R12: dffffc0000000000 [ 25.604910][ T8] R13: ffff8881136ba000 R14: 0000008000000000 R15: 1ffff92000010e4c [ 25.604988][ T327] syz.1.6 (327) used greatest stack depth: 21952 bytes left [ 25.620591][ T8] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 25.629664][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.630315][ T287] EXT4-fs (loop1): unmounting filesystem. [ 25.636529][ T8] CR2: 0000001b2ef06ff8 CR3: 000000010fd88000 CR4: 00000000003526a0 [ 25.650063][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.660898][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.669986][ T8] Kernel panic - not syncing: Fatal exception [ 25.676358][ T8] Kernel Offset: disabled [ 25.680671][ T8] Rebooting in 86400 seconds..