last executing test programs: 1m36.99291511s ago: executing program 0 (id=836): unshare(0x22020600) r0 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x83) r2 = openat(r1, &(0x7f0000000040)='.\x00', 0x0, 0xa2) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r2}, 0x8) 1m36.964188401s ago: executing program 0 (id=837): rt_sigprocmask(0x2, &(0x7f0000000080)={[0xffffffffffffffff]}, 0x0, 0x8) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x3d, &(0x7f00000003c0)={0x32, 0x800, 0x8}) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0xfffffffffffffff7]}, 0x8, 0x0) read$watch_queue(r2, &(0x7f00000005c0)=""/180, 0xb4) 1m36.899017283s ago: executing program 0 (id=839): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x2}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}, 0x2, 0x1}}, 0x2e) getsockopt(r2, 0x111, 0x1, 0x0, &(0x7f0000000080)) 1m36.826170396s ago: executing program 0 (id=841): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000004c0)='./file0/../file0\x00', 0x0, 0x80000, 0x0) mount$bind(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x40000, 0x0) 1m36.807967447s ago: executing program 0 (id=844): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf40b9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x7, 0x100}, 0x204, 0x0, 0x43a1bd78, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x24000000000, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) socket$inet6_mptcp(0xa, 0x1, 0x106) setfsuid(0xee00) 1m36.612473124s ago: executing program 0 (id=849): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0e00000004000000040000000a"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000860000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb7030000e8ff0000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1m36.576397384s ago: executing program 32 (id=849): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0e00000004000000040000000a"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000860000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb7030000e8ff0000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 38.389879526s ago: executing program 2 (id=2240): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x48, 0x10, 0x439, 0x70bd2d, 0xffffffea, {0x0, 0x0, 0xe403, r2, 0x40083}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_RELAY_PREFIX={0x8}, @IFLA_IPTUN_6RD_PREFIXLEN={0x6, 0xd, 0x7ff}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008004}, 0x4040) 38.26090416s ago: executing program 2 (id=2245): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @loopback}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4620, @empty}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000b80)=@raw={'raw\x00', 0x4001, 0x3, 0x1f8, 0x0, 0x700001b, 0x148, 0x250, 0x148, 0x308, 0x206, 0x240, 0x308, 0x240, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @rand_addr=0x64010101, 0xffffffff, 0x0, 'ip6gretap0\x00', 'bond_slave_0\x00', {0xff}, {0xff}, 0xff, 0x1, 0x11}, 0x1ea, 0x70, 0xd0, 0x0, {0x390, 0x8f00}}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 0x7, 0x0, [0x2d, 0x12, 0x2e, 0x40, 0xd, 0x3a, 0x23, 0x2b, 0x30, 0x1c, 0x4037, 0x15, 0x31, 0x4, 0x31, 0x1d], 0x1, 0x8, 0x7}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @remote, 0xff000000, 0x0, 'ip6gre0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x29, 0x0, 0x25}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x258) 38.214646182s ago: executing program 2 (id=2248): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000c00)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf670000000000001600fdff0fff52e84407000009300000240600000ee60000bf050000000000001c63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070400000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f2686ee970d6482a2e71a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387bfa1bc9b49da28724ba9cd79fbee8f97af876d0e30c19555ffdd7d73815b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f42407107000cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08124d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cb003841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e75414c91fce6c86287945bd8d258442760000ff010000000000000000000000300807f2f3906c1d45d05ba9df828d35376fed399fa311ff63a34f0c0b82b4f2825e729eb9b7f4c9ab3be5bc011ff29904bbc424880247fabe7325a6e8d139e99d2b2fbf7e84fca3b21c78840b858ce900a4eb9c2b8b9b7fb664d2aeac991ca09b1afc0ef7aed4541a2f7275130a9fa3853481c81e919c000000000000000000000000b1e0e4b55e0d5d8c657b4853fc18ec43be33e5f971cceda04d95c87489910ce692ee55c536d1671bffd4c9b98efb741b13f0ab26ac191c74"], &(0x7f0000000100)='GPL\x00'}, 0x48) 37.315128753s ago: executing program 2 (id=2260): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000380)='./file0/file0\x00', 0x0, 0x8b141a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) 37.230305566s ago: executing program 2 (id=2262): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x58, &(0x7f0000000980)={[{@errors_remount}, {@grpquota}, {@nomblk_io_submit}, {@stripe={'stripe', 0x3d, 0x4ffff}}, {@norecovery}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x186b}}]}, 0xfe, 0x799, &(0x7f00000001c0)="$eJzs3c1rHGUYAPBnNp+m1UYQbL00Jy2UbtoaWwWh8SSChYKebcNmG2I22ZLdlCbkYBFBEEGLB0Evnv2oN28ievZv8CIiLVXTYsWDrMx+JJtukm7TTdI2vx9M8r4zs/PMs7Pzvu/uDLsB7FpD6Z9MxIGI+CiJ2Fefn0RET7XUHTFaW+/20mIunZKoVN74M6muc2tpMRdNj0ntqVf2R8SP70UczrTGLc0vTI0VCvnZen24PH1huDS/cGRyemwiP5GfOXFsZOT4yRdOnuhcrn//vLD3+sevPvfN6L/vPn31w5+SGI299WXNeXTKUAzVn5Oe9Cms+b7TUR4MyU7vAJuSnppdtbM8DsS+6KqWAIBHWdr/VwCAXSbR/wPALtP4HODW0mKuMe3sJxLb68YrEdFfy79xfbO2pLt+za6/eh104Fay6spIEhGDHYi/PyI+/+6tr9Iptug6JMBa3rkcEecGh1rb/2TlnoVNOtrGOkN31LV/sH1+SMc/L641/sssj39ijfFP3xrn7mYMRfTWN1fVev5nrq0K2nCqA8Hr47+Xa/e2pYk2jf+Wb1ob7KrXHk8rByNispBP27YnIuJQ9PSdnyzkj20Q49DN/26ut2yoafz315W3v0zjp/9X1shc6+5b/ZjxsfLY/eTc7MbliGe6V+7tu93S/jeOeuv498xGGz64Unztpfc/W2+1NP8038bUmv/WqnwR8WysnX9DsuH9icPp4T9a+7t2jG9//XRgvfjNxz+d0viN9wLbIT3+AxvnP5g0369Z6mz8u+e//Ppf3qH09d+bvFkt99bnXRorl2ePRfQmr7fOP76ytUa9sX6af23Di72xKv+V9i9Zo/1L3xOeazPH7ut/fL35/LdWmv/4PR3/ey9cvT3VtV789o7/SLV0qD6nnfav3R28n+cOAAAAAAAAAAAAAAAAAAAAAAAAANqViYi9kWSyy+VMJput/Yb3UzGQKRRL5cPni3Mz41H9rezB6Mk0vupyX62eNL7/dLCpfvyO+vMR8WREfNL3WLWezRUL4zudPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7Vnn9/9Tv/ft9N4BAFumv2VOpVKpNNdv5jdcDAA8dFr7fwDgUaf/B4DdR/8PALuP/h8Adh/9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvszOnT6VT5Z2kxl9bHL87PTRUvHhnPl6ay03O5bK44eyE7USxOFPLZXHH6btsrFIsXRmJm7tJwOV8qD5fmF85OF+dmymcnp8dOxdl8z7ZkBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3pjS/MDVWKORnH4nCBxHxAOyGQmcLvx35Zf9G61y5y8t4tI1Y/fUT4gFJeecLO9wwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwk/g8AAP//Ez0kyA==") sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x42) r1 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000019140)='@', 0x1) sendfile(r1, r0, 0x0, 0x7fffffff) 37.12091207s ago: executing program 2 (id=2267): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x20000000}, 0x20) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x40010040) r3 = socket$kcm(0x2c, 0x3, 0x0) setsockopt$sock_attach_bpf(r3, 0x11b, 0x2, &(0x7f0000000900)=r2, 0x4) 37.11931111s ago: executing program 33 (id=2267): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x20000000}, 0x20) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x40010040) r3 = socket$kcm(0x2c, 0x3, 0x0) setsockopt$sock_attach_bpf(r3, 0x11b, 0x2, &(0x7f0000000900)=r2, 0x4) 2.880812899s ago: executing program 4 (id=2959): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x40c, &(0x7f0000000400)={[{@init_itable}, {@dioread_nolock}, {@abort}, {@grpjquota}, {@lazytime}, {@auto_da_alloc}, {@mblk_io_submit}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x100}}, {@min_batch_time={'min_batch_time', 0x3d, 0x7a}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x8}}]}, 0xfd, 0x501, &(0x7f0000000e80)="$eJzs3c9vY0cdAPCvndhxsmmTlh4AQbu0hQWt1km8bVT1AOWEEKqE6BGkbUi8URQ7jmKnNGEP6ZkrEpU4wZE/gHNP3LkguHEpByR+RKAGiYPRe37OehN7E20SO8Sfj/T0Zt54/Z2J982sv1l7AhhbtyPiICKKEfF+RMxl13PZEe90juRxnx0+Wj06fLSai3b7vX/k0vbkWvT8mcSt7DlLEfGD70T8OHc6bnNvf3OlVqvuZPWFVn17obm3f2+jvrJeXa9uVSrLS8uLb91/s3JpY32lXsxKX/709wff+GnSrdnsSu84LlNn6IXjOInJiPjeVQQbgYlsPMVRd4Rnko+IFyPi1fT+n4uJ9NUEAG6ydnsu2nO9dQDgpos0B5bLl7NcwGzk8+VyJ4f3Uszka41m6+7Dxu7WWidXNh+F/MONWnUxyxXORyGX1JfS8uN65UT9fkS8EBE/n5pO6+XVRm1thP/uAYBxduvE+v/vqc76DwDccKVRdwAAGDrrPwCMH+s/AIwf6z8AjJ/O+j896m4AAEPk/T8AjB/rPwCMle+/+25ytI+y779e+2Bvd7Pxwb21anOzXN9dLa82drbL643GevqdPfWznq/WaGwvvRG7H85/c7vZWmju7T+oN3a3Wg/S7/V+UC2kjzoYwsgAgEFeeOWTP+WSFfnt6fSInr0cCiPtGXDV8qPuADAyE6PuADAydvuC8XWB9/jSA3BD9Nmi9wmlfh8Q6m4gAvxfuvMF+X8YVz35f/8LGMaM/D+ML/l/GF/tdu68e/7HeR8IAFxvcvzAgN//v5idf5P9cuBHaycf8fFV9goAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACut+7+v+VsL/DZyOfL5YjnImI+CrmHG7XqYkQ8HxF/nCpMJfWlEfcZALio/F9z2f5fd+Zen32i6eVbx8ViRPzkl+/94sOVVmvnDxHF3D+nutdbH2fXK8PvPQBwtu46nZ573sh/dvhotXsMsz9/+3ZElDrxjw6LcXQcfzIm03MpChEx869cVu/I9eQuLuLgo4j4fL/x52I2zYF0dj49GT+J/dxQ4+efiJ9P2zrn5GfxuUvoC4ybT5L5551+918+bqfn/vd/KZ2hLi6b/5KnWj1K58DH8bvz38SA+e/2eWO88bvvdkrTp9s+ivjiZEQ39lHP/NONnxsQ//Vzxv/zl15+dVBb+1cRd6J//N5YC6369kJzb//eRn1lvbpe3apUlpeWF9+6/2ZlIc1RLwxeDf7+9t3nB7Ul458ZEL90xvi/es7x//q/7//wK0+J//XX+sXPx0tPiZ+siV87Z/yVmd+WBrUl8dcGjP+s1//uOeN/+pf9U9uGAwCj09zb31yp1ao7Cte5UMxeruvSn0GF0hX3MPkZXI+Rni58a1ixitG/6Wev9f1L0m4/U6xBM8ZlZN2A6+D4po+I/4y6MwAAAAAAAAAAAAAAQF/D+MTSqMcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAzfW/AAAA//+Y9srv") perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x106200, 0x10004, 0x20da, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r0 = creat(&(0x7f0000000e40)='./bus\x00', 0x1a0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0xa4c42, 0x108) fallocate(r0, 0x0, 0xbf5, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x0, 0x54, 0x0, 0xfffffffffe000001}) 2.460420344s ago: executing program 4 (id=2973): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000140)=0x4000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) bind$xdp(r0, &(0x7f0000000240)={0x2c, 0x1, r2, 0x0, r3}, 0x10) 2.29713726s ago: executing program 4 (id=2976): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x68, 0x4000, 0x2, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, {0x0, 0x6558, 0x8}}}}}}, 0x2e) 2.216979553s ago: executing program 4 (id=2980): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x400000001, 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e23, 0x27bf, @empty, 0x3}, 0x1c) 2.144803915s ago: executing program 4 (id=2982): prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) getpid() prlimit64(0x0, 0x7, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000100)={r1, 0x0, r0, 0x0, 0x80000}) 1.304990544s ago: executing program 4 (id=3006): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) recvmmsg(r0, &(0x7f00000099c0)=[{{0x0, 0x0, 0x0}, 0x4251}, {{0x0, 0x0, &(0x7f0000007040)=[{&(0x7f0000006040)=""/4086, 0x1000}], 0x1}, 0x8000}], 0x3fffffffffffdfc, 0x10002, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000180)=0x2, 0x4) 1.211243017s ago: executing program 3 (id=3012): perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x4, 0xc, 0xf3, 0x91, 0x0, 0x2, 0x404, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x5, 0x9}, 0x0, 0x0, 0x6, 0x4, 0x21, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0xc, 0xffffffffffffffff, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000000906010200120000000c0000000000000900020073797a310000000005000100070000001c0007800c00018008000140fffffffe0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x30008807}, 0x808) syz_usb_connect$hid(0x4, 0x0, 0x0, 0x0) 1.152256669s ago: executing program 5 (id=3017): bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xa, 0x42, 0x40, 0xc2, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000080), 0x1003, r0}, 0x38) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r0}, 0x38) 1.046056944s ago: executing program 5 (id=3019): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b78, &(0x7f0000000040)={0x0, 0xca72, 0xc000, 0x0, 0x20002fb}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400070200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0) 980.209416ms ago: executing program 5 (id=3020): r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x56, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00') rename(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00') 905.302629ms ago: executing program 5 (id=3024): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='mountinfo\x00') mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net\x00') fchdir(r0) exit(0x3) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./mnt\x00', 0x807c1, 0x77) 849.33384ms ago: executing program 6 (id=3025): r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x22f0}}], 0x2, 0x810) 849.188381ms ago: executing program 6 (id=3026): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, r2, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x40}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) 768.795543ms ago: executing program 6 (id=3028): socket$nl_generic(0x10, 0x3, 0x10) fsopen(0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)={0x74, 0x0, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x2}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8809}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7f}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x3a}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x800}]}, 0x74}, 0x1, 0x0, 0x0, 0x20024810}, 0x0) 768.608783ms ago: executing program 1 (id=3029): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) io_setup(0x7, &(0x7f0000000000)) io_setup(0x1005, &(0x7f0000000040)) io_setup(0xb, &(0x7f0000000080)) io_setup(0x9, &(0x7f0000000540)) io_setup(0x7, &(0x7f0000000200)) 766.019733ms ago: executing program 6 (id=3030): r0 = socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0xb, 0x42718, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0}, 0x100b28, 0x6, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$XFS_IOC_GETBMAPA(r0, 0xc020582c, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x43}, 0x1, 0x0, 0x0, 0x8800}, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384) 677.414606ms ago: executing program 3 (id=3031): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) write(r1, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000100)={0x5, 0x5, 0xfffffffffffffffd, 0x0, 0x800, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0xffffffffffffffff, 0x0, 0x10, 0x0, 0x3}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) listen(r0, 0x1) 657.699007ms ago: executing program 1 (id=3032): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000240)='I', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) r1 = dup(r0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4c24, @empty}}, 0x6, 0x6}, 0x90) 592.462459ms ago: executing program 1 (id=3033): r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000003c0)='.\x00', 0x5db) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') r1 = inotify_init1(0x80800) inotify_add_watch(r1, &(0x7f0000000300)='./file1\x00', 0x10000200) inotify_add_watch(r1, &(0x7f0000000040)='./file1\x00', 0x80000388) 592.282709ms ago: executing program 1 (id=3034): pipe(&(0x7f0000000e00)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000080)=[{&(0x7f0000000e40)="09ec8b684f", 0x5}, {&(0x7f00000010c0)="fbd23a675d993c4346e0d1c5972e55e2783594c6689fe4a291b46a76878f38057352709d590c222bf76f795492788f4e39e4098ed1c4070642a437b1581a386cd09278225d62a61909a6d2a81601985f138f38cbf350998b924a455cc6d34afd41fa984abdf7e4d8582209d31cb4d5f8c5957f522fc88444cb3a0b17f3b5576dc9b3858197fb293ec8bc6298840ff46fbcaeffc2276d133dd9ff6091e5dd8e004e5710201941b3f9a48898bac5aa5e92c0b7c917bb6f99bf929dba6a9f02adea9aea0c8d5d8fa04ac6b4379117b2d12c2481c92e8d5dd27a46d3414898891ed43456775b8bfa9e76364224114aa9dfd60f95d9d1c9b2039ec26c9c38cfaefe0ef80c7c2ad294f7f5a80a2c6279c4507a61107223fe166d2e9a840082b750cf13887d7268c646c9f88f18a6a9ea3861ee7be96c589c8523743b135d9eb86e19cdc43af4af7230c3a449daf82f3ad00ab43e10dff4c3ad9595034989449ed7fe47e56d4e0beaadd9d9d5038aa7fb720dd6f0053b54768c0d49771d50ddbbeb4eb626d87ade86a014688effefe084c36e0d4b115dd73d8460cd5c058fb9c233ffa1e51265f1d73b76b3960977b4811ee603ec04fb6f4d55eea8ee0ecf4caa8f388262e15f0bf889de4818e3b1aa214981fe830263a2e9adabbc548f48077a33dadf6fda392345ed6d07951f95ccd8ddf3b356e38c6c29d57747c358c860fc4477f4dbc95737df57162f848f2f22baa0e18135995b211423a69d613f4c120882efe13060c74e9f69ab8dc91d5a1f4d97a09d47e75dda051e673beecc96aa5629ac44fe224e7d9d521d57d4f75f6e46c113f1ed658119e0316b6a7d9b02e5dd605f058778783d8dfff0dc76d50e2072f3ba777d7933b7abce4f6b8e407a12363478812861a2956198b704b8f172e3554b39879b30664ba28ea6560dc5b048fbbc2f3e9fc333ba3ae39d6a742eada5ba5a9313311dde584270c708fedb663d87cc1b28fe844eb966322e47cbf8e2eb018088fe18e2348ed37ccda98323faa55f78b74bb20984fb9d13eb7479b628cc176fa3968d6f9c6090582a4607f5b07baa66de410b6603a6aedcce1bcf5b138d0a5bd637aca4e012a77916a9cd3ffacf24678b7c6b4227b8b0b46e6d5199d164c5d9ae1462fa8f54ab72e3f1610b66f2a86b6cd4f4bf42e8d5a3949e7d13dee05335ffbbd9d7f41730a0f1e0c3712f2f1c45cf0bfe6a9053aed7271474a9fe7ca92edac116f99b7753fa2d8b607658c570410742f4efe1fafe74c6df8334e9644b9822f36a95b93f1b840df318158f2b516e18fdc28fdfd87c6532f03105f4eb1805706d4f7eb8f668d079a1b3fd734c7db9a278817f29c8051c4a9d0c898262b095a30b2d39d9c545747ca5641bd59ed64f36aed692c0ba2fe8e55ca973047f68ce85025c0fe0c27ffee14879086feaff171088a9f360749b070cc0507eaa32999069ca4606d551fb9c85bd2a9fa8be1d43de39190bb0d99c85c22f8c7ee91b18a6650f7fcfe410665b71c2fd99a04b98a0b81eee9c1ed44218797811f7d83ed09b1ec2b8802c6cbd4cea57f74673db24ca2ada84300fd46f46cf766ff293e9d0fec605a5598ba47755758953c1bc06fe990f0b22dd473be0ff88f7a9bb95a65d10df4f2952cae71865afb5ac19de3f8df7dc2116b813569139dce2ea7883d5ec6560066343a9c00ae7d0b08b33ead14b780bf7e6c8bb46f658acef77c21ee540373020f1b536d4975587d8dd869bb9972916cb6cd0cf3a5efd783497d7ff2ae910d7d1df3ddd6349d63ef2215abbff3b980c25c690ca1aa61c68557727ae2a45932b42a6874ba3e562100a9cb6bc31ffb5b8674f95bf3c832ae450b50c8ba93ea542f61c4d9a84556a2f455387234994cff2171804ca812352d0ea792565b8ba3b37468d8bfcaf2c6c5f816ec27282a5aedd2a28bb26da488c67bab30ad37e37fb02d77f6543b64d86ef9cb56ac2b8505c7b3247cc123b59e6c2c622252581e0adae7206b132f3aec3f1e9030fad3e11c9e5d30e6c3a9f8aac032dc88bf932758db2b5f90ad043f783199f5319a8a01bbc715e70f397589831fc445a89b09400263921f0823f0f4123e40d66cf888e26477a2510d3af34495d340b0cc6eae651b91d80612610eabf6bf0914a26025099010d9961be1659c87cc670f71645d405ac055ba47e8732ea1fbd1c53ea732be3e80bacc2d05051bf2fff1c931e186dc7a2c1e6a1285a04b0ffd0496c8baa61f875541988dd08ca6d3bc6d8b958068c171ad24e27f9c6497f049a49f3e81065cfcbc4e03aeeff98b6382dafff18f50b130e792430fd0c2277ce4a92595cc8f1c215351be2303edf3b0fb67c1b9f85db5fb66bfb012bdc7897cba8bf60c370bd2299cb9c0e2485740c283c02e1db4e7eda308b9d543ad8f7eb7504fa733c661efd9f6836e508de3f8ac6f98992e702789fe2c116b8fb980fad0dba50061690ae2e0f325bff38be200fc91b8dc8fc76e59f0596a377dabac79af913e024eb0578dd2edb3339747da2239b4eda09cefcefb6fa0771dc0b7f2041982c52a3e2e8914d11a3ec245fc47d8b960f34df71cfb3621408fd62f9a5e7a74707dca22fd8af96dd6e2eb77163b902283467206bb69372d0473356654051a0ac2de73375584124243f98def2136d66e85a1270a11356f8fa0e6b678691e4fbc643c966bc4af4c1cb76c9baf039904c5b1eff9ee5050696040b52687cb594496a5509033fe91aaa51ce84ffccac00ca67b621e5c57b2bf959e059280bd4b2e16ba9abc4535df32db75bb3597b142184532fb80547bb9d1aff76e89c29be2bc67963aff3549f53d41a1408e3cb37f2f570d4dd752b98705cdc81390d322b6ce400b31e9c763a88ae85d9a410b27945749e26dc6c1e1d7a0690e3d43d09b774253d3ba1f4b16f18ab27597764746317513edd86db5377e8b88732946e636f05a16fa376046700f6fadd3a18d0112eee44db5214a38d152a69b35ed054c75c2324f2ba7f8e23bc50948069a8f26cbf09cd671c25fe784a5ded2a80e3166625fe8d2405adfce3ccf73e04a7d13bb7d75113fae3d6e77e29119782b218f115f5e9901ca48a8b4946fe7beb1d932f704623cf10430f6209cb01347d9ff67dc6152c0565b1a90af62b4af7be391a4728a38aea0e1aa8c3ba5f7002a6dc8bb1669d8cefcee58914ce397db34f1b5919da08f93b7cf67f4e792fff0a40161534c044cfbd9d3034a0e6e9ba092879905d92a73794200394f9ebf414b93a232ddfe9a965ba78989a18d33c1a1a6fc7c9dc1c49413b1fc6cd88f72a0efa6c3d1273fd8310240c8ee49c6c02a5f7eae232cc2c847fcfbcfd6c727a4ca0fc9180b2f38ad9c8e758bc76ffa806f35845e79844d16980be73cdc34d8a12724a9cf146b4718c01a2f9b9bf08e60a976e9116a443dbe3b1949c59e41fcc972f0c470109cae09f7e991bd78505c02ebfef05b06a8955cef712c483c4f641ddb9cec21e74f96fc2e7cffcf77684ba4af02574157ee991337c155f77214a1d4c24450629a1a0d90c9e512ed780650eae203c786f967ceaf6eae70dce846e19d4cf81bea284d6cf6e52649086f9be3893da50d9c515e1e1c00f3774bf15fa1b12e313e981a19b324488a23dcbc7e856de21cc14ee7ca8f30a2eb8e9309ee2d470571a915763f29a480fbb9eceb922284aff290e7520ddabef7881f9e9031035dd5f817923f065f898687f83da9ae2ac02fb25d63691646dcf4d660e3428951d230c833b1924a1fc468fbdf914c175bda2bd99a41456ba1788de3f807f95137fcec21ea1268508b3e0842138125d4c20c3920c4660d21bf8cfe35aeb2f7b131bea98734dd60431e578f3e9cc4311e8b2917239386b10e0b8798f4eeb22f5efcf18381aa5582ce40e8fc0a01b0d740517158b28edd76559782b20993404bfff8e1f46a2ee9161ab71d486068b9859cdb51850ba9f52d1f51df23d62a79fe8028a39c857f0cf43dcf70dc574e81dc90b256609a14c04c8c93ebc2f97bde68f8147c7e0c8a89f9fe2467ffafc9e73456c1b5124a736ea713efb94838cb11e1d325227553f3f24a9e1217aad16b12d89eaf9efe787fa0a81820d302d888217d485d6c0bc364803157a0ed28ac6ffa84dfbd1383d7b4b04f541eb3e81ae83c79db89fcb9c2ad7b687533d28adebce641c011624c6ad01d4f3b18c32b0401ea485d899c0bf238df9535cf4c1b63c17622f23190f42dd5ae61ad69b653766b690919cfa25dc0e2b7e1f826dba1b8808ab2adcf96686ca314a9b07c8bf235df9ff2c419c4721d32af7a146f8f7c43c71ba0a7f2e4e0f4b52581bb77a68e74b8a508f9baa6fe713d9134b41b705c13a5a1d24a24d7b5e3c6d6fb9d40f742325ec0968e7584aac10cbeea4a2d6dd0e5d6e3e4b9d30680359373f1c8ad8306708ca22e25e41ebd3e249bbc140ad4ef81312abdc55c52d782e0555068ba130b222d5c728a5fcdc02d1089ca5b3c796d36b544a002a64f88dd024c5ac09853c8b73f79e8b216c2953ced3aef79089fbfa207d3ce9c5039ff5aba0f8943243b6a9a7d5d27451de75a640d1f13aeb4af4b2331bb88631db95e696591f5ec12c4228c57040f74c4626937ef67f88171c2b22317a78054e3fb8bf80228139370b4cfa9b089dbfa9aabc8528f0b6524fe74ce15c70574c4d042e546733fc129a15dc51af6ceccd2669c6c15d21578a00306d52b48e9c38412d1ca81f7feaf404ba4653ad5d500cf3bb869604949954c763d0143e32610f80fce37399e730471dcdf77643622e3edabd760bf2eb99eb8d5f5f37f2a024f0977792a672341ab0de32ebb19fb3faad678f8d8568fe4831fd9967a59a3f9fd24e0b067e4fd5d166e470f72d9051e3cc48f244c03570c4a7f2887f3829e73c0ba67290d089b944edf3240d87ac3e9b6f3ced58de35cf49d9b5adf1cd5ad45fbc6d40c5fca14a5374471b787d344bef3e5df297cb2f996f996c93b608286dbd3cc98484a1de83ecc173569edaa6f81830a51adce39637aad5775fb838c8ff259ed5ce716a87fde368df81988dff00f530e50dc452e1618759075ccc1869119b0fe735aca41c433c2e266667d3094420393367092bd49e9f6c62bfd5cf5b58872c065a4250c74f30a01c87872d0e3e5ea2abc81eb69d9089763f149133e8fd6cad6c28ccc25e4b065065f646aac2432fbf9b065ea67f86805b67e3f4260bbdd79dfbe2eecaf2d7b71c4172bc8c92a4a8872b98b716493d7a743dc17f559ccf9d81fdb0f59ef8758c4f8022f088034cc99b4c91457319447a859a411d2199571bf135696587e48bd6d47be65f13a321fc04b84a4397053eef073cddeee3d27f4b1aa2557f68f0f446781fa91f2a00c6f8dea8f2d753758d7a7d4a6e50be58e2e2de33441087838fcbdc192e085f0d9a74767d4a75b13b7837ceb3d334cba9b887270c7af45aac01bf48864a849188a909e7560dc82a9b9ccb544b5189994e814a6f78ec268a4d55d8d677afb971d8f91731d7c2df6a407ea17f886968e39e668aaba7da1c85ea9aa3238c1b65419fd4cb931733ea29e4b5d50681d248fb395e7c71ecb7af7d256a7b8516ae37a1835cc9ca588178f35e8c2b7f801186fabef3b329840e0c51fd7a8597413438c2b7ca0e783e73bce789926019aedf5ae228273c6112df37b8a833f558b885f2bdd494058380c3eecd852cbdd46de28cfa5342f44b10bec9936cd7a4d478330b7f35b64b940ce716b5d8b49c38009fe249123cd19f5139c2", 0xffb}, {&(0x7f00000002c0)="fcfcf3521ecb", 0x6}], 0x3, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x2000000002ffff, 0x0) 592.060729ms ago: executing program 6 (id=3035): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7fff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000001c0)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 574.93648ms ago: executing program 1 (id=3036): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000c40)={0x2, 0x80, 0x2a, 0x1, 0x0, 0x0, 0x0, 0xa, 0x510, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0, 0x9}, 0x106200, 0x4, 0x20da, 0x5, 0xa, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r1, {0x7, 0xa}, {0xfff2, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054) 552.44035ms ago: executing program 3 (id=3037): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x9, 0xf40b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x7, 0x100}, 0x204, 0x0, 0x43a1bd76, 0x3, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0x8) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) 551.93542ms ago: executing program 6 (id=3038): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000002480)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r0 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r2, 0x0, 0x0, 0x1001f0) io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r0, &(0x7f0000000000), 0x100000, 0x16}]) 484.655113ms ago: executing program 3 (id=3039): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x2000e8, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xdd12}, {0x0, 0x10}], 0x2}, 0x0) 433.537965ms ago: executing program 3 (id=3040): sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x2, 0xf4261, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x147b7e, 0x0, @perf_bp={0x0, 0xa}, 0x9092, 0x0, 0x43a1bd76, 0x5, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x200b}, 0x0, 0x4000000000, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x5, &(0x7f0000001d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018000000c3707bf4000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @multicast1, @multicast1}, @echo_reply={0xe0}}}}}, 0x0) 433.121595ms ago: executing program 1 (id=3041): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x5, 0x7fc00002}]}) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000280)={0x0}) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x10000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f00000000c0)={r1, 0x1, r2, 0x4, 0x80000}) 40.897958ms ago: executing program 3 (id=3042): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x30, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x3}, [@IFLA_TXQLEN={0x8, 0xd, 0x1}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {0x3}, {0xfff3}}}, 0x24}}, 0x0) 40.723638ms ago: executing program 5 (id=3043): r0 = gettid() timer_create(0x0, &(0x7f00000014c0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) prctl$PR_MCE_KILL(0x21, 0x1, 0x0) 0s ago: executing program 5 (id=3044): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x0, &(0x7f0000000600), 0x1, 0x56e, &(0x7f0000000640)="$eJzs3U9sHFcZAPBvdh0ndU1dm1pqysGBRLh/FNvtSk4NB8IBDhT1UiRUqRysZGMHr2Nju6I2F/fGiQoJBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHggBjGZ3NtnYs2bBjhcyv5+02TdvnvO9t5vvafe9iSeAwjqR/pFE9EfE1YgYaBze2uBE4+kblY3ZK5WN2SS2t5/6U1Jvd7myMdts2vy5uyNiPSLuj4jvX4g4d2R33OXVtbnpWq26lB2Pr8wvji+vrp2+OD89U52pXqpUHp+anJw6MznxH4wm2fPsRxffGPrF7JMzL4/8/ekz81/5YxJn6+OOHeM4SHk96kkizt6OYF1QTscTEX0dth+uvvDKbe4SHfrc0OZ4+t7dFxGn6vk/EOX6uxnxvpee+ctAvPd6u5+9uvnS7w6zrwDAwdlOHd37NHBnKkX63T8pjUVEo1wqjY01vsPfF32l2sLyyiMXFp69dL6xRnBvHClduFirTmRrBffGkSQ9frRevnn82I7jSkQMRsSny3fVj8fOLdTOH+pMBzT1R7z+zU+c6717R/7/ttzIf+DOleb/z37w7e+m5bfK3e4NcJjS/P/aW/NPhPyHwpH/UFzyH4pL/kNxyX8oLvkPxSX/objkPxSX/Ifikv9QXK35L/2hmAZHXt1MImL9PXfVH6ne7FzOr+0B7iDb24n/5A8F5bM/FFdPtzsAdI3v+MDevzk74li7E4sH3xfgcJS63QGga0aP2/+DorL+D8Vl/R+Ky2d8wPo/FI/1fyiu/jb3/3pby727JiLinoj4UfnI0ea9voD/X/0Rr7949VvPRJR+n2Sf/0cHTvVPv/Ha91rb9SZ/rW8R9EbEJ1986gvPTa+sLD2a1v/5Rv3KF7P6x7o1GqATzTxt5jFQXMura3PTtVp1SUFBoXCF5jxwubIx23wc1tzzwsMRb76/cRFCGvdK9mic7cnWJo/V9yj7tpJbrlVIDmDv8jOnI9afj4j788afZPc7b+x89G2Vd8V/e/acPo5n6ydpm+EO45fv2V/8B1rij7TEf0eH8Tc/0mHD22Tw692N//Ivs9d/oqcn7/Xf77UxQ//m/BNf3WeAffrNr7sb/9RId+N/fiHi1XT+mcjLv1Kaljd2PnfOP/0t10n/tz41enP+u7Jr/ivdmP/Kbea/Ex3G+eHT1Y/l1Zd/HPHm8xEP5MZvxjtWj9W3VdoV/2TL/PPgHvH/8OGfzuXVn30tYvtyxGjkx2+NNb4yvzi+vLp2+uL89Ex1pnqpUnl8anJy6szkxHh9jXq8uVK925PXhz+QV3/yy43x97WJ3xx/u9d/e48xt1r70sf735lT/5PjjfgPnsx//4ey+I3Xv2dX/Hdlz+m/k39k1/Kmba5FxNGs/qGI+M4rgw/n9etD1xvxz7cZf+mW+LvH/0iH4//sr/75bF79cx/s8C8AAA5U+6WBbvcMAAA4aIex09jtMQL5+rZ6o3UbOFlv2VdYv7mvkNZfy/YXyusRf8v2GNL6h7JdsrScu9EA/M8ZXnv3z7vdBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICiW15dm5uu1apLy93uCXDY/hUAAP//T2kBHQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) kernel console output (not intermixed with test programs): ocket:[14124]" dev="sockfs" ino=14124 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 92.050704][ T28] audit: type=1400 audit(1775067019.231:751): avc: denied { bind } for pid=6449 comm="syz.1.1163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 92.077272][ T28] audit: type=1400 audit(1775067019.291:752): avc: denied { execute } for pid=6451 comm="syz.3.1165" name="file1" dev="tmpfs" ino=1256 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 92.099918][ T28] audit: type=1400 audit(1775067019.291:753): avc: denied { execute_no_trans } for pid=6451 comm="syz.3.1165" path="/239/file1" dev="tmpfs" ino=1256 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 92.188184][ T6460] loop3: detected capacity change from 0 to 512 [ 92.211598][ T6460] EXT4-fs: inline encryption not supported [ 92.238396][ T6460] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 92.242250][ T28] audit: type=1400 audit(1775067019.481:754): avc: denied { create } for pid=6461 comm="syz.1.1169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 92.269337][ T6460] EXT4-fs (loop3): 1 truncate cleaned up [ 92.276889][ T6460] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.298053][ T28] audit: type=1400 audit(1775067019.541:755): avc: denied { write } for pid=6461 comm="syz.1.1169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 92.395924][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.636102][ T6476] loop3: detected capacity change from 0 to 256 [ 92.729309][ T6481] netlink: 'syz.1.1177': attribute type 4 has an invalid length. [ 92.774939][ T6481] netlink: 'syz.1.1177': attribute type 4 has an invalid length. [ 92.782026][ T6485] netlink: 'syz.3.1178': attribute type 4 has an invalid length. [ 92.811130][ T6484] loop2: detected capacity change from 0 to 4096 [ 92.833720][ T28] audit: type=1400 audit(1775067020.081:756): avc: denied { wake_alarm } for pid=6486 comm="syz.4.1181" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 92.873271][ T6484] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.895243][ T6484] EXT4-fs (loop2): resizing filesystem from 512 to 0 blocks [ 92.914473][ T6484] EXT4-fs warning (device loop2): ext4_resize_fs:2041: can't shrink FS - resize aborted [ 92.932284][ T28] audit: type=1400 audit(1775067020.171:757): avc: denied { write } for pid=6493 comm="syz.1.1183" name="mcfilter6" dev="proc" ino=4026532814 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 93.009914][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.047455][ T6496] SELinux: failed to load policy [ 93.052729][ T28] audit: type=1400 audit(1775067020.291:758): avc: denied { load_policy } for pid=6495 comm="syz.1.1184" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 93.612098][ T6532] netlink: 'syz.5.1199': attribute type 15 has an invalid length. [ 93.718088][ T6539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1202'. [ 94.371365][ T6518] kexec: Could not allocate control_code_buffer [ 94.618918][ T6575] ip6erspan0: entered promiscuous mode [ 94.828971][ T6584] loop2: detected capacity change from 0 to 256 [ 95.342904][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1230'. [ 95.355799][ T6607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1230'. [ 95.401183][ T6607] netlink: 'syz.4.1230': attribute type 11 has an invalid length. [ 95.429852][ T36] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.439510][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1230'. [ 95.448709][ T36] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.465022][ T6607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1230'. [ 95.480223][ T36] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.491994][ T36] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 95.501461][ T6607] netlink: 'syz.4.1230': attribute type 11 has an invalid length. [ 95.831164][ T6655] netlink: 'syz.2.1250': attribute type 12 has an invalid length. [ 95.863632][ T6655] netlink: 'syz.2.1250': attribute type 29 has an invalid length. [ 95.893166][ T6655] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1250'. [ 96.101254][ T6665] Falling back ldisc for ttyS3. [ 96.198718][ T6667] Process accounting resumed [ 96.268464][ T6673] loop2: detected capacity change from 0 to 512 [ 96.296663][ T6673] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.327368][ T6673] ext4 filesystem being mounted at /267/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.374400][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.423764][ T6680] loop2: detected capacity change from 0 to 128 [ 96.481561][ T6680] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 96.503417][ T6680] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 96.563160][ T2291] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 96.683959][ T6687] loop2: detected capacity change from 0 to 8192 [ 96.693138][ T6694] netlink: zone id is out of range [ 96.715595][ T6686] bio_check_eod: 102 callbacks suppressed [ 96.715612][ T6686] syz.2.1263: attempt to access beyond end of device [ 96.715612][ T6686] loop2: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 96.756249][ T6686] Buffer I/O error on dev loop2, logical block 57847, async page read [ 96.765855][ T6687] syz.2.1263: attempt to access beyond end of device [ 96.765855][ T6687] loop2: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 96.780389][ T6687] Buffer I/O error on dev loop2, logical block 57847, async page read [ 96.790194][ T6687] syz.2.1263: attempt to access beyond end of device [ 96.790194][ T6687] loop2: rw=8388608, sector=57847, nr_sectors = 1 limit=8192 [ 96.826931][ T6687] Buffer I/O error on dev loop2, logical block 57847, async page read [ 96.997880][ T28] kauditd_printk_skb: 44 callbacks suppressed [ 96.997896][ T28] audit: type=1400 audit(1775067024.241:803): avc: denied { bind } for pid=6712 comm="syz.5.1274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 97.075905][ T28] audit: type=1400 audit(1775067024.271:804): avc: denied { getopt } for pid=6716 comm="syz.2.1276" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 97.247880][ T28] audit: type=1400 audit(1775067024.491:805): avc: denied { sqpoll } for pid=6736 comm="syz.2.1285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 97.297398][ T6739] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 97.316001][ T6739] SELinux: failed to load policy [ 97.376311][ T28] audit: type=1400 audit(1775067024.621:806): avc: denied { read write } for pid=6738 comm="syz.2.1286" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.403019][ T6740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 97.436093][ T6740] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 97.446109][ T28] audit: type=1400 audit(1775067024.651:807): avc: denied { open } for pid=6738 comm="syz.2.1286" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.538619][ T6747] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1289'. [ 97.644658][ T6747] vxlan1: entered promiscuous mode [ 97.651420][ T28] audit: type=1400 audit(1775067024.651:808): avc: denied { ioctl } for pid=6738 comm="syz.2.1286" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 98.030918][ T6756] xt_hashlimit: size too large, truncated to 1048576 [ 98.054307][ T28] audit: type=1400 audit(1775067025.301:809): avc: denied { connect } for pid=6755 comm="syz.3.1293" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 98.358577][ T28] audit: type=1400 audit(1775067025.561:810): avc: denied { read } for pid=6761 comm="syz.1.1295" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 98.423646][ T10] IPVS: starting estimator thread 0... [ 98.444717][ T28] audit: type=1400 audit(1775067025.581:811): avc: denied { bind } for pid=6763 comm="syz.2.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 98.514998][ T28] audit: type=1400 audit(1775067025.581:812): avc: denied { write } for pid=6763 comm="syz.2.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 98.542289][ T6772] IPVS: using max 2352 ests per chain, 117600 per kthread [ 98.696021][ T6790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.737437][ T6790] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.176811][ T6821] can0: slcan on ttyS3. [ 99.184938][ T6821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.216575][ T6821] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.312391][ T6821] can0 (unregistered): slcan off ttyS3. [ 99.664990][ T6875] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1331'. [ 99.744146][ T6884] 9p: Unknown uid 00000000004294967295 [ 100.035138][ T9] IPVS: starting estimator thread 0... [ 100.132614][ T6909] IPVS: using max 2256 ests per chain, 112800 per kthread [ 100.915342][ T6964] loop3: detected capacity change from 0 to 256 [ 100.957595][ T6966] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1370'. [ 101.012268][ T6966] bridge: RTM_NEWNEIGH with invalid ether address [ 101.032810][ T6970] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1370'. [ 101.071947][ T6970] bridge: RTM_NEWNEIGH with invalid ether address [ 101.278155][ T6987] 0: reclassify loop, rule prio 0, protocol 800 [ 101.422567][ T6993] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 101.447225][ T6993] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.531669][ T6993] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 101.548161][ T6993] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.581816][ T7007] loop2: detected capacity change from 0 to 512 [ 101.604022][ T7009] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1390'. [ 101.618807][ T6993] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 101.630625][ T7007] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 101.641083][ T6993] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.652232][ T7007] EXT4-fs (loop2): orphan file too big: 4294967295 [ 101.658933][ T7007] EXT4-fs (loop2): mount failed [ 101.678450][ T7009] bond1: entered promiscuous mode [ 101.703529][ T7009] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.714823][ T6993] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 101.726415][ T6993] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.805290][ T402] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.822723][ T402] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.825941][ T7023] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 101.850060][ T402] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.857511][ T7023] vhci_hcd vhci_hcd.2: default hub control req: 030f vfffa i0001 l0 [ 101.863812][ T402] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.888831][ T402] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.943492][ T402] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.962134][ T30] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 101.978024][ T30] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.044756][ T7034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.084107][ T7034] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 102.139391][ T7043] pimreg: entered allmulticast mode [ 102.584100][ T28] kauditd_printk_skb: 14 callbacks suppressed [ 102.584113][ T28] audit: type=1400 audit(1775067029.831:827): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 102.644139][ T28] audit: type=1400 audit(1775067029.891:828): avc: denied { mount } for pid=7094 comm="syz.3.1427" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 102.687955][ T7098] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.1430'. [ 102.706535][ T28] audit: type=1400 audit(1775067029.951:829): avc: denied { create } for pid=7103 comm="syz.5.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 102.708240][ T7103] delete_channel: no stack [ 102.732264][ T7098] netlink: zone id is out of range [ 102.737503][ T7098] netlink: zone id is out of range [ 102.752302][ T28] audit: type=1400 audit(1775067029.951:830): avc: denied { ioctl } for pid=7103 comm="syz.5.1432" path="socket:[16367]" dev="sockfs" ino=16367 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 102.770004][ T7098] netlink: set zone limit has 8 unknown bytes [ 102.881295][ T28] audit: type=1326 audit(1775067030.121:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.1.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf0695c819 code=0x7ffc0000 [ 102.906310][ T28] audit: type=1326 audit(1775067030.151:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.1.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=225 compat=0 ip=0x7faf0695c819 code=0x7ffc0000 [ 102.930804][ T28] audit: type=1326 audit(1775067030.151:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.1.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf0695c819 code=0x7ffc0000 [ 102.968294][ T28] audit: type=1326 audit(1775067030.151:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7120 comm="syz.1.1438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faf0695c819 code=0x7ffc0000 [ 103.026625][ T28] audit: type=1400 audit(1775067030.271:835): avc: denied { bind } for pid=7129 comm="syz.1.1441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 103.046456][ T7130] netlink: 'syz.1.1441': attribute type 10 has an invalid length. [ 103.056961][ T7130] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.065077][ T7130] bond0: (slave team0): Enslaving as an active interface with an up link [ 103.618857][ T7154] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1451'. [ 103.845270][ T7171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1457'. [ 103.861047][ T7171] bond2: entered promiscuous mode [ 103.866914][ T7171] 8021q: adding VLAN 0 to HW filter on device bond2 [ 103.921294][ T7180] loop3: detected capacity change from 0 to 512 [ 103.929876][ T28] audit: type=1400 audit(1775067031.151:836): avc: denied { read write } for pid=7177 comm="syz.2.1461" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 103.966417][ T7180] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 104.009835][ T7180] EXT4-fs (loop3): orphan file too big: 4294967295 [ 104.018063][ T7180] EXT4-fs (loop3): mount failed [ 104.044446][ T7189] netlink: 172 bytes leftover after parsing attributes in process `syz.5.1467'. [ 104.231976][ T7215] loop2: detected capacity change from 0 to 512 [ 104.251892][ T7215] EXT4-fs: Ignoring removed nobh option [ 104.298812][ T7215] ------------[ cut here ]------------ [ 104.304554][ T7215] EA inode 11 i_nlink=1026 [ 104.304573][ T7215] WARNING: fs/ext4/xattr.c:1059 at ext4_xattr_inode_update_ref+0x313/0x350, CPU#0: syz.2.1475/7215 [ 104.320134][ T7215] Modules linked in: [ 104.324095][ T7215] CPU: 0 UID: 0 PID: 7215 Comm: syz.2.1475 Not tainted syzkaller #0 PREEMPT(full) [ 104.333448][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 104.343760][ T7215] RIP: 0010:ext4_xattr_inode_update_ref+0x332/0x350 [ 104.350540][ T7215] Code: d4 35 99 ff 4c 8d 2d ad a1 5d 05 49 8d 7e 40 e8 54 cd b5 ff 49 8b 6e 40 4c 89 e7 e8 88 c8 b5 ff 41 8b 56 48 4c 89 ef 48 89 ee <67> 48 0f b9 3a e9 02 ff ff ff e8 2f c4 dd 03 66 66 66 66 66 66 2e [ 104.370222][ T7215] RSP: 0018:ffffc9001170b5a8 EFLAGS: 00010246 [ 104.376492][ T7215] RAX: ffff888104c28ac8 RBX: ffff88810d258608 RCX: ffffffff81c02b68 [ 104.384543][ T7215] RDX: 0000000000000402 RSI: 000000000000000b RDI: ffffffff871dcd00 [ 104.392585][ T7215] RBP: 000000000000000b R08: 000188810d2585bb R09: 0000000000000000 [ 104.400580][ T7215] R10: 0000000000000406 R11: 0000000000000002 R12: ffff88810d2585b8 [ 104.408603][ T7215] R13: ffffffff871dcd00 R14: ffff88810d258570 R15: 0000000000000001 [ 104.417067][ T7215] FS: 00007f4ae492e6c0(0000) GS:ffff8882ae8d8000(0000) knlGS:0000000000000000 [ 104.426274][ T7215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.432906][ T7215] CR2: 00007f81896356b8 CR3: 00000001498a8000 CR4: 00000000003506f0 [ 104.440975][ T7215] DR0: 00000000000003ff DR1: 0000000000000000 DR2: 0000000000000000 [ 104.449018][ T7215] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 104.457172][ T7215] Call Trace: [ 104.460471][ T7215] [ 104.463463][ T7215] ext4_xattr_set_entry+0x77c/0x1010 [ 104.468806][ T7215] ext4_xattr_ibody_set+0x184/0x3c0 [ 104.474111][ T7215] ext4_expand_extra_isize_ea+0xd7b/0x11a0 [ 104.479964][ T7215] __ext4_expand_extra_isize+0x246/0x280 [ 104.485798][ T7215] __ext4_mark_inode_dirty+0x29b/0x400 [ 104.491329][ T7215] ext4_evict_inode+0x865/0xe40 [ 104.496523][ T7215] ? __pfx_ext4_evict_inode+0x10/0x10 [ 104.502044][ T7215] evict+0x2af/0x510 [ 104.506048][ T7215] ? __dquot_initialize+0x146/0x7c0 [ 104.511493][ T7215] iput+0x41a/0x580 [ 104.515392][ T7215] ext4_process_orphan+0x1a9/0x1c0 [ 104.520554][ T7215] ext4_orphan_cleanup+0x6a8/0xa00 [ 104.526212][ T7215] ext4_fill_super+0x3414/0x37c0 [ 104.531230][ T7215] ? set_blocksize+0x14c/0x270 [ 104.536170][ T7215] ? setup_bdev_super+0x30e/0x370 [ 104.541565][ T7215] ? __pfx_ext4_fill_super+0x10/0x10 [ 104.547041][ T7215] get_tree_bdev_flags+0x291/0x300 [ 104.552232][ T7215] ? __pfx_ext4_fill_super+0x10/0x10 [ 104.557837][ T7215] get_tree_bdev+0x1f/0x30 [ 104.562354][ T7215] ext4_get_tree+0x1c/0x30 [ 104.566889][ T7215] vfs_get_tree+0x57/0x1d0 [ 104.571621][ T7215] do_new_mount+0x288/0x8d0 [ 104.576198][ T7215] path_mount+0x4d0/0xbc0 [ 104.580564][ T7215] __se_sys_mount+0x28c/0x2e0 [ 104.585324][ T7215] __x64_sys_mount+0x67/0x80 [ 104.589945][ T7215] x64_sys_call+0x2d61/0x3020 [ 104.594667][ T7215] do_syscall_64+0x12c/0x370 [ 104.599379][ T7215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.605359][ T7215] RIP: 0033:0x7f4ae5efda8a [ 104.609798][ T7215] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 104.629794][ T7215] RSP: 002b:00007f4ae492de58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 104.638410][ T7215] RAX: ffffffffffffffda RBX: 00007f4ae492dee0 RCX: 00007f4ae5efda8a [ 104.646433][ T7215] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007f4ae492dea0 [ 104.654453][ T7215] RBP: 0000200000000180 R08: 00007f4ae492dee0 R09: 0000000000800718 [ 104.662651][ T7215] R10: 0000000000800718 R11: 0000000000000246 R12: 0000200000000140 [ 104.670650][ T7215] R13: 00007f4ae492dea0 R14: 00000000000004a3 R15: 00002000000003c0 [ 104.678841][ T7215] [ 104.681889][ T7215] ---[ end trace 0000000000000000 ]--- [ 104.692873][ T7215] EXT4-fs (loop2): 1 orphan inode deleted [ 104.699198][ T7215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.014254][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.664009][ T7289] syzkaller1: entered promiscuous mode [ 105.669604][ T7289] syzkaller1: entered allmulticast mode [ 105.847869][ T3426] Process accounting resumed [ 105.901180][ T7300] A link change request failed with some changes committed already. Interface sit3 may have been left with an inconsistent configuration, please check. [ 106.294551][ T7320] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.301857][ T7320] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.516704][ T7320] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.529330][ T7320] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.743709][ T7327] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 106.769855][ T59] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.779578][ T59] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.794579][ T59] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.845358][ T59] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.141917][ T7387] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 107.345582][ T7400] netlink: 'syz.4.1542': attribute type 7 has an invalid length. [ 107.412845][ T7400] netlink: 'syz.4.1542': attribute type 7 has an invalid length. [ 107.854255][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 107.854274][ T28] audit: type=1400 audit(1775067035.101:845): avc: denied { setopt } for pid=7427 comm="syz.4.1554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 107.902824][ T28] audit: type=1400 audit(1775067035.101:846): avc: denied { read } for pid=7427 comm="syz.4.1554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 108.020893][ T28] audit: type=1400 audit(1775067035.261:847): avc: denied { watch } for pid=7437 comm="syz.1.1559" path="/303/file0" dev="tmpfs" ino=1589 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 108.514936][ T7473] loop3: detected capacity change from 0 to 164 [ 108.527179][ T7473] Unable to read rock-ridge attributes [ 108.535619][ T7473] Unable to read rock-ridge attributes [ 108.536868][ T28] audit: type=1400 audit(1775067035.781:848): avc: denied { mount } for pid=7471 comm="syz.3.1572" name="/" dev="loop3" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 108.541686][ T7473] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 108.623604][ T28] audit: type=1400 audit(1775067035.871:849): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 108.671388][ T7480] loop3: detected capacity change from 0 to 128 [ 108.693004][ T7480] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61ff7272 (sector = 1) [ 108.716438][ T7480] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000100) [ 108.724557][ T7480] FAT-fs (loop3): Filesystem has been set read-only [ 108.731183][ T7480] syz.3.1575: attempt to access beyond end of device [ 108.731183][ T7480] loop3: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 108.786688][ T7484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1577'. [ 108.798608][ T28] audit: type=1400 audit(1775067036.031:850): avc: denied { write } for pid=7481 comm="syz.3.1576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 109.115935][ T7489] Process accounting resumed [ 109.439764][ T28] audit: type=1400 audit(1775067036.681:851): avc: denied { connect } for pid=7506 comm="syz.3.1587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 109.483744][ T28] audit: type=1400 audit(1775067036.711:852): avc: denied { read } for pid=7506 comm="syz.3.1587" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 109.504733][ T7515] netlink: 'syz.2.1589': attribute type 4 has an invalid length. [ 109.517495][ T7515] netlink: 'syz.2.1589': attribute type 4 has an invalid length. [ 109.880582][ T28] audit: type=1400 audit(1775067037.111:853): avc: denied { mount } for pid=7539 comm="syz.5.1600" name="/" dev="ramfs" ino=17864 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 109.961915][ T28] audit: type=1400 audit(1775067037.111:854): avc: denied { create } for pid=7539 comm="syz.5.1600" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1 [ 110.204148][ T7565] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1609'. [ 110.239053][ T7536] futex_wake_op: syz.2.1598 tries to shift op by 32; fix this program [ 110.256501][ T7570] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1610'. [ 110.410875][ T7589] loop2: detected capacity change from 0 to 256 [ 110.424847][ T7591] netlink: 'syz.4.1620': attribute type 2 has an invalid length. [ 110.532774][ T7603] loop2: detected capacity change from 0 to 1024 [ 110.564416][ T7603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.614840][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.818511][ T7696] raw_sendmsg: syz.1.1661 forgot to set AF_INET. Fix it! [ 111.930868][ T3410] IPVS: starting estimator thread 0... [ 112.022265][ T7713] IPVS: using max 2304 ests per chain, 115200 per kthread [ 112.210165][ T7733] loop1: detected capacity change from 0 to 1024 [ 112.217718][ T7733] EXT4-fs: Ignoring removed bh option [ 112.227075][ T7735] netlink: 'syz.4.1678': attribute type 1 has an invalid length. [ 112.253999][ T7733] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.289102][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.291251][ T7735] bond1: entered promiscuous mode [ 112.322421][ T7735] 8021q: adding VLAN 0 to HW filter on device bond1 [ 112.351142][ T7742] bond1: (slave bridge1): making interface the new active one [ 112.373179][ T7742] bridge1: entered promiscuous mode [ 112.386775][ T7742] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 112.529136][ T7744] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.531255][ T7755] loop3: detected capacity change from 0 to 512 [ 112.536408][ T7744] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.577268][ T7755] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.582037][ T7758] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1686'. [ 112.607826][ T7755] ext4 filesystem being mounted at /340/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 112.688738][ T7744] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.718344][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.777632][ T12] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.795846][ T12] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.811832][ T12] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.830727][ T12] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.832856][ T7772] ref_ctr_offset mismatch. inode: 0x777 offset: 0x5 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0 [ 112.839516][ T12] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.863091][ T12] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.871715][ T7769] netlink: 'syz.3.1690': attribute type 12 has an invalid length. [ 112.879704][ T7769] netlink: 'syz.3.1690': attribute type 29 has an invalid length. [ 112.887596][ T7769] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1690'. [ 112.896779][ T7769] netlink: 'syz.3.1690': attribute type 2 has an invalid length. [ 112.904581][ T7769] netlink: 23 bytes leftover after parsing attributes in process `syz.3.1690'. [ 112.915210][ T7774] ªªªªªª: renamed from vlan0 [ 112.924854][ T12] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.948960][ T12] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.011592][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 113.011619][ T28] audit: type=1400 audit(1775067040.251:877): avc: denied { create } for pid=7789 comm="syz.3.1700" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 113.100783][ T28] audit: type=1400 audit(1775067040.341:878): avc: denied { getopt } for pid=7793 comm="syz.1.1702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 113.107793][ T7799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1704'. [ 113.402304][ T28] audit: type=1400 audit(1775067040.381:879): avc: denied { ioctl } for pid=7800 comm="syz.1.1705" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=18602 ioctlcmd=0x5423 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 113.472556][ T28] audit: type=1400 audit(1775067040.491:880): avc: denied { write } for pid=23 comm="kworker/1:0" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=18635 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 113.481392][ T7825] netlink: 'syz.4.1716': attribute type 1 has an invalid length. [ 113.620681][ T28] audit: type=1400 audit(1775067040.551:881): avc: denied { setopt } for pid=7806 comm="syz.3.1709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 113.716803][ T7825] 8021q: adding VLAN 0 to HW filter on device bond2 [ 113.788952][ T28] audit: type=1400 audit(1775067041.021:882): avc: denied { create } for pid=7842 comm="syz.3.1724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 113.881868][ T28] audit: type=1400 audit(1775067041.021:883): avc: denied { bind } for pid=7842 comm="syz.3.1724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 113.960614][ T28] audit: type=1400 audit(1775067041.031:884): avc: denied { listen } for pid=7842 comm="syz.3.1724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 114.013084][ T28] audit: type=1400 audit(1775067041.031:885): avc: denied { connect } for pid=7842 comm="syz.3.1724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 114.063124][ T28] audit: type=1400 audit(1775067041.061:886): avc: denied { read } for pid=7842 comm="syz.3.1724" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 114.421816][ T7878] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 114.480746][ T7878] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.610108][ T7878] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 114.622523][ T7878] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.646578][ T7900] rdma_op ffff88812f86f580 conn xmit_rdma 0000000000000000 [ 114.718575][ T7878] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 114.729191][ T7878] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.805745][ T7914] macvlan0: entered promiscuous mode [ 114.811907][ T7914] team0: entered promiscuous mode [ 114.817401][ T7914] team_slave_0: entered promiscuous mode [ 114.838695][ T7914] team_slave_1: entered promiscuous mode [ 114.845347][ T7914] team0: left promiscuous mode [ 114.851079][ T7914] team_slave_0: left promiscuous mode [ 114.856903][ T7914] team_slave_1: left promiscuous mode [ 114.868142][ T7914] macvlan0: left promiscuous mode [ 114.915634][ T7878] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 114.936485][ T7878] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.102365][ T12] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.110709][ T12] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.136203][ T12] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.149417][ T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.182570][ T12] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.219376][ T12] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.238087][ T12] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 115.261465][ T12] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.714298][ T7953] netlink: 'syz.1.1774': attribute type 13 has an invalid length. [ 115.722555][ T7953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1774'. [ 115.732001][ T7953] netlink: 'syz.1.1774': attribute type 13 has an invalid length. [ 115.740451][ T7953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1774'. [ 115.909722][ T7963] atomic_op ffff888103eaa928 conn xmit_atomic 0000000000000000 [ 115.973298][ T7969] ipip1: entered promiscuous mode [ 115.978459][ T7969] ipip1: entered allmulticast mode [ 116.083426][ T7975] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.091240][ T7975] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.101408][ T7975] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.108571][ T7975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.116140][ T7975] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.123226][ T7975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.132703][ T7975] team0: Port device bridge0 added [ 116.183102][ T7977] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1785'. [ 116.336379][ T7991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1791'. [ 116.370358][ T7991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1791'. [ 116.381579][ T7991] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1791'. [ 117.387816][ T8053] netlink: 'syz.2.1818': attribute type 9 has an invalid length. [ 117.396070][ T8053] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1818'. [ 117.409493][ T2291] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 117.414132][ T8053] netlink: 'syz.2.1818': attribute type 9 has an invalid length. [ 117.425272][ T2291] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 117.432782][ T8053] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1818'. [ 117.453573][ T2291] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 117.461910][ T2291] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.257485][ T8106] sit0: entered promiscuous mode [ 118.266358][ T8106] netlink: 'syz.5.1841': attribute type 1 has an invalid length. [ 118.278283][ T8106] netlink: 9 bytes leftover after parsing attributes in process `syz.5.1841'. [ 118.308790][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 118.308807][ T28] audit: type=1400 audit(1775067045.541:913): avc: denied { write } for pid=8107 comm="syz.4.1842" path="socket:[19613]" dev="sockfs" ino=19613 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 118.537503][ T28] audit: type=1400 audit(1775067045.781:914): avc: denied { write } for pid=8118 comm="syz.3.1846" name="file0" dev="tmpfs" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 118.561153][ T28] audit: type=1400 audit(1775067045.781:915): avc: denied { open } for pid=8118 comm="syz.3.1846" path="/375/file0" dev="tmpfs" ino=1956 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 118.584594][ T28] audit: type=1400 audit(1775067045.801:916): avc: denied { ioctl } for pid=8118 comm="syz.3.1846" path="/375/file0" dev="tmpfs" ino=1956 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 118.822362][ T8130] sctp: [Deprecated]: syz.2.1850 (pid 8130) Use of struct sctp_assoc_value in delayed_ack socket option. [ 118.822362][ T8130] Use struct sctp_sack_info instead [ 118.874384][ T28] audit: type=1400 audit(1775067046.121:917): avc: denied { create } for pid=8133 comm="syz.2.1853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 119.008108][ T8149] Invalid argument reading file caps for ./file0 [ 119.358316][ T8196] tipc: Started in network mode [ 119.363447][ T8196] tipc: Node identity 00000000400000000000000000000001, cluster identity 4711 [ 119.372808][ T8196] tipc: Enabling of bearer rejected, failed to enable media [ 119.432436][ T8203] loop2: detected capacity change from 0 to 164 [ 119.440899][ T8203] rock: directory entry would overflow storage [ 119.448182][ T8203] rock: sig=0x5252, size=5, remaining=3 [ 119.521454][ T8208] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.568066][ T8208] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.613782][ T8208] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.665988][ T8208] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.729811][ T12] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 119.752499][ T12] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 119.781408][ T12] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 119.810968][ T12] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 120.314394][ T28] audit: type=1400 audit(1775067047.561:918): avc: denied { map } for pid=8262 comm="syz.2.1899" path="/dev/usbmon0" dev="devtmpfs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 120.444765][ T8259] Invalid option length (63724) for dns_resolver key [ 120.556753][ T28] audit: type=1400 audit(1775067047.761:919): avc: denied { mounton } for pid=8270 comm="syz.2.1903" path="/proc/904/task" dev="proc" ino=19895 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 120.580449][ T8276] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1905'. [ 120.662393][ T28] audit: type=1400 audit(1775067047.901:920): avc: denied { connect } for pid=8280 comm="syz.4.1906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 121.054731][ T8301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1916'. [ 121.203893][ T28] audit: type=1400 audit(1775067048.451:921): avc: denied { ioctl } for pid=8314 comm="syz.3.1922" path="socket:[20775]" dev="sockfs" ino=20775 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 121.203897][ T8315] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 121.206342][ T8315] bond0: (slave lo): making interface the new active one [ 121.302556][ T8315] bond0: (slave lo): Enslaving as an active interface with an up link [ 121.529075][ T8326] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4080 [ 121.580434][ T8330] netlink: 9275 bytes leftover after parsing attributes in process `syz.3.1928'. [ 121.687425][ T8336] Invalid option length (63724) for dns_resolver key [ 121.697184][ T28] audit: type=1326 audit(1775067048.941:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8339 comm="syz.2.1933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ae5efc819 code=0x7ffc0000 [ 121.891118][ T8363] loop2: detected capacity change from 0 to 512 [ 121.904802][ T8363] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.922304][ T8363] ext4 filesystem being mounted at /405/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.933870][ T8363] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.217133][ T8388] dvmrp0: left allmulticast mode [ 122.268870][ T8392] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1956'. [ 122.350249][ T8400] ipvlan2: entered promiscuous mode [ 122.357253][ T8400] ipvlan2: entered allmulticast mode [ 122.363488][ T8400] erspan0: entered allmulticast mode [ 122.370638][ T8400] team0: Device ipvlan2 failed to register rx_handler [ 122.483826][ T8412] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 122.488681][ T8414] netlink: 'syz.3.1965': attribute type 1 has an invalid length. [ 122.517635][ T8414] 8021q: adding VLAN 0 to HW filter on device bond3 [ 122.551149][ T8414] bond3: (slave geneve2): making interface the new active one [ 122.567272][ T8414] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 122.576111][ T8167] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.592550][ T8167] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.603205][ T8167] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.612112][ T8167] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.851389][ T8445] loop2: detected capacity change from 0 to 1024 [ 122.873813][ T8445] EXT4-fs: Ignoring removed nomblk_io_submit option [ 122.904920][ T8445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.969810][ T3318] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.023399][ T8455] bridge0: entered promiscuous mode [ 123.028714][ T8455] bridge0: entered allmulticast mode [ 123.032499][ T8457] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1983'. [ 123.094037][ T8461] loop2: detected capacity change from 0 to 256 [ 123.658471][ T8506] netlink: 'syz.4.2002': attribute type 1 has an invalid length. [ 123.674810][ T8506] 8021q: adding VLAN 0 to HW filter on device bond3 [ 123.707608][ T8506] bond3: (slave geneve2): making interface the new active one [ 123.717484][ T8506] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 123.770421][ T28] kauditd_printk_skb: 37 callbacks suppressed [ 123.770439][ T28] audit: type=1400 audit(1775067051.011:960): avc: denied { read } for pid=8512 comm="syz.4.2005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 123.803547][ T28] audit: type=1326 audit(1775067051.041:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.827360][ T28] audit: type=1326 audit(1775067051.041:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.851540][ T28] audit: type=1326 audit(1775067051.041:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.875663][ T28] audit: type=1326 audit(1775067051.041:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.899476][ T28] audit: type=1326 audit(1775067051.041:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.923725][ T28] audit: type=1326 audit(1775067051.041:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.947989][ T28] audit: type=1326 audit(1775067051.041:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.972095][ T28] audit: type=1326 audit(1775067051.041:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 123.996041][ T28] audit: type=1326 audit(1775067051.041:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8514 comm="syz.3.2006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 124.327726][ T8554] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 124.438810][ T8562] netlink: 168 bytes leftover after parsing attributes in process `syz.5.2025'. [ 124.570441][ T8577] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.576867][ T8579] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2041'. [ 124.644124][ T8577] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.683793][ T8577] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.727373][ T8577] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.800021][ T8167] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.816202][ T8167] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.836401][ T8167] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.862675][ T8167] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.176672][ T8636] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 125.187395][ T8636] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.244834][ T8636] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 125.255248][ T8636] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.295389][ T8636] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 125.305782][ T8636] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.365361][ T8636] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 125.375943][ T8636] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.439178][ T8171] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 2816 - 0 [ 125.448120][ T8171] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.460363][ T8171] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 2816 - 0 [ 125.470246][ T8171] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.482656][ T8171] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 2816 - 0 [ 125.491096][ T8171] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.516159][ T8171] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 2816 - 0 [ 125.525029][ T8171] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.678045][ T8659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.687598][ T8659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.697762][ T8659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.707054][ T8659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.732555][ T8663] loop1: detected capacity change from 0 to 2048 [ 125.752971][ T8663] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.764770][ T8662] xt_CT: You must specify a L4 protocol and not use inversions on it [ 125.785032][ T8663] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 125.800274][ T8663] EXT4-fs error (device loop1) in ext4_setattr:6028: error 28 [ 125.817477][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.953659][ T8685] netlink: 'syz.1.2078': attribute type 4 has an invalid length. [ 126.249400][ T8716] netlink: 876 bytes leftover after parsing attributes in process `syz.5.2091'. [ 126.262643][ T8716] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2091'. [ 126.372298][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2095'. [ 126.391866][ T8726] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2095'. [ 126.405651][ T8726] netlink: 'syz.5.2095': attribute type 6 has an invalid length. [ 126.414490][ T8726] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2095'. [ 126.423941][ T8726] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2095'. [ 126.433363][ T8726] netlink: 'syz.5.2095': attribute type 6 has an invalid length. [ 126.525337][ T8736] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 127.965406][ T8878] loop2: detected capacity change from 0 to 256 [ 127.981631][ T8877] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2123'. [ 128.075033][ T8887] netlink: 'syz.1.2129': attribute type 1 has an invalid length. [ 128.094049][ T8887] 8021q: adding VLAN 0 to HW filter on device bond1 [ 128.126119][ T8887] bond1: (slave geneve2): making interface the new active one [ 128.135041][ T8887] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 128.147888][ T8166] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20004 - 0 [ 128.162665][ T8166] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20004 - 0 [ 128.177433][ T8166] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20004 - 0 [ 128.226270][ T8166] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20004 - 0 [ 128.385272][ T8922] loop1: detected capacity change from 0 to 256 [ 128.406962][ T8922] FAT-fs (loop1): bogus number of FAT sectors [ 128.421149][ T8922] FAT-fs (loop1): Can't find a valid FAT filesystem [ 128.569592][ T8943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2153'. [ 128.586283][ T8945] loop3: detected capacity change from 0 to 128 [ 128.619063][ T8945] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 128.636442][ T8945] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 128.692317][ T8176] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 128.922768][ T8959] netlink: 'syz.3.2160': attribute type 18 has an invalid length. [ 128.930898][ T8959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2160'. [ 128.946907][ T8959] netlink: 'syz.3.2160': attribute type 18 has an invalid length. [ 128.947410][ T83] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.962536][ T8959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2160'. [ 128.971889][ T83] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.985181][ T83] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 128.993973][ T83] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 129.026636][ T8965] loop3: detected capacity change from 0 to 128 [ 129.041473][ T8965] syz.3.2162: attempt to access beyond end of device [ 129.041473][ T8965] loop3: rw=2049, sector=138, nr_sectors = 2 limit=128 [ 129.075469][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 129.075490][ T28] audit: type=1400 audit(1775067056.311:998): avc: denied { ioctl } for pid=8966 comm="syz.4.2164" path="socket:[21874]" dev="sockfs" ino=21874 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 129.111293][ T28] audit: type=1400 audit(1775067056.311:999): avc: denied { bind } for pid=8966 comm="syz.4.2164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 129.430971][ T28] audit: type=1400 audit(1775067056.641:1000): avc: denied { ioctl } for pid=8978 comm="syz.3.2170" path="socket:[21909]" dev="sockfs" ino=21909 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 129.513470][ T28] audit: type=1400 audit(1775067056.761:1001): avc: denied { append } for pid=8990 comm="syz.2.2173" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 129.551786][ T28] audit: type=1400 audit(1775067056.761:1002): avc: denied { ioctl } for pid=8990 comm="syz.2.2173" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x920a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 129.636553][ T28] audit: type=1326 audit(1775067056.871:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8999 comm="syz.2.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ae5efc819 code=0x7ffc0000 [ 129.687981][ T28] audit: type=1326 audit(1775067056.871:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8999 comm="syz.2.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ae5efc819 code=0x7ffc0000 [ 129.712609][ T28] audit: type=1326 audit(1775067056.871:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8999 comm="syz.2.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ae5efc819 code=0x7ffc0000 [ 129.737122][ T28] audit: type=1326 audit(1775067056.871:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8999 comm="syz.2.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ae5efc819 code=0x7ffc0000 [ 129.761066][ T28] audit: type=1326 audit(1775067056.871:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8999 comm="syz.2.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f4ae5efc819 code=0x7ffc0000 [ 129.904481][ T9014] loop3: detected capacity change from 0 to 2048 [ 129.919744][ T9016] smc: net device bond0 applied user defined pnetid SYZ2 [ 129.942717][ T9014] EXT4-fs: Ignoring removed nomblk_io_submit option [ 130.028511][ T9014] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.104941][ T9021] loop1: detected capacity change from 0 to 1764 [ 130.105084][ T9014] EXT4-fs error (device loop3): ext4_validate_block_bitmap:432: comm syz.3.2185: bg 0: block 2: invalid block bitmap [ 130.121679][ T9025] loop2: detected capacity change from 0 to 8192 [ 130.124965][ T9014] EXT4-fs (loop3): Remounting filesystem read-only [ 130.139625][ T9021] ISOFS: Unable to identify CD-ROM format. [ 130.187983][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.238788][ T9033] loop1: detected capacity change from 0 to 256 [ 130.283316][ T9033] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 131.109067][ T9084] netlink: 'syz.2.2215': attribute type 19 has an invalid length. [ 131.123883][ T9084] netlink: 'syz.2.2215': attribute type 19 has an invalid length. [ 131.640591][ T9106] loop1: detected capacity change from 0 to 1024 [ 131.652339][ T9106] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 131.662423][ T9106] System zones: 0-1, 3-36 [ 131.671117][ T9106] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz.1.2221: bad orphan inode 134217728 [ 131.682453][ T9106] loop1: lost filesystem error report for type 5 error -117 [ 131.683015][ T9106] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.977509][ T9143] __nla_validate_parse: 4 callbacks suppressed [ 131.977581][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2236'. [ 132.002617][ T9143] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2236'. [ 132.032792][ T8176] netdevsim netdevsim5 eth0: set [0, 1] type 1 family 0 port 8472 - 0 [ 132.042585][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.067086][ T8176] netdevsim netdevsim5 eth1: set [0, 1] type 1 family 0 port 8472 - 0 [ 132.101026][ T8176] netdevsim netdevsim5 eth2: set [0, 1] type 1 family 0 port 8472 - 0 [ 132.123987][ T8176] netdevsim netdevsim5 eth3: set [0, 1] type 1 family 0 port 8472 - 0 [ 132.269911][ T9170] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2247'. [ 132.378515][ T9179] syzkaller1: entered promiscuous mode [ 132.384545][ T9179] syzkaller1: entered allmulticast mode [ 133.167939][ T9194] loop1: detected capacity change from 0 to 32768 [ 133.224118][ T9194] loop1: p1 p3 < > [ 133.379903][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 133.386572][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 133.672235][ T9241] netlink: 'syz.1.2273': attribute type 12 has an invalid length. [ 133.694880][ T9221] chnl_net:caif_netlink_parms(): no params data found [ 133.700975][ T9241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2273'. [ 133.734568][ T9241] netlink: 'syz.1.2273': attribute type 12 has an invalid length. [ 133.771892][ T9241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2273'. [ 133.787495][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.794965][ T9221] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.802617][ T9221] bridge_slave_0: entered allmulticast mode [ 133.809690][ T9221] bridge_slave_0: entered promiscuous mode [ 133.817656][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.834428][ T9221] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.851585][ T9221] bridge_slave_1: entered allmulticast mode [ 133.858335][ T9221] bridge_slave_1: entered promiscuous mode [ 133.878595][ T9221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 133.889471][ T9221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 133.910515][ T9221] team0: Port device team_slave_0 added [ 133.917567][ T9221] team0: Port device team_slave_1 added [ 133.936792][ T9221] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 133.945956][ T9221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 133.972547][ T9221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 133.992048][ T9221] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 134.004722][ T9221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 134.038900][ T9221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 134.120383][ T9221] hsr_slave_0: entered promiscuous mode [ 134.137627][ T9221] hsr_slave_1: entered promiscuous mode [ 134.153984][ T9221] debugfs: 'hsr0' already exists in 'hsr' [ 134.170909][ T9221] Cannot create hsr debugfs directory [ 134.364398][ T9221] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 134.373995][ T9221] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 134.383372][ T9221] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 134.401145][ T9221] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 134.454545][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.461783][ T9221] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.469097][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.476351][ T9221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.525588][ T8166] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.535762][ T8166] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.673278][ T9221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 134.699276][ T9221] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.709849][ T8166] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.717044][ T8166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.735754][ T8172] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.743206][ T8172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.829765][ T9296] netlink: 228 bytes leftover after parsing attributes in process `syz.1.2289'. [ 134.899070][ T9221] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 135.023956][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 135.023971][ T28] audit: type=1400 audit(1775067062.271:1047): avc: denied { write } for pid=9326 comm="syz.5.2298" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 135.112652][ T9221] veth0_vlan: entered promiscuous mode [ 135.133754][ T9221] veth1_vlan: entered promiscuous mode [ 135.155220][ T9221] veth0_macvtap: entered promiscuous mode [ 135.166909][ T9221] veth1_macvtap: entered promiscuous mode [ 135.180968][ T9221] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.197706][ T9221] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.209854][ T8172] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.219277][ T8172] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.228494][ T9324] loop1: detected capacity change from 0 to 32768 [ 135.236636][ T8172] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.245789][ T8172] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.261388][ T28] audit: type=1400 audit(1775067062.501:1048): avc: denied { mounton } for pid=9221 comm="syz-executor" path="/root/syzkaller.budzbE/syz-tmp" dev="sda1" ino=2049 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 135.287390][ T28] audit: type=1400 audit(1775067062.501:1049): avc: denied { mounton } for pid=9221 comm="syz-executor" path="/root/syzkaller.budzbE/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 135.300713][ T3302] loop1: p1 p3 < > [ 135.316769][ T28] audit: type=1400 audit(1775067062.501:1050): avc: denied { mounton } for pid=9221 comm="syz-executor" path="/root/syzkaller.budzbE/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=23854 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 135.349462][ T28] audit: type=1400 audit(1775067062.531:1051): avc: denied { mounton } for pid=9221 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=538 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 135.351129][ T9324] loop1: p1 p3 < > [ 135.387795][ T28] audit: type=1400 audit(1775067062.531:1052): avc: denied { mount } for pid=9221 comm="syz-executor" name="/" dev="gadgetfs" ino=4727 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 135.512953][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 135.524307][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 135.554410][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 135.565658][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 135.609761][ T9357] loop1: detected capacity change from 0 to 4096 [ 135.623213][ T9357] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.646941][ T28] audit: type=1400 audit(1775067062.891:1053): avc: denied { read write } for pid=9356 comm="syz.1.2308" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 135.677061][ T28] audit: type=1400 audit(1775067062.891:1054): avc: denied { open } for pid=9356 comm="syz.1.2308" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 135.701606][ T28] audit: type=1400 audit(1775067062.921:1055): avc: denied { mounton } for pid=9356 comm="syz.1.2308" path="/421/file0/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 135.735411][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.804965][ T9368] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2312'. [ 135.814373][ T9368] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2312'. [ 135.874521][ T28] audit: type=1400 audit(1775067063.121:1056): avc: denied { getopt } for pid=9369 comm="syz.1.2313" lport=57586 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 136.516410][ T9386] loop1: detected capacity change from 0 to 128 [ 136.529958][ T9386] FAT-fs (loop1): bogus logical sector size 759 [ 136.546911][ T9386] FAT-fs (loop1): Can't find a valid FAT filesystem [ 136.728320][ T9398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 136.737766][ T9398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.056612][ T9400] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2327'. [ 137.082014][ T9398] Set syz1 is full, maxelem 65536 reached [ 137.083280][ T9400] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.095008][ T9400] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.109405][ T9401] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2327'. [ 137.432084][ T9273] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 137.504907][ T9412] loop3: detected capacity change from 0 to 512 [ 137.529567][ T9412] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 137.556575][ T9412] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.588177][ T9412] ext4 filesystem being mounted at /459/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 137.733882][ T9412] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #15: comm syz.3.2332: corrupted xattr block 33: invalid ea_ino [ 137.774127][ T9412] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 137.822253][ T9412] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #15: comm syz.3.2332: corrupted xattr block 33: invalid ea_ino [ 138.101715][ T9432] netlink: 'syz.1.2340': attribute type 10 has an invalid length. [ 138.115704][ T9432] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2340'. [ 138.129952][ T9424] loop6: detected capacity change from 0 to 32768 [ 138.137014][ T9432] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 138.180968][ T3302] loop6: p1 p3 < > [ 138.194060][ T9424] loop6: p1 p3 < > [ 138.367829][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 138.379298][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 138.402670][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.441391][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 138.452893][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory [ 138.604236][ T9473] netlink: 25 bytes leftover after parsing attributes in process `syz.6.2357'. [ 138.615614][ T9471] netlink: 'syz.5.2356': attribute type 1 has an invalid length. [ 138.632327][ T9473] netlink: 140 bytes leftover after parsing attributes in process `syz.6.2357'. [ 138.641406][ T9473] netlink: 25 bytes leftover after parsing attributes in process `syz.6.2357'. [ 138.673647][ T9471] 8021q: adding VLAN 0 to HW filter on device bond2 [ 138.693886][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2358'. [ 138.738846][ T9477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2358'. [ 138.765074][ T9475] bond2: (slave geneve2): making interface the new active one [ 138.794372][ T9475] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 139.076308][ T9479] loop3: detected capacity change from 0 to 32768 [ 139.224809][ T9517] loop1: detected capacity change from 0 to 256 [ 139.234242][ T9517] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 139.257010][ T9517] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 139.650142][ T9552] netlink: 180 bytes leftover after parsing attributes in process `syz.5.2389'. [ 139.659607][ T9552] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2389'. [ 139.686882][ T9543] loop1: detected capacity change from 0 to 32768 [ 139.722888][ T3302] loop1: p1 p3 < > [ 139.733899][ T9543] loop1: p1 p3 < > [ 139.890922][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 139.902609][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 139.942504][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 139.963261][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 140.298310][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 140.298374][ T28] audit: type=1400 audit(1775067067.541:1085): avc: denied { write } for pid=9596 comm="syz.4.2417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 140.464638][ T9609] loop6: detected capacity change from 0 to 2048 [ 140.484336][ T9609] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.496756][ T9609] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.511501][ T9609] EXT4-fs (loop6): shut down requested (0) [ 140.513436][ T28] audit: type=1400 audit(1775067067.751:1086): avc: denied { read } for pid=2981 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 140.540642][ T28] audit: type=1400 audit(1775067067.751:1087): avc: denied { search } for pid=2981 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 140.563946][ T28] audit: type=1400 audit(1775067067.751:1088): avc: denied { append } for pid=2981 comm="syslogd" name="messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 140.587016][ T28] audit: type=1400 audit(1775067067.751:1089): avc: denied { open } for pid=2981 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 140.609990][ T28] audit: type=1400 audit(1775067067.751:1090): avc: denied { getattr } for pid=2981 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 140.633534][ T28] audit: type=1326 audit(1775067067.781:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9610 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 140.633901][ T9221] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.657223][ T28] audit: type=1326 audit(1775067067.781:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9610 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f998e9bc819 code=0x7ffc0000 [ 140.657253][ T28] audit: type=1326 audit(1775067067.781:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9610 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f998e9b6597 code=0x7ffc0000 [ 140.738553][ T28] audit: type=1326 audit(1775067067.781:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9610 comm="syz.3.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f998e95db99 code=0x7ffc0000 [ 140.757661][ T9633] loop6: detected capacity change from 0 to 128 [ 140.955243][ T9649] loop6: detected capacity change from 0 to 256 [ 140.963901][ T9649] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 141.126705][ T9652] 9pnet: p9_errstr2errno: server reported unknown error ÿ [ 141.277682][ T9662] syzkaller1: entered promiscuous mode [ 141.285617][ T9662] syzkaller1: entered allmulticast mode [ 141.427726][ T9670] bridge2: entered promiscuous mode [ 141.453915][ T9670] bridge2: entered allmulticast mode [ 141.697658][ T9679] loop1: detected capacity change from 0 to 1024 [ 141.712311][ T9679] EXT4-fs error (device loop1): ext4_acquire_dquot:7026: comm syz.1.2440: Failed to acquire dquot type 0 [ 141.732832][ T9679] loop1: lost filesystem error report for type 5 error -117 [ 141.733095][ T9679] EXT4-fs error (device loop1): mb_free_blocks:2049: group 0, inode 13: block 160:freeing already freed block (bit 10); block bitmap corrupt. [ 141.755664][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 141.755688][ C1] EXT4-fs (loop1): initial error at time 1775067068: ext4_acquire_dquot:7026 [ 141.755713][ C1] EXT4-fs (loop1): last error at time 1775067068: ext4_acquire_dquot:7026 [ 141.784423][ T9679] EXT4-fs (loop1): 1 truncate cleaned up [ 141.790978][ T9679] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.843560][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.949488][ T9687] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 141.949488][ T9687] The task syz.3.2443 (9687) triggered the difference, watch for misbehavior. [ 142.140498][ T9701] __nla_validate_parse: 2 callbacks suppressed [ 142.140534][ T9701] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2449'. [ 142.163651][ T9701] hsr_slave_1 (unregistering): left promiscuous mode [ 142.200076][ T9706] loop1: detected capacity change from 0 to 512 [ 142.216869][ T9706] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.233962][ T9706] ext4 filesystem being mounted at /450/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 142.264936][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.293674][ T9711] xt_bpf: check failed: parse error [ 142.337169][ T9713] netlink: 'syz.1.2454': attribute type 1 has an invalid length. [ 142.351479][ T9713] 8021q: adding VLAN 0 to HW filter on device bond2 [ 142.372763][ T9713] bond2: (slave geneve3): making interface the new active one [ 142.381799][ T9713] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 142.390871][ T8172] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 142.403883][ T8172] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 142.419948][ T8172] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 142.439879][ T8172] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 142.653434][ T9709] Set syz1 is full, maxelem 65536 reached [ 143.086063][ T8168] tipc: Subscription rejected, illegal request [ 144.454064][ T9672] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 144.556001][ T9795] loop1: detected capacity change from 0 to 2048 [ 144.573745][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2487'. [ 144.592639][ T9795] loop1: p2 < > p4 [ 144.599846][ T9795] loop1: p4 size 262144 extends beyond EOD, truncated [ 144.688219][ T9806] loop6: detected capacity change from 0 to 128 [ 144.700541][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 144.728913][ T9806] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 144.760587][ T9806] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 144.846686][ T9806] EXT4-fs (loop6): shut down requested (0) [ 144.906694][ T9812] loop3: detected capacity change from 0 to 8192 [ 145.002621][ T9221] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 145.193310][ T9835] loop1: detected capacity change from 0 to 128 [ 145.511902][ T28] kauditd_printk_skb: 561 callbacks suppressed [ 145.511920][ T28] audit: type=1400 audit(1775067072.751:1654): avc: denied { attach_queue } for pid=9850 comm="syz.1.2509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 145.658516][ T9774] kexec: Could not allocate control_code_buffer [ 145.941856][ T28] audit: type=1326 audit(1775067073.181:1655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9864 comm="syz.5.2514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 145.965773][ T9866] loop3: detected capacity change from 0 to 1024 [ 146.010670][ T28] audit: type=1326 audit(1775067073.181:1656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9864 comm="syz.5.2514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 146.040443][ T9866] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 146.061052][ T28] audit: type=1326 audit(1775067073.181:1657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9864 comm="syz.5.2514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 146.191945][ T9887] bond1: (slave vlan0): Enslaving as a backup interface with an up link [ 146.412839][ T9904] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2529'. [ 146.444373][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.827148][ T9922] loop1: detected capacity change from 0 to 32768 [ 146.872755][ T3302] loop1: p1 p3 < > [ 146.880499][ T9922] loop1: p1 p3 < > [ 147.142532][ T3000] loop1: p1 p3 < > [ 147.151308][ T28] audit: type=1400 audit(1775067074.391:1658): avc: denied { create } for pid=9944 comm="syz.3.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 147.180012][ T28] audit: type=1400 audit(1775067074.411:1659): avc: denied { bind } for pid=9944 comm="syz.3.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 147.246811][ T28] audit: type=1400 audit(1775067074.421:1660): avc: denied { setopt } for pid=9944 comm="syz.3.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 147.383542][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 147.394984][ T3302] udevd[3302]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 147.708254][ T28] audit: type=1400 audit(1775067074.951:1661): avc: denied { listen } for pid=9986 comm="syz.5.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 149.134565][T10041] syz.1.2590 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 149.151527][T10070] netlink: 'syz.5.2602': attribute type 1 has an invalid length. [ 149.154477][T10041] CPU: 1 UID: 0 PID: 10041 Comm: syz.1.2590 Tainted: G W syzkaller #0 PREEMPT(full) [ 149.154511][T10041] Tainted: [W]=WARN [ 149.154519][T10041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 149.154546][T10041] Call Trace: [ 149.154553][T10041] [ 149.154561][T10041] __dump_stack+0x1d/0x30 [ 149.154590][T10041] dump_stack_lvl+0x95/0xd0 [ 149.154614][T10041] dump_stack+0x15/0x1b [ 149.154636][T10041] dump_header+0x80/0x240 [ 149.154704][T10041] oom_kill_process+0x295/0x350 [ 149.154802][T10041] out_of_memory+0x97d/0xb80 [ 149.154826][T10041] try_charge_memcg+0x62e/0xa10 [ 149.154922][T10041] obj_cgroup_charge_pages+0x23/0xc0 [ 149.154950][T10041] __memcg_kmem_charge_page+0x9e/0x170 [ 149.154979][T10041] __alloc_frozen_pages_noprof+0x18a/0x360 [ 149.155041][T10041] alloc_pages_mpol+0xb3/0x260 [ 149.155070][T10041] alloc_pages_noprof+0x8f/0x140 [ 149.155099][T10041] __vmalloc_node_range_noprof+0xa46/0x12b0 [ 149.155207][T10041] __kvmalloc_node_noprof+0x3d4/0x650 [ 149.155233][T10041] ? futex_hash_allocate+0x190/0x9d0 [ 149.155261][T10041] ? futex_hash_allocate+0x190/0x9d0 [ 149.155293][T10041] futex_hash_allocate+0x190/0x9d0 [ 149.155321][T10041] ? cap_task_prctl+0x13f/0x6e0 [ 149.155396][T10041] futex_hash_prctl+0xd8/0xf0 [ 149.155423][T10041] __se_sys_prctl+0xa3d/0x13f0 [ 149.155452][T10041] __x64_sys_prctl+0x67/0x80 [ 149.155492][T10041] x64_sys_call+0x2533/0x3020 [ 149.155518][T10041] do_syscall_64+0x12c/0x370 [ 149.155606][T10041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.155627][T10041] RIP: 0033:0x7faf0695c819 [ 149.155645][T10041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.155664][T10041] RSP: 002b:00007faf053af028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 149.155761][T10041] RAX: ffffffffffffffda RBX: 00007faf06bd5fa0 RCX: 00007faf0695c819 [ 149.155776][T10041] RDX: 0000000001000000 RSI: 0000000000000001 RDI: 000000000000004e [ 149.155790][T10041] RBP: 00007faf069f2c91 R08: 0000000000000000 R09: 0000000000000000 [ 149.155812][T10041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.155826][T10041] R13: 00007faf06bd6038 R14: 00007faf06bd5fa0 R15: 00007ffe697cd7a8 [ 149.155901][T10041] [ 149.155959][T10041] memory: usage 307200kB, limit 307200kB, failcnt 416 [ 149.192248][ T3597] Bluetooth: hci0: command 0x1003 tx timeout [ 149.202234][ T3717] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 149.260266][T10041] memory+swap: usage 290452kB, limit 9007199254740988kB, failcnt 0 [ 149.426916][T10041] kmem: usage 100532kB, limit 9007199254740988kB, failcnt 0 [ 149.460721][T10041] Memory cgroup stats for /syz1: [ 149.460981][T10041] cache 524288 [ 149.461878][T10080] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2606'. [ 149.469642][T10041] rss 4096 [ 149.483050][T10041] shmem 0 [ 149.486163][T10041] mapped_file 65536 [ 149.490093][T10041] dirty 0 [ 149.493605][T10041] writeback 0 [ 149.497039][T10041] workingset_refault_anon 30 [ 149.501779][T10041] workingset_refault_file 378 [ 149.507267][T10041] swap 692224 [ 149.509549][T10080] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2606'. [ 149.510599][T10041] swapcached 10010624 [ 149.532536][T10041] pgpgin 102245 [ 149.539507][T10041] pgpgout 102114 [ 149.545426][T10041] pgfault 144423 [ 149.552460][T10041] pgmajfault 26 [ 149.558261][T10041] inactive_anon 8192 [ 149.564669][T10041] active_anon 0 [ 149.570484][T10041] inactive_file 4096 [ 149.580604][T10041] active_file 499712 [ 149.586944][T10041] unevictable 0 [ 149.592526][T10041] hierarchical_memory_limit 314572800 [ 149.608970][T10041] hierarchical_memsw_limit 9223372036854771712 [ 149.621254][T10041] total_cache 524288 [ 149.628805][T10041] total_rss 4096 [ 149.634701][T10041] total_shmem 0 [ 149.641638][T10041] total_mapped_file 65536 [ 149.648447][T10041] total_dirty 0 [ 149.657402][T10041] total_writeback 0 [ 149.664967][T10041] total_workingset_refault_anon 30 [ 149.676931][T10041] total_workingset_refault_file 378 [ 149.692889][T10041] total_swap 692224 [ 149.702290][T10041] total_swapcached 10010624 [ 149.712261][T10041] total_pgpgin 102245 [ 149.716296][T10041] total_pgpgout 102114 [ 149.722205][T10041] total_pgfault 144423 [ 149.726536][T10041] total_pgmajfault 26 [ 149.730723][T10041] total_inactive_anon 8192 [ 149.752245][T10041] total_active_anon 0 [ 149.758779][T10041] total_inactive_file 4096 [ 149.772283][T10041] total_active_file 499712 [ 149.776945][T10041] total_unevictable 0 [ 149.781066][T10041] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2590,pid=10040,uid=0 [ 149.805646][T10041] Memory cgroup out of memory: Killed process 10040 (syz.1.2590) total-vm:96080kB, anon-rss:1228kB, file-rss:22212kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 150.140093][T10113] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 150.160728][T10113] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 150.215883][ T28] audit: type=1326 audit(1775067077.461:1662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 150.248502][ T28] audit: type=1326 audit(1775067077.461:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 150.512375][ T28] kauditd_printk_skb: 146 callbacks suppressed [ 150.512470][ T28] audit: type=1326 audit(1775067077.761:1810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.552561][ T28] audit: type=1326 audit(1775067077.791:1811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.590966][ T28] audit: type=1326 audit(1775067077.801:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.649013][ T28] audit: type=1326 audit(1775067077.821:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.684772][ T28] audit: type=1326 audit(1775067077.831:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.723051][ T28] audit: type=1326 audit(1775067077.831:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.751987][ T28] audit: type=1326 audit(1775067077.831:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.778136][ T28] audit: type=1326 audit(1775067077.831:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.807534][ T28] audit: type=1326 audit(1775067077.831:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 150.831781][ T28] audit: type=1326 audit(1775067077.861:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10117 comm="syz.4.2622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f818884d04e code=0x7ffc0000 [ 151.717550][T10206] Invalid option length (54865) for dns_resolver key [ 151.858993][T10222] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 152.185387][T10238] loop6: detected capacity change from 0 to 128 [ 152.197215][T10236] netlink: 'syz.5.2671': attribute type 9 has an invalid length. [ 152.208473][T10236] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2671'. [ 152.341410][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.341410][ T8168] loop6: rw=1, sector=145, nr_sectors = 40 limit=128 [ 152.355433][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.355433][ T8168] loop6: rw=1, sector=193, nr_sectors = 8 limit=128 [ 152.369077][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.369077][ T8168] loop6: rw=1, sector=209, nr_sectors = 8 limit=128 [ 152.384260][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.384260][ T8168] loop6: rw=1, sector=225, nr_sectors = 8 limit=128 [ 152.399160][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.399160][ T8168] loop6: rw=1, sector=241, nr_sectors = 8 limit=128 [ 152.414083][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.414083][ T8168] loop6: rw=1, sector=257, nr_sectors = 8 limit=128 [ 152.428097][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.428097][ T8168] loop6: rw=1, sector=273, nr_sectors = 8 limit=128 [ 152.441809][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.441809][ T8168] loop6: rw=1, sector=289, nr_sectors = 8 limit=128 [ 152.455790][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.455790][ T8168] loop6: rw=1, sector=305, nr_sectors = 8 limit=128 [ 152.469507][ T8168] kworker/u8:11: attempt to access beyond end of device [ 152.469507][ T8168] loop6: rw=1, sector=321, nr_sectors = 8 limit=128 [ 152.554702][T10255] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2678'. [ 152.564055][T10255] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2678'. [ 152.573290][T10255] netlink: 4676 bytes leftover after parsing attributes in process `syz.6.2678'. [ 152.681017][T10261] batadv_slave_1: entered promiscuous mode [ 152.698637][T10260] batadv_slave_1: left promiscuous mode [ 152.758559][T10265] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 152.973899][T10273] netlink: 1347 bytes leftover after parsing attributes in process `syz.6.2686'. [ 153.102831][T10259] Set syz1 is full, maxelem 65536 reached [ 153.126506][T10278] xt_hashlimit: size too large, truncated to 1048576 [ 153.325105][T10288] loop6: detected capacity change from 0 to 128 [ 155.134615][T10229] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 155.171119][T10320] loop3: detected capacity change from 0 to 128 [ 155.214652][T10322] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2715'. [ 155.280039][T10331] loop6: detected capacity change from 0 to 512 [ 155.311334][T10331] EXT4-fs: Ignoring removed bh option [ 155.319848][T10331] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem [ 155.354010][T10331] EXT4-fs (loop6): 1 truncate cleaned up [ 155.359650][T10339] netlink: 'syz.1.2714': attribute type 12 has an invalid length. [ 155.363569][T10331] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.409875][T10339] netlink: 'syz.1.2714': attribute type 2 has an invalid length. [ 155.448958][T10339] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2714'. [ 155.564131][ T9221] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.618943][T10347] syzkaller1: entered promiscuous mode [ 155.646780][T10347] syzkaller1: entered allmulticast mode [ 155.724054][T10355] loop3: detected capacity change from 0 to 2048 [ 155.745531][T10355] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 155.837097][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.911578][T10367] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2729'. [ 155.941152][ T28] kauditd_printk_skb: 186 callbacks suppressed [ 155.941172][ T28] audit: type=1400 audit(1775067083.181:2006): avc: denied { getopt } for pid=10370 comm="syz.3.2727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 155.974175][T10367] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2729'. [ 156.045350][T10369] loop6: detected capacity change from 0 to 128 [ 156.124994][T10387] loop1: detected capacity change from 0 to 128 [ 156.252767][T10394] xt_hashlimit: size too large, truncated to 1048576 [ 156.446787][T10407] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2743'. [ 156.456989][T10397] netlink: 84 bytes leftover after parsing attributes in process `syz.6.2740'. [ 156.767483][ T28] audit: type=1400 audit(1775067084.011:2007): avc: denied { mounton } for pid=10427 comm="syz.1.2753" path="/513/file0" dev="tmpfs" ino=2675 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 156.800598][ T28] audit: type=1326 audit(1775067084.041:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.824845][ T28] audit: type=1326 audit(1775067084.071:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.850056][ T28] audit: type=1326 audit(1775067084.081:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.879245][ T28] audit: type=1326 audit(1775067084.081:2011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.903903][ T28] audit: type=1326 audit(1775067084.091:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.936184][ T28] audit: type=1326 audit(1775067084.091:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.960698][ T28] audit: type=1326 audit(1775067084.091:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 156.984915][ T28] audit: type=1326 audit(1775067084.091:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10429 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f818888c819 code=0x7ffc0000 [ 157.046460][T10440] loop1: detected capacity change from 0 to 512 [ 157.058123][T10442] loop6: detected capacity change from 0 to 512 [ 157.067153][T10442] EXT4-fs: Ignoring removed i_version option [ 157.075975][T10440] EXT4-fs error (device loop1): ext4_do_update_inode:5602: inode #3: comm syz.1.2759: corrupted inode contents [ 157.098202][T10440] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 157.098439][T10440] EXT4-fs error (device loop1): ext4_dirty_inode:6495: inode #3: comm syz.1.2759: mark_inode_dirty error [ 157.107707][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 157.107732][ C0] EXT4-fs (loop1): initial error at time 1775067084: ext4_do_update_inode:5602: inode 3 [ 157.107769][ C0] EXT4-fs (loop1): last error at time 1775067084: ext4_do_update_inode:5602: inode 3 [ 157.146685][T10442] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.159877][T10440] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 157.160397][T10440] EXT4-fs error (device loop1): ext4_do_update_inode:5602: inode #3: comm syz.1.2759: corrupted inode contents [ 157.182084][T10440] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 157.182712][T10440] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #3: comm syz.1.2759: mark_inode_dirty error [ 157.203436][T10440] loop1: lost file I/O error report for ino 3 type 5 pos 0x0 len 0x0 error -117 [ 157.203844][T10440] EXT4-fs error (device loop1): ext4_acquire_dquot:7026: comm syz.1.2759: Failed to acquire dquot type 0 [ 157.224764][T10440] loop1: lost filesystem error report for type 5 error -117 [ 157.225482][T10440] EXT4-fs error (device loop1): ext4_do_update_inode:5602: inode #16: comm syz.1.2759: corrupted inode contents [ 157.245139][T10440] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.248402][T10440] EXT4-fs error (device loop1): ext4_dirty_inode:6495: inode #16: comm syz.1.2759: mark_inode_dirty error [ 157.269763][T10440] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.271087][T10440] EXT4-fs error (device loop1): ext4_do_update_inode:5602: inode #16: comm syz.1.2759: corrupted inode contents [ 157.292927][T10440] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.293179][T10440] EXT4-fs error (device loop1): __ext4_ext_dirty:207: inode #16: comm syz.1.2759: mark_inode_dirty error [ 157.314788][T10440] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.315028][T10440] EXT4-fs error (device loop1): ext4_do_update_inode:5602: inode #16: comm syz.1.2759: corrupted inode contents [ 157.321811][ T9221] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.324249][T10440] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.345642][T10440] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 157.363947][T10440] loop1: lost filesystem error report for type 5 error -117 [ 157.364117][T10440] EXT4-fs error (device loop1): ext4_do_update_inode:5602: inode #16: comm syz.1.2759: corrupted inode contents [ 157.384217][T10440] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 157.384392][T10440] EXT4-fs error (device loop1): ext4_truncate:4602: inode #16: comm syz.1.2759: mark_inode_dirty error [ 157.405314][T10440] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 157.414437][T10440] loop1: lost filesystem error report for type 5 error -117 [ 157.424684][T10440] EXT4-fs (loop1): 1 truncate cleaned up [ 157.440125][T10440] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.464766][T10440] ext4 filesystem being mounted at /517/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.467635][T10456] netlink: 'syz.3.2765': attribute type 4 has an invalid length. [ 157.536174][T10466] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2769'. [ 157.585311][T10440] EXT4-fs warning (device loop1): ext4_es_cache_extent:1082: inode #3: comm syz.1.2759: ES cache extent failed: add [1,1,41,0x1] conflict with existing [1,-2,576460752303423487,0x18] [ 157.585311][T10440] [ 157.763880][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.774849][T10485] loop6: detected capacity change from 0 to 2048 [ 157.813673][T10485] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.982862][ T9221] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.060115][T10505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.073879][T10505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.842635][ T5517] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 158.869293][ T5517] CPU: 1 UID: 0 PID: 5517 Comm: syz-executor Tainted: G W syzkaller #0 PREEMPT(full) [ 158.869334][ T5517] Tainted: [W]=WARN [ 158.869344][ T5517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 158.869355][ T5517] Call Trace: [ 158.869363][ T5517] [ 158.869371][ T5517] __dump_stack+0x1d/0x30 [ 158.869418][ T5517] dump_stack_lvl+0x95/0xd0 [ 158.869447][ T5517] dump_stack+0x15/0x1b [ 158.869472][ T5517] dump_header+0x80/0x240 [ 158.869494][ T5517] oom_kill_process+0x295/0x350 [ 158.869521][ T5517] out_of_memory+0x97d/0xb80 [ 158.869586][ T5517] try_charge_memcg+0x62e/0xa10 [ 158.869632][ T5517] mem_cgroup_swapin_charge_folio+0x103/0x1f0 [ 158.869671][ T5517] __swap_cache_prepare_and_add+0x67/0x460 [ 158.869729][ T5517] ? alloc_pages_mpol+0x217/0x260 [ 158.869761][ T5517] swap_cache_alloc_folio+0xa2/0x120 [ 158.869796][ T5517] swap_cluster_readahead+0x26e/0x3d0 [ 158.869922][ T5517] swapin_readahead+0xde/0x840 [ 158.869968][ T5517] ? __perf_event_task_sched_in+0xa65/0xad0 [ 158.869997][ T5517] ? __pfx_perf_event_switch_output+0x10/0x10 [ 158.870031][ T5517] ? __rcu_read_unlock+0x4e/0x70 [ 158.870152][ T5517] ? swap_cache_get_folio+0x26f/0x280 [ 158.870179][ T5517] do_swap_page+0x2fe/0x21e0 [ 158.870247][ T5517] ? __schedule+0x93c/0xd40 [ 158.870419][ T5517] ? __rcu_read_lock+0x36/0x50 [ 158.870442][ T5517] ? pte_offset_map_rw_nolock+0x19e/0x200 [ 158.870475][ T5517] handle_mm_fault+0xb46/0x3020 [ 158.870505][ T5517] ? vma_start_read+0x1c7/0x2c0 [ 158.870589][ T5517] do_user_addr_fault+0x62f/0x1050 [ 158.870648][ T5517] ? trace_page_fault_user+0x1f/0xe0 [ 158.870676][ T5517] exc_page_fault+0x62/0xa0 [ 158.870700][ T5517] asm_exc_page_fault+0x26/0x30 [ 158.870719][ T5517] RIP: 0033:0x7fdab47d7997 [ 158.870739][ T5517] Code: 48 89 fa 4c 89 df e8 a8 56 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 158.870773][ T5517] RSP: 002b:00007ffc6ddcb130 EFLAGS: 00010202 [ 158.870795][ T5517] RAX: 0000000000000000 RBX: 0000555580215500 RCX: 00007fdab47d7997 [ 158.870812][ T5517] RDX: 00007ffc6ddcb170 RSI: 0000000000000000 RDI: 0000000000000000 [ 158.870828][ T5517] RBP: 00007ffc6ddcb1dc R08: 0000000000000000 R09: 0000000000000000 [ 158.870841][ T5517] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 158.870854][ T5517] R13: 00000000000927c0 R14: 00000000000269ca R15: 00007ffc6ddcb230 [ 158.870873][ T5517] [ 158.870982][ T5517] memory: usage 307200kB, limit 307200kB, failcnt 250 [ 159.134322][ T5517] memory+swap: usage 307716kB, limit 9007199254740988kB, failcnt 0 [ 159.159905][ T5517] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0 [ 159.185336][ T5517] Memory cgroup stats for /syz5: [ 159.185680][ T5517] cache 0 [ 159.210204][ T5517] rss 8192 [ 159.214384][ T5517] shmem 0 [ 159.220642][ T5517] mapped_file 0 [ 159.242283][ T5517] dirty 0 [ 159.245316][ T5517] writeback 8192 [ 159.249420][ T5517] workingset_refault_anon 4 [ 159.263545][ T5517] workingset_refault_file 0 [ 159.264397][ T6129] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 159.276068][ T5517] swap 528384 [ 159.279959][ T6129] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 159.280831][ T5517] swapcached 569344 [ 159.302283][ T5517] pgpgin 133432 [ 159.305858][ T5517] pgpgout 133426 [ 159.309674][ T5517] pgfault 121508 [ 159.332297][ T5517] pgmajfault 0 [ 159.339114][ T5517] inactive_anon 24576 [ 159.348060][ T5517] active_anon 0 [ 159.356009][ T5517] inactive_file 0 [ 159.365199][ T5517] active_file 0 [ 159.382216][ T5517] unevictable 0 [ 159.389020][ T5517] hierarchical_memory_limit 314572800 [ 159.419418][ T5517] hierarchical_memsw_limit 9223372036854771712 [ 159.444552][ T5517] total_cache 0 [ 159.454680][ T5517] total_rss 8192 [ 159.466115][ T5517] total_shmem 0 [ 159.477156][ T5517] total_mapped_file 0 [ 159.489969][ T5517] total_dirty 0 [ 159.501080][ T5517] total_writeback 8192 [ 159.515267][ T5517] total_workingset_refault_anon 4 [ 159.534470][ T5517] total_workingset_refault_file 0 [ 159.545131][ T5517] total_swap 528384 [ 159.557679][ T5517] total_swapcached 569344 [ 159.572908][T10546] netlink: 'syz.6.2800': attribute type 5 has an invalid length. [ 159.592447][ T5517] total_pgpgin 133432 [ 159.596565][ T5517] total_pgpgout 133426 [ 159.600867][ T5517] total_pgfault 121508 [ 159.660077][ T5517] total_pgmajfault 0 [ 159.669817][ T5517] total_inactive_anon 24576 [ 159.682411][ T5517] total_active_anon 0 [ 159.686508][ T5517] total_inactive_file 0 [ 159.734475][ T5517] total_active_file 0 [ 159.744850][ T5517] total_unevictable 0 [ 159.749043][ T5517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2783,pid=10510,uid=0 [ 159.825310][ T5517] Memory cgroup out of memory: Killed process 10510 (syz.5.2783) total-vm:96080kB, anon-rss:1232kB, file-rss:22228kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:0 [ 159.930469][T10511] syz.5.2783 (10511) used greatest stack depth: 8640 bytes left [ 160.359416][T10542] fido_id[10542]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 160.918923][T10589] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2818'. [ 160.932419][T10591] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 160.975434][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 160.975452][ T28] audit: type=1400 audit(1775067088.221:2037): avc: denied { read } for pid=10592 comm="syz.4.2820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 161.110208][T10602] loop1: detected capacity change from 0 to 512 [ 161.131338][T10596] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2822'. [ 161.155011][T10602] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002] [ 161.182305][T10602] System zones: 0-2, 18-18, 34-35 [ 161.198920][T10602] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.212753][T10602] ext4 filesystem being mounted at /534/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 161.304875][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.992278][ T28] audit: type=1326 audit(1775067089.231:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.020515][T10632] syz.6.2837 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 162.048501][T10634] bond0: option arp_interval: mode dependency failed, not supported in mode balance-alb(6) [ 162.058631][ T28] audit: type=1326 audit(1775067089.231:2039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.071573][T10634] netlink: 'syz.3.2838': attribute type 10 has an invalid length. [ 162.108130][T10634] syz_tun: left allmulticast mode [ 162.118979][ T28] audit: type=1326 audit(1775067089.231:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.133797][T10634] bridge0: port 3(syz_tun) entered disabled state [ 162.159792][ T28] audit: type=1326 audit(1775067089.231:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.184752][ T28] audit: type=1326 audit(1775067089.231:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.235548][ T28] audit: type=1326 audit(1775067089.231:2043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.267953][ T28] audit: type=1326 audit(1775067089.261:2044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.298920][ T28] audit: type=1326 audit(1775067089.261:2045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.324505][ T28] audit: type=1326 audit(1775067089.261:2046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10630 comm="syz.6.2837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0e9819c819 code=0x7ffc0000 [ 162.370779][T10649] loop1: detected capacity change from 0 to 512 [ 162.394939][T10649] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 162.451208][T10649] EXT4-fs (loop1): 1 truncate cleaned up [ 162.462674][T10649] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 162.574539][T10652] bond0: (slave lo): Releasing active interface [ 162.581726][T10652] bond0: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 162.612130][T10652] bond4: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 162.646495][T10652] bond4: (slave lo): Enslaving as an active interface with an up link [ 162.657779][T10652] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 162.762809][T10661] futex_wake_op: syz.4.2849 tries to shift op by -1; fix this program [ 162.785940][T10662] loop3: detected capacity change from 0 to 1764 [ 162.808599][T10662] ISOFS: Unable to identify CD-ROM format. [ 162.866768][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.215869][T10677] loop1: detected capacity change from 0 to 128 [ 163.380122][T10684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.411680][T10684] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.504714][ T8166] bond0: (slave bond_slave_0): interface is now down [ 163.511537][ T8166] bond0: (slave bond_slave_1): interface is now down [ 163.519914][ T8166] bond0: now running without any active interface! [ 163.526893][T10694] netlink: 'syz.4.2863': attribute type 10 has an invalid length. [ 163.529492][T10695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.546820][T10695] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.557069][T10694] syz_tun: entered promiscuous mode [ 163.596513][T10694] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 163.614215][ T8166] bond0: (slave syz_tun): interface is now down [ 163.632686][ T8168] bond0: (slave syz_tun): interface is now down [ 163.652350][ T8168] bond0: (slave syz_tun): interface is now down [ 163.659058][ T8168] bond0: now running without any active interface! [ 163.808623][T10699] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 164.101772][T10695] Set syz1 is full, maxelem 65536 reached [ 165.272350][ T3717] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 165.356550][T10876] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2881'. [ 165.724647][T10902] netlink: 'syz.5.2891': attribute type 1 has an invalid length. [ 165.732921][T10902] netlink: 'syz.5.2891': attribute type 2 has an invalid length. [ 166.125728][T10926] loop6: detected capacity change from 0 to 1764 [ 166.169964][ T28] kauditd_printk_skb: 23 callbacks suppressed [ 166.169982][ T28] audit: type=1400 audit(1775067093.411:2070): avc: denied { bind } for pid=10929 comm="syz.4.2903" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 166.258144][T10940] loop1: detected capacity change from 0 to 128 [ 166.315709][T10936] netdevsim netdevsim5 eth3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 166.400009][T10936] netdevsim netdevsim5 eth3 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 166.420330][T10936] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.452544][T10959] smc: net device bond0 applied user defined pnetid SYZ2 [ 166.495030][T10936] netdevsim netdevsim5 eth2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 166.516136][T10936] netdevsim netdevsim5 eth2 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 166.532427][T10936] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.597287][T10970] loop3: detected capacity change from 0 to 1024 [ 166.613380][T10936] netdevsim netdevsim5 eth1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 166.632399][T10936] netdevsim netdevsim5 eth1 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 166.657703][T10936] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.680192][T10970] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.726618][T10936] netdevsim netdevsim5 eth0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0 [ 166.745693][T10936] netdevsim netdevsim5 eth0 (unregistering): unset [0, 1] type 1 family 0 port 8472 - 0 [ 166.756213][T10936] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.767494][T10989] loop6: detected capacity change from 0 to 764 [ 166.807198][T10989] Symlink component flag not implemented [ 166.813322][T10989] Symlink component flag not implemented [ 166.819542][T10989] Symlink component flag not implemented (128) [ 166.822641][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.826724][T10989] Symlink component flag not implemented (122) [ 166.902126][ T8166] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 166.925568][T10997] netlink: 'syz.3.2932': attribute type 1 has an invalid length. [ 166.933679][ T8166] netdevsim netdevsim5 eth0: set [0, 1] type 1 family 0 port 2816 - 0 [ 166.955309][ T8166] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.963900][T10997] netlink: 'syz.3.2932': attribute type 4 has an invalid length. [ 166.964190][T11001] loop6: detected capacity change from 0 to 512 [ 166.978055][ T8166] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 166.991927][T10997] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.2932'. [ 167.010330][T11008] xt_hashlimit: size too large, truncated to 1048576 [ 167.014983][ T8166] netdevsim netdevsim5 eth1: set [0, 1] type 1 family 0 port 2816 - 0 [ 167.025412][ T8166] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.067348][T11001] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.098499][ T8166] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 167.123462][T11001] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 167.142318][ T8166] netdevsim netdevsim5 eth2: set [0, 1] type 1 family 0 port 2816 - 0 [ 167.172332][ T8166] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.198776][ T8166] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 167.208785][ T8166] netdevsim netdevsim5 eth3: set [0, 1] type 1 family 0 port 2816 - 0 [ 167.217430][ T8166] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 167.264239][T11027] pimreg: entered allmulticast mode [ 167.284209][T11027] pimreg: left allmulticast mode [ 167.491868][ T9221] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.869461][ T28] audit: type=1326 audit(1775067095.111:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 167.893268][ T28] audit: type=1326 audit(1775067095.131:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 167.917457][ T28] audit: type=1326 audit(1775067095.131:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 167.941268][ T28] audit: type=1326 audit(1775067095.131:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 167.970793][ T28] audit: type=1326 audit(1775067095.131:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 167.994988][ T28] audit: type=1326 audit(1775067095.211:2076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdab481c819 code=0x7ffc0000 [ 168.019591][ T28] audit: type=1326 audit(1775067095.211:2077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fdab481c582 code=0x7ffc0000 [ 168.043384][ T28] audit: type=1326 audit(1775067095.211:2078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fdab481c617 code=0x7ffc0000 [ 168.068169][T11092] netlink: 'syz.3.2972': attribute type 1 has an invalid length. [ 168.092326][T11092] 8021q: adding VLAN 0 to HW filter on device bond5 [ 168.095571][ T28] audit: type=1326 audit(1775067095.211:2079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11086 comm="syz.5.2970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fdab47d9511 code=0x7ffc0000 [ 168.112936][T11092] bond5: (slave geneve3): making interface the new active one [ 168.155721][T11092] bond5: (slave geneve3): Enslaving as an active interface with an up link [ 168.304973][T11116] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2981'. [ 168.395888][T11127] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2986'. [ 168.825289][T11159] loop1: detected capacity change from 0 to 4096 [ 168.833727][T11159] EXT4-fs: Ignoring removed bh option [ 168.842662][T11159] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 168.860879][T11159] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 168.871138][T11159] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 168.913646][T11159] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 168.923889][T11159] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 168.973441][T11159] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 168.983565][T11159] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 169.033593][T11159] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 169.043717][T11159] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 169.087724][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3004'. [ 169.097837][T11175] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3004'. [ 169.103613][ T8166] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.115813][ T8166] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 20004 - 0 [ 169.134703][ T8176] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.143313][ T8176] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 20004 - 0 [ 169.156166][ T8176] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.164913][ T8176] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 20004 - 0 [ 169.174220][ T8176] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.199039][ T8176] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 20004 - 0 [ 169.223451][ T3320] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.411048][T11203] syzkaller0: entered promiscuous mode [ 169.439989][T11203] syzkaller0: entered allmulticast mode [ 169.984374][T11243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3036'. [ 170.001516][T11246] loop6: detected capacity change from 0 to 8192 [ 170.470726][T11260] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.498832][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3042'. [ 170.525925][T11260] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 170.723208][T11262] ================================================================== [ 170.731362][T11262] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 170.739982][T11262] [ 170.742318][T11262] write to 0xffff8881049c79a8 of 8 bytes by task 11264 on cpu 0: [ 170.750046][T11262] shmem_file_splice_read+0x470/0x600 [ 170.755442][T11262] splice_direct_to_actor+0x26e/0x670 [ 170.760836][T11262] do_splice_direct+0x119/0x1a0 [ 170.765702][T11262] do_sendfile+0x382/0x650 [ 170.770134][T11262] __x64_sys_sendfile64+0x105/0x150 [ 170.775350][T11262] x64_sys_call+0x2dc4/0x3020 [ 170.780045][T11262] do_syscall_64+0x12c/0x370 [ 170.784650][T11262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.790558][T11262] [ 170.792887][T11262] write to 0xffff8881049c79a8 of 8 bytes by task 11262 on cpu 1: [ 170.800828][T11262] shmem_file_splice_read+0x470/0x600 [ 170.806228][T11262] splice_direct_to_actor+0x26e/0x670 [ 170.811610][T11262] do_splice_direct+0x119/0x1a0 [ 170.816729][T11262] do_sendfile+0x382/0x650 [ 170.821151][T11262] __x64_sys_sendfile64+0x105/0x150 [ 170.826356][T11262] x64_sys_call+0x2dc4/0x3020 [ 170.831108][T11262] do_syscall_64+0x12c/0x370 [ 170.835883][T11262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.841795][T11262] [ 170.844121][T11262] value changed: 0x000000000000297b -> 0x000000000000297e [ 170.851315][T11262] [ 170.853643][T11262] Reported by Kernel Concurrency Sanitizer on: [ 170.859849][T11262] CPU: 1 UID: 0 PID: 11262 Comm: syz.5.3044 Tainted: G W syzkaller #0 PREEMPT(full) [ 170.870998][T11262] Tainted: [W]=WARN [ 170.874805][T11262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 170.884891][T11262] ==================================================================