last executing test programs: 59.889857999s ago: executing program 4 (id=282): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0xd}}, @NFT_MSG_NEWSET={0x20, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWOBJ={0x18, 0x12, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_DATA={0x4}}], {0x14}}, 0xa8}, 0x1, 0x0, 0x0, 0x44810}, 0x44000) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x746}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x88081, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) ioctl$TUNGETVNETLE(r0, 0x4010744d, &(0x7f0000000180)) 59.753867351s ago: executing program 4 (id=285): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x10000042}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10) sendmsg$tipc(r0, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x1, {{0x41, 0x3}, 0x3}}, 0x10, 0x0}, 0x1) 59.706692625s ago: executing program 4 (id=286): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x68, 0x10, 0xffffff1f, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @private0}, @IFLA_GRE_LOCAL={0x14, 0x6, @private2}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x68}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) 59.593205045s ago: executing program 4 (id=287): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x2301091, 0x0) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 59.53676525s ago: executing program 4 (id=288): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000840)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff0ff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000054000000b70000000000000095000010000000004e62011c3034fdb117168bd07ba08af339d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945ff15d802f5132143c0a9fc7a84452569957c1002ed7d458e17f791f4798c8eb484de03312c69b3edff5be26765ba5f8f2879021c2ea53ac547a654bbd2db5356b971d83dd12742be9087a3e7b7c0efd3e38c794eb06b0b8c392904ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057826ef4e912f01a201e694e3049b8c8fe8b65d8d66bb766f7f3f918c86a702522368d9f81897133af94a5a4cff7f4d8b9d8eaf302f0b2e0c252b0000000000000000ee917bca4885bbf597a14ab6458e6272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36be115be3b325ecd201d2ffb0a7fa4f5d1106560cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b861299fcd9ed9d8679406419406bf0c5329bd5b4697336112b0b8756ce3574046bf611a108f8df4d1a88597840b702b6fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f7faf39a43a66c5540b8762b42007c9ec43193ccf617dbf8a12b4a189edbf9fb7c42b1f435ccd4b19b53b60322af0aa66e8f448e1bd96822e6b70b62912c926dbe417cccd4f696d528fa8a3ea847f10e9b1106f3bb506f1d7fbdf801000000000000006c028eb5b5a073d0de5538ab42e171b3baae34c35987b0dda497ac3f5e97e60eaeea15c6d55badf9b86b1c000100006e60cd06"], 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000800"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$tun(r0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="00000000bbbbbbbbbbbbaaaaaaaaaa3088a84d008100660086dd6eb3d5f001952f"], 0x1d7) 59.298335291s ago: executing program 4 (id=292): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x70bd28, 0x25dfdbfc, {0x2, 0x20, 0x1, 0xc8, r2}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x40000c0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x70bd29, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) 59.290080842s ago: executing program 32 (id=292): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x70bd28, 0x25dfdbfc, {0x2, 0x20, 0x1, 0xc8, r2}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x40000c0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x70bd29, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0) 18.822963348s ago: executing program 0 (id=988): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfc, 0x7fff0029}]}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66) 18.613569577s ago: executing program 0 (id=994): open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x40) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f0000000000)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) fcntl$setlease(r0, 0x400, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) 18.543710243s ago: executing program 0 (id=995): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f0000000680)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a1c, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x0, 0xa, 0x0, 0x42000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 17.646650933s ago: executing program 0 (id=1002): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) umount2(&(0x7f00000010c0)='./file0/file0\x00', 0x8) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2263804, 0x0) 17.618521436s ago: executing program 0 (id=1003): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040), 0x10) listen(r1, 0x4) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0xffffffc2, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0) r2 = accept4$unix(r1, 0x0, 0x0, 0x800) recvfrom$unix(r2, &(0x7f0000000140)=""/248, 0x1ffd4, 0x12, 0x0, 0x0) 16.629713044s ago: executing program 0 (id=1010): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10) sendmsg$tipc(r1, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80) r2 = dup3(r0, r1, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 16.601327956s ago: executing program 33 (id=1010): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10) sendmsg$tipc(r1, &(0x7f00000008c0)={&(0x7f0000000600)=@name, 0x10, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80) r2 = dup3(r0, r1, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 4.669274852s ago: executing program 2 (id=1204): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x26, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x9805, 0x0, 0x7fc, 0x6, 0x0, 0xffffffff}, 0x0, 0xffbfffffffffffff, 0xffffffffffffffff, 0x8) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) 4.612289337s ago: executing program 2 (id=1205): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) mkdir(&(0x7f00000000c0)='./file0\x00', 0x16) chdir(&(0x7f0000000140)='./file0\x00') mknod(&(0x7f0000000040)='./file0\x00', 0x1000, 0x1) r1 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) fcntl$setstatus(r1, 0x4, 0x6400) vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)="9b", 0x1}], 0x1, 0x7) 4.594411859s ago: executing program 2 (id=1206): syz_clone(0x1144280, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r0 = gettid() r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0xfffffffffbfffff4]}, 0x8, 0x0) readv(r1, &(0x7f0000002940)=[{&(0x7f0000000000)=""/93, 0x5d}, {0x0, 0x3c}], 0x2) tkill(r0, 0x8) 2.988940833s ago: executing program 1 (id=1234): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) capset(&(0x7f0000000080)={0x19980330}, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000040), 0x0) r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x0, 0x399}) capset(0x0, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000000)={0x14, 0x14, 0x105, 0x70bd2c, 0x25dfdb7b, {0x28, 0xff}}, 0x14}, 0x1, 0x0, 0x0, 0x8002}, 0x14800) io_uring_enter(r0, 0x8ae, 0x6933, 0x17, 0x0, 0x0) 2.918767669s ago: executing program 5 (id=1235): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x800000, 0x11, r0, 0x7ac87000) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000980)=""/4070, 0xfe6, 0x0, 0x0}, &(0x7f0000000400)=0x40) 2.634061624s ago: executing program 1 (id=1238): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007"], 0x98}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}]}]}, 0xac}}, 0x0) 2.539675303s ago: executing program 1 (id=1240): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0) iopl(0x3) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 2.527536414s ago: executing program 3 (id=1241): r0 = syz_io_uring_setup(0x837, &(0x7f0000000540)={0x0, 0x2b94, 0x80, 0x7, 0x3cf}, &(0x7f0000000140)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0, 0x9}, 0x6000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r3) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)='./file0\x00', 0x104, 0x10800, 0x12345}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.407073464s ago: executing program 1 (id=1242): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x2}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000002800)="cf", 0x1}], 0x1}}], 0x1, 0x4000090) 2.297406114s ago: executing program 1 (id=1243): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) write$binfmt_aout(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000002680)="1e", 0x1}], 0x1) r2 = syz_io_uring_setup(0xbda, &(0x7f0000000640)={0x0, 0x356e, 0x800, 0x1, 0x40000334}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 2.099394112s ago: executing program 1 (id=1244): syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x0) 2.040703937s ago: executing program 5 (id=1246): connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xf9}}, 0x6}, 0x1c) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x24088000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 1.89717463s ago: executing program 5 (id=1248): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e24, 0x3, @empty, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) shutdown(r1, 0x1) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f00000001c0)={0x16, 0x98, 0xfa00, {0x0, 0x3, 0xffffffffffffffff, 0x30, 0x0, @in={0x2, 0x4e24, @multicast1}}}, 0x34000) 1.858598943s ago: executing program 5 (id=1250): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x3, 0x0, 0x40, 0x8}, 0x20) getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x38, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x1114}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x100, 0x80bc}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 1.844957514s ago: executing program 3 (id=1251): timer_create(0x1, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x94eb2000) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = socket$kcm(0x1e, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000300)="80", 0x1}], 0x1}, 0x0) 1.7848442s ago: executing program 5 (id=1252): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2404c8c0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x1f, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x6293a, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40845}, 0x4000000) 1.755818613s ago: executing program 2 (id=1253): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0) creat(&(0x7f0000000200)='./file1\x00', 0x1) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") setgroups(0x40000000000000dd, &(0x7f0000000400)=[0xee00]) 1.295352044s ago: executing program 6 (id=1255): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r1, 0x0, 0x12, &(0x7f0000000300)=0x1, 0x4) sendto$inet(r1, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x20040000, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) recvmmsg(r1, &(0x7f000000e280), 0x58a, 0x42, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) 1.238257489s ago: executing program 6 (id=1256): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4090}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) 1.180046424s ago: executing program 3 (id=1257): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x520, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext={0xa98, 0x3}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x2000000020000003}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000001c00)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x5, @private1, 0x5}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000300)="14", 0x1}], 0x1}}, {{&(0x7f0000000540)={0xa, 0x4e20, 0x2db4, @dev={0xfe, 0x80, '\x00', 0x36}, 0x1}, 0x1c, &(0x7f0000001b80)=[{&(0x7f0000000640)='\"', 0x1}], 0x1}}], 0x2, 0x200400c4) r1 = syz_io_uring_setup(0x1ca0, &(0x7f0000000380)={0x0, 0x60d1, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1}) io_uring_enter(r1, 0x47ba, 0x0, 0x28, 0x0, 0x0) shutdown(r0, 0x1) 1.163190616s ago: executing program 6 (id=1258): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c45, 0x0) socket(0x2, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @dev={0xfe, 0x80, '\x00', 0xf}, 0x8}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100)={r2, 0x9}, &(0x7f0000000180)=0x8) 1.087184032s ago: executing program 6 (id=1259): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) close(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r1}, 0x20) connect$unix(r0, &(0x7f0000000940)=@file={0x0, './file0\x00'}, 0x6e) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) 265.856686ms ago: executing program 5 (id=1260): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x11000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0xb) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000001c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@debug}, {@journal_dev={'journal_dev', 0x3d, 0x7}}]}, 0x1, 0x5fd, &(0x7f00000006c0)="$eJzs3c9vFFUcAPDv7LalpWALMSoepIkxkCgtLWCI8QBXYxr8ES9erLQgoUDT1mjRhJLgxcR4McbEkwfxv1AiV0960YMXT4aEqOFo4prZ7vTnbH8s7Q4wn0+y7My8ebw3LN++t6/vzQRQWgPpH5WIAxExlUT0JfOLaR3RSBxYOO/ePx+fTV9J1Gpv/JVE0jiWnZ803nsbmbsj4ucfk9hfXVvuzNzVi2OTkxPTjf2h2UtTQzNzV49cuDR2fuL8xOWRF0dOnjh+4uTw0Zau69raQ2l1Puj7dPTtb7/+Nxn+7vfRJE7FK40Tl1/HdhmIgfq/SbI2qffkdhdWkGrj/8nyjzjpKLBCbEn2+XVGxJPRF9VY+vD64pPXCq0csKNqSUQNKKlE/ENJZf2A7Lv96u/BlUJ6JUA73D29MACwNv47FsYGo7s+NrD7XhLLh3WSiGhtZG6lPRHx0+3RG+duj96Y3rsz43BAvvnrEfHUsvjvylKSevz3R3f01+O/siL+037BmcZ7evz1FstfPVQs/qF9FuK/O6f9X4r/aBL/7yyL/3dbLH9gafO9nhXx39PqJQEAAAAAAEBp3TodES/kzf+pLM7/iZz5P70RcWobyh9Ytb/29/+VO9tQDJDj7umIl3Pn/1aiujD7t7/a+D3/3vp8gM7k3IXJiaMR8VhEHI7OXen+8DplHPls/1fN0gYa8/+yV1p++r50RuVOx66VecbHZsfu97qBiLvXI57Onf+bLLb/SU77n/48mNpkGfufu3mmWdrG8Q/slNo3EYdy2/+lu1Yk69+fY6jeHxjKegVrPfPR5983K7/V+HeLCbh/afu/e/3470+W369nZutlHJvrqDVLa7X/35W8Wb/lTLZc4cOx2dnp4Yie5NVqenTF8ZGt1xkeRVk8ZPGSxv/hZ9cf/8vr//dExPyqvzv5e+Wa4swT//X+0aw++v9QnDT+x7fU/jfdSOYjcpNGbvb/0Kz8zbX/x+tt/eHGEeN/sODLLEy7Vh7PCdCOvKR21xcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgWViNgTSWVwcbtSGRyM6I2Ix2N3ZfLKzOzz5668f3k8Tas//7+SPem3b2E/yZ7/379sf2TV/rGI2BcRX1R76vuDZ69Mjhd98QAAAAAAAAAAAAAAAAAAAPCA6G2y/j/1Z7Xo2gE7rqPoCgCFyYn/X4qoB9B+2n8oL/EP5SX+obzEP5SX+IfyEv9QXuIfykv8AwAAAADAI2XfwVu/JREx/1JP/ZXqaqR1FlozYKdViq4AUBi3+IHyMvUHyst3fCDZIL27aaaNcjbLnJo6u3FmAAAAAAAAAAAAACBz6ID1/1BW1v9DeVn/D+WVrf8/WHA9gPZr+Tt+0zW9wMNovZX8zcN9E+v/AQAAAAAAAAAAAIBtMTN39eLY5OTEdPs2fm089Cv3nJ6IaHN9so23iii02I1arXat/lE8IPV5yDeyqfCbz9WdHwU7s5Gt9dtcroJ+IAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGv8HwAA//+xpBxA") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x4040, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 264.739006ms ago: executing program 6 (id=1270): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x2007, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000340)={0x1, 0x4}, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0100001000ffff2abd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="7d150400400000003401128009000100766c616e000000002401028006000100040000001c0004800c00010004000000020000000c003900fcffffff00000000340004800c00010007000000ff0300000c00010080000000090000000c00010001800000090000000c00010000000000070000007c0003800c00010000010000faffffff0c00010003000000faffffff0c00010000000000000000000c00010006000000070000000c00010003000000080000000c000100010000000b0000000c000100000000f8080000000c00010005000000040000000c000100000000809c0400000c000100000000000900000006000500810000000c00020005000000000000000c0002000b0000000000000006000100020000000600050088a800001c0004800c00010081ffffff010000000c000100010100000700000008000500", @ANYRES32=r3], 0x15c}, 0x1, 0x0, 0x0, 0x40}, 0x8000002) 262.602426ms ago: executing program 2 (id=1261): perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x1ff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f00000002c0), 0x45, 0x7b1, &(0x7f0000000c80)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) socket(0xa, 0x5, 0x0) 262.192766ms ago: executing program 3 (id=1262): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c060000a13f010828bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000004200400140014007465616d5f736c6176655f300000000008"], 0x3c}}, 0x0) openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfeaf, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) r2 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000640)=[0x7, 0x7], 0x0, 0x0, 0x2, 0x1}}, 0x40) sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={r2, 0x58, &(0x7f00000002c0)}, 0x10) 103.57558ms ago: executing program 6 (id=1263): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x15, 0x2000000000000216, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2400000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1c, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000b40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0xffffffffffffffff, 0x2}, 0x106020, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r1) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x20000020) write$binfmt_script(r0, &(0x7f0000000240)={'#! ', './file0', [], 0xa, "de"}, 0xc) 103.273351ms ago: executing program 3 (id=1264): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r0, 0x50) r1 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r1, &(0x7f0000000180)={0x2, 0xce20, @empty}, 0x10) listen(r1, 0x3) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 77.061233ms ago: executing program 3 (id=1265): r0 = syz_io_uring_setup(0x5c6, &(0x7f0000000140)={0x0, 0x80001021, 0x80, 0x6, 0x110}, &(0x7f0000000340)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1}) io_uring_enter(r0, 0x6e2, 0xc49, 0x1, 0x0, 0x0) r3 = msgget$private(0x0, 0x7ac) msgrcv(r3, 0x0, 0x0, 0x3, 0x2000) msgrcv(r3, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000) msgsnd(r3, &(0x7f0000000240)={0x3}, 0x8, 0x8fa2496c381b7ad5) 0s ago: executing program 2 (id=1266): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10002, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x2000000b}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000022c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) kernel console output (not intermixed with test programs): [ T4199] EXT4-fs: Ignoring removed bh option [ 40.852038][ T4199] EXT4-fs: Ignoring removed mblk_io_submit option [ 40.882408][ T4199] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.912087][ T28] audit: type=1400 audit(1771445563.984:234): avc: denied { write } for pid=4205 comm="syz.3.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 41.024738][ T4218] loop3: detected capacity change from 0 to 1024 [ 41.032665][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.043637][ T3866] IPVS: stop unused estimator thread 0... [ 41.068013][ T4218] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 41.085864][ T4218] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.103879][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:818: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 3) [ 41.127584][ T4218] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 41.140389][ T4218] EXT4-fs (loop3): This should not happen!! Data will be lost [ 41.140389][ T4218] [ 41.152912][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.168842][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.189671][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.206074][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.220467][ T4217] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.263720][ T4217] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.294639][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.322087][ T4218] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.342038][ T4217] EXT4-fs error (device loop3): ext4_map_blocks:776: inode #15: block 3: comm syz.3.218: lblock 3 mapped to illegal pblock 3 (length 1) [ 41.403869][ T83] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 41.436551][ T83] EXT4-fs (loop3): This should not happen!! Data will be lost [ 41.436551][ T83] [ 41.459604][ T28] audit: type=1400 audit(1771445564.524:235): avc: denied { create } for pid=4235 comm="syz.0.224" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 41.460345][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 41.597671][ T4242] loop1: detected capacity change from 0 to 512 [ 41.652663][ T4242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.701835][ T4242] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 41.764307][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.852766][ T4253] xt_hashlimit: size too large, truncated to 1048576 [ 41.889797][ T28] audit: type=1400 audit(1771445564.954:236): avc: denied { name_bind } for pid=4252 comm="syz.4.230" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 41.970071][ T28] audit: type=1400 audit(1771445564.994:237): avc: denied { read } for pid=4259 comm="syz.2.233" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.455071][ T4298] loop4: detected capacity change from 0 to 2048 [ 42.473647][ T4300] netlink: 'syz.0.249': attribute type 1 has an invalid length. [ 42.482373][ T4298] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 42.516050][ T4300] bond1: (slave geneve2): making interface the new active one [ 42.535694][ T4300] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 42.547114][ T3860] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.576385][ T3860] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.603052][ T3860] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.631262][ T4310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.251'. [ 42.631930][ T3860] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 42.657191][ T4310] netlink: 12 bytes leftover after parsing attributes in process `syz.1.251'. [ 42.728281][ T3860] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 42.747004][ T3860] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1620 with error 28 [ 42.769524][ T3860] EXT4-fs (loop4): This should not happen!! Data will be lost [ 42.769524][ T3860] [ 42.779489][ T3860] EXT4-fs (loop4): Total free blocks count 0 [ 42.786182][ T3860] EXT4-fs (loop4): Free/Dirty block details [ 42.792727][ T3860] EXT4-fs (loop4): free_blocks=2415919504 [ 42.798510][ T3860] EXT4-fs (loop4): dirty_blocks=1632 [ 42.804015][ T3860] EXT4-fs (loop4): Block reservation details [ 42.810565][ T3860] EXT4-fs (loop4): i_reserved_data_blocks=102 [ 42.833635][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.869220][ T4322] VFS: Mount too revealing [ 43.175477][ T4336] loop1: detected capacity change from 0 to 128 [ 43.326144][ T4341] loop1: detected capacity change from 0 to 2048 [ 43.359039][ T4341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.502225][ T4354] loop3: detected capacity change from 0 to 128 [ 43.578204][ T4332] loop2: detected capacity change from 0 to 32768 [ 43.618878][ T4360] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 43.658166][ T4360] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 136 with error 28 [ 43.683853][ T3299] loop2: p1 p3 < > [ 43.687729][ T3299] loop2: partition table partially beyond EOD, truncated [ 43.687973][ T4360] EXT4-fs (loop1): This should not happen!! Data will be lost [ 43.687973][ T4360] [ 43.701613][ T3299] loop2: p3 start 265216 is beyond EOD, truncated [ 43.723023][ T4332] loop2: p1 p3 < > [ 43.729687][ T4332] loop2: partition table partially beyond EOD, truncated [ 43.742593][ T4332] loop2: p3 start 265216 is beyond EOD, truncated [ 43.771394][ T4360] EXT4-fs (loop1): Total free blocks count 0 [ 43.794724][ T4360] EXT4-fs (loop1): Free/Dirty block details [ 43.812801][ T4360] EXT4-fs (loop1): free_blocks=2415919504 [ 43.954826][ T4360] EXT4-fs (loop1): dirty_blocks=1760 [ 43.997507][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 44.027815][ T4360] EXT4-fs (loop1): Block reservation details [ 44.040319][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 44.063663][ T4360] EXT4-fs (loop1): i_reserved_data_blocks=142 [ 44.127701][ T4389] loop2: detected capacity change from 0 to 128 [ 44.180171][ T4389] FAT-fs (loop2): Directory bread(block 32) failed [ 44.186855][ T4389] FAT-fs (loop2): Directory bread(block 33) failed [ 44.193652][ T4389] FAT-fs (loop2): Directory bread(block 34) failed [ 44.208889][ T4389] FAT-fs (loop2): Directory bread(block 35) failed [ 44.234127][ T4393] netlink: 'syz.4.286': attribute type 1 has an invalid length. [ 44.234753][ T4389] FAT-fs (loop2): Directory bread(block 36) failed [ 44.268585][ T4393] bond1: (slave ip6gretap1): making interface the new active one [ 44.276656][ T4393] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 44.277802][ T4389] FAT-fs (loop2): Directory bread(block 37) failed [ 44.284475][ T4393] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 44.284496][ T4393] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 44.325020][ T4389] FAT-fs (loop2): Directory bread(block 38) failed [ 44.349400][ T4389] FAT-fs (loop2): Directory bread(block 39) failed [ 44.352819][ T4341] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 136 with max blocks 2048 with error 28 [ 44.356197][ T4389] FAT-fs (loop2): Directory bread(block 40) failed [ 44.375025][ T4389] FAT-fs (loop2): Directory bread(block 41) failed [ 44.521920][ T4400] loop2: detected capacity change from 0 to 128 [ 44.533982][ T4400] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 44.562232][ T4400] ext4 filesystem being mounted at /60/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 44.618185][ T83] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.702556][ T83] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.742582][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 44.793877][ T83] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.880051][ T83] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.024446][ T4434] netlink: 25 bytes leftover after parsing attributes in process `syz.0.299'. [ 45.069444][ T4437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 45.078634][ T4438] netlink: 'syz.0.299': attribute type 4 has an invalid length. [ 45.096301][ T4437] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 45.131039][ T83] bridge_slave_1: left allmulticast mode [ 45.136760][ T83] bridge_slave_1: left promiscuous mode [ 45.147029][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.175310][ T83] bridge_slave_0: left allmulticast mode [ 45.186937][ T83] bridge_slave_0: left promiscuous mode [ 45.193192][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.225738][ T4450] loop0: detected capacity change from 0 to 2048 [ 45.250096][ T83] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 45.261158][ T3299] loop0: p3 < > p4 < > [ 45.265387][ T3299] loop0: partition table partially beyond EOD, truncated [ 45.279142][ T3299] loop0: p3 start 4284289 is beyond EOD, truncated [ 45.287839][ T4450] loop0: p3 < > p4 < > [ 45.292228][ T4450] loop0: partition table partially beyond EOD, truncated [ 45.300668][ T4450] loop0: p3 start 4284289 is beyond EOD, truncated [ 45.310154][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 45.341140][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 45.390901][ T83] bond0 (unregistering): Released all slaves [ 45.407867][ T83] bond1 (unregistering): Released all slaves [ 45.423314][ T4451] gretap1: entered promiscuous mode [ 45.463853][ T4460] loop0: detected capacity change from 0 to 512 [ 45.472309][ T4460] EXT4-fs: Ignoring removed bh option [ 45.479167][ T4460] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 45.495451][ T4460] EXT4-fs (loop0): 1 truncate cleaned up [ 45.514564][ T4460] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.526683][ T83] hsr_slave_0: left promiscuous mode [ 45.531603][ T4460] netlink: 'syz.0.308': attribute type 6 has an invalid length. [ 45.549232][ T83] hsr_slave_1: left promiscuous mode [ 45.560181][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.577792][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 45.592401][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.599978][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 45.601251][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.627683][ T83] veth1_macvtap: left promiscuous mode [ 45.633517][ T83] veth0_macvtap: left promiscuous mode [ 45.640993][ T83] veth1_vlan: left promiscuous mode [ 45.646253][ T83] veth0_vlan: left promiscuous mode [ 45.655248][ T28] kauditd_printk_skb: 28 callbacks suppressed [ 45.655261][ T28] audit: type=1400 audit(1771445568.724:266): avc: denied { bind } for pid=4471 comm="syz.1.313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 45.699958][ T28] audit: type=1400 audit(1771445568.724:267): avc: denied { name_bind } for pid=4471 comm="syz.1.313" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 45.770470][ T28] audit: type=1400 audit(1771445568.724:268): avc: denied { node_bind } for pid=4471 comm="syz.1.313" saddr=224.0.0.2 src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 45.803914][ T4478] loop0: detected capacity change from 0 to 8192 [ 45.829942][ T28] audit: type=1400 audit(1771445568.884:269): avc: denied { write } for pid=4483 comm="syz.1.316" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 45.887736][ T28] audit: type=1400 audit(1771445568.924:270): avc: denied { mounton } for pid=4473 comm="syz.0.312" path="/61/file2/bus" dev="loop0" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 45.910952][ T3309] FAT-fs (loop0): error, invalid access to FAT (entry 0x0000e1b1) [ 45.919012][ T3309] FAT-fs (loop0): Filesystem has been set read-only [ 45.931521][ T28] audit: type=1400 audit(1771445568.974:271): avc: denied { map } for pid=4483 comm="syz.1.316" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 45.958070][ T28] audit: type=1400 audit(1771445569.004:272): avc: denied { unmount } for pid=3309 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 46.033648][ T28] audit: type=1400 audit(1771445569.104:273): avc: denied { write } for pid=4488 comm="syz.1.319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 46.145535][ T83] team0 (unregistering): Port device team_slave_1 removed [ 46.172097][ T83] team0 (unregistering): Port device team_slave_0 removed [ 46.220609][ T4502] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 46.260032][ T4496] can0: slcan on ttyS3. [ 46.267331][ T4502] EXT4-fs (loop0): 1 truncate cleaned up [ 46.319888][ T4499] can0 (unregistered): slcan off ttyS3. [ 46.330022][ T4502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.349706][ T4499] Falling back ldisc for ttyS3. [ 46.367261][ T28] audit: type=1400 audit(1771445569.434:274): avc: denied { append } for pid=4501 comm="syz.0.322" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 46.371441][ T4408] chnl_net:caif_netlink_parms(): no params data found [ 46.407254][ T28] audit: type=1400 audit(1771445569.434:275): avc: denied { ioctl } for pid=4501 comm="syz.0.322" path="/63/file1/file1" dev="loop0" ino=15 ioctlcmd=0x660f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 46.462065][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.591686][ T4408] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.600489][ T4408] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.607711][ T4408] bridge_slave_0: entered allmulticast mode [ 46.635651][ T3398] kernel read not supported for file /vcs (pid: 3398 comm: kworker/0:4) [ 46.637055][ T4408] bridge_slave_0: entered promiscuous mode [ 46.682018][ T23] kernel read not supported for file /vcs (pid: 23 comm: kworker/1:0) [ 46.713513][ T4408] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.743915][ T4408] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.771126][ T4408] bridge_slave_1: entered allmulticast mode [ 46.792020][ T4408] bridge_slave_1: entered promiscuous mode [ 46.827398][ T4408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.862979][ T4408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.909502][ T4408] team0: Port device team_slave_0 added [ 46.932557][ T4408] team0: Port device team_slave_1 added [ 46.980844][ T4408] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.987801][ T4408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 47.049772][ T4408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.061258][ T4408] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.068188][ T4408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 47.094192][ T4408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.235397][ T4408] hsr_slave_0: entered promiscuous mode [ 47.267626][ T4408] hsr_slave_1: entered promiscuous mode [ 47.280056][ T4408] debugfs: 'hsr0' already exists in 'hsr' [ 47.287983][ T4408] Cannot create hsr debugfs directory [ 47.458986][ T4408] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 47.479159][ T4408] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 47.487925][ T4581] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.505476][ T4408] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 47.516670][ T4408] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 47.537779][ T4590] set_capacity_and_notify: 2 callbacks suppressed [ 47.537795][ T4590] loop0: detected capacity change from 0 to 512 [ 47.647080][ T4590] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 47.681779][ T4408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.712933][ T4408] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.724119][ T4590] EXT4-fs (loop0): 1 truncate cleaned up [ 47.730709][ T3872] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.737769][ T3872] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.756712][ T4590] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.774109][ T3866] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.781200][ T3866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.819522][ T4408] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 47.850729][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.881818][ T4408] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 48.018688][ T4408] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.307351][ T4408] veth0_vlan: entered promiscuous mode [ 48.319376][ T4408] veth1_vlan: entered promiscuous mode [ 48.334043][ T4408] veth0_macvtap: entered promiscuous mode [ 48.341562][ T4408] veth1_macvtap: entered promiscuous mode [ 48.366043][ T4408] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.377828][ T4408] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.411705][ T83] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.426170][ T83] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.446692][ T83] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.456518][ T83] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.532444][ T4664] PKCS7: Unknown OID: [4] (bad) [ 48.543850][ T4664] PKCS7: Only support pkcs7_signedData type [ 48.660047][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.901289][ T4687] loop3: detected capacity change from 0 to 128 [ 48.950477][ T4689] loop2: detected capacity change from 0 to 128 [ 48.961569][ T4691] loop1: detected capacity change from 0 to 128 [ 48.998055][ T4692] syz.3.354: attempt to access beyond end of device [ 48.998055][ T4692] loop3: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 49.038328][ T4692] syz.3.354: attempt to access beyond end of device [ 49.038328][ T4692] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 49.072262][ T4692] syz.3.354: attempt to access beyond end of device [ 49.072262][ T4692] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 49.123505][ T4692] syz.3.354: attempt to access beyond end of device [ 49.123505][ T4692] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 49.312142][ T83] kworker/u8:5: attempt to access beyond end of device [ 49.312142][ T83] loop1: rw=1, sector=129, nr_sectors = 8 limit=128 [ 49.388127][ T83] kworker/u8:5: attempt to access beyond end of device [ 49.388127][ T83] loop1: rw=1, sector=145, nr_sectors = 8 limit=128 [ 49.423880][ T83] kworker/u8:5: attempt to access beyond end of device [ 49.423880][ T83] loop1: rw=1, sector=161, nr_sectors = 8 limit=128 [ 49.458801][ T83] kworker/u8:5: attempt to access beyond end of device [ 49.458801][ T83] loop1: rw=1, sector=177, nr_sectors = 8 limit=128 [ 49.518820][ T83] kworker/u8:5: attempt to access beyond end of device [ 49.518820][ T83] loop1: rw=1, sector=193, nr_sectors = 8 limit=128 [ 49.567494][ T83] kworker/u8:5: attempt to access beyond end of device [ 49.567494][ T83] loop1: rw=1, sector=209, nr_sectors = 8 limit=128 [ 50.075653][ T4744] loop1: detected capacity change from 0 to 1024 [ 50.105896][ T4744] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.136611][ T4744] EXT4-fs (loop1): shut down requested (0) [ 50.173418][ T4744] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 50.213417][ T4744] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 50.222807][ T4744] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 50.231697][ T4744] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 50.240556][ T4744] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=13 [ 50.462389][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.514262][ T4751] netlink: 'syz.5.377': attribute type 1 has an invalid length. [ 50.739471][ T4760] loop1: detected capacity change from 0 to 1024 [ 50.784102][ T4760] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 50.809117][ T4763] loop5: detected capacity change from 0 to 512 [ 50.823722][ T4760] System zones: 0-1, 3-36 [ 50.856287][ T4760] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.380: bad orphan inode 134217728 [ 50.873900][ T4763] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 50.887540][ T4760] loop1: lost filesystem error report for type 5 error -117 [ 50.888382][ T4760] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 50.929815][ T4763] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it [ 50.940480][ T4763] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.381: Corrupt directory, running e2fsck is recommended [ 50.957616][ T4760] EXT4-fs: Cannot specify journal on remount [ 50.960531][ T4763] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117 [ 50.963749][ T28] kauditd_printk_skb: 31 callbacks suppressed [ 50.963768][ T28] audit: type=1400 audit(1771445574.024:307): avc: denied { remount } for pid=4759 comm="syz.1.380" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 50.971905][ T4763] EXT4-fs error (device loop5): ext4_iget_extra_inode:5025: inode #15: comm syz.5.381: corrupted in-inode xattr: e_name out of bounds [ 51.013622][ T4763] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 51.013981][ T4763] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.381: couldn't read orphan inode 15 (err -117) [ 51.023204][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 51.023221][ C1] EXT4-fs (loop5): initial error at time 1771445574: ext4_iget_extra_inode:5025: inode 15 [ 51.023247][ C1] EXT4-fs (loop5): last error at time 1771445574: ext4_iget_extra_inode:5025: inode 15 [ 51.061879][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.081414][ T4763] loop5: lost filesystem error report for type 5 error -117 [ 51.081902][ T4763] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.111222][ T28] audit: type=1400 audit(1771445574.184:308): avc: denied { mounton } for pid=4769 comm="syz.3.385" path="/71/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 51.199689][ T28] audit: type=1400 audit(1771445574.254:309): avc: denied { unmount } for pid=3310 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 51.229983][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 51.233746][ T4777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.386'. [ 51.271824][ T4775] loop3: detected capacity change from 0 to 512 [ 51.308778][ T4775] FAT-fs (loop3): error, corrupted file size (i_pos 51, 8960) [ 51.316346][ T4775] FAT-fs (loop3): Filesystem has been set read-only [ 51.335445][ T4775] FAT-fs (loop3): error, corrupted file size (i_pos 51, 8960) [ 51.342953][ T28] audit: type=1400 audit(1771445574.414:310): avc: denied { setopt } for pid=4778 comm="syz.1.389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 51.380423][ T4775] FAT-fs (loop3): error, corrupted file size (i_pos 51, 8960) [ 51.403739][ T4775] FAT-fs (loop3): error, corrupted file size (i_pos 51, 8960) [ 51.497844][ T28] audit: type=1400 audit(1771445574.564:311): avc: denied { accept } for pid=4792 comm="syz.5.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 51.544723][ T4795] netlink: 'syz.0.395': attribute type 10 has an invalid length. [ 51.588810][ T4795] team0: Failed to send options change via netlink (err -105) [ 51.597227][ T4798] loop3: detected capacity change from 0 to 512 [ 51.614175][ T4795] team0: Port device dummy0 added [ 51.625596][ T4798] EXT4-fs: Ignoring removed i_version option [ 51.655834][ T4798] EXT4-fs: Ignoring removed bh option [ 51.696229][ T4801] Set syz1 is full, maxelem 2 reached [ 51.703303][ T4798] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.721762][ T4798] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 51.791054][ T4807] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 51.897281][ T28] audit: type=1400 audit(1771445574.964:312): avc: denied { read } for pid=4810 comm="syz.2.400" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 51.952486][ T28] audit: type=1400 audit(1771445574.964:313): avc: denied { open } for pid=4810 comm="syz.2.400" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 52.131190][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.239591][ T28] audit: type=1400 audit(1771445575.304:314): avc: denied { sqpoll } for pid=4819 comm="syz.1.401" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 52.339935][ T4824] netlink: 24 bytes leftover after parsing attributes in process `syz.3.404'. [ 52.414588][ T4829] loop1: detected capacity change from 0 to 128 [ 52.500799][ T4829] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fff0000) [ 52.510706][ T4829] FAT-fs (loop1): Filesystem has been set read-only [ 52.754102][ T4841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.411'. [ 52.763037][ T4841] netlink: 8 bytes leftover after parsing attributes in process `syz.3.411'. [ 52.829353][ T28] audit: type=1400 audit(1771445575.894:315): avc: denied { mount } for pid=4845 comm="syz.3.413" name="/" dev="configfs" ino=2100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 52.864076][ T4847] loop5: detected capacity change from 0 to 512 [ 52.883665][ T28] audit: type=1400 audit(1771445575.934:316): avc: denied { search } for pid=4845 comm="syz.3.413" name="/" dev="configfs" ino=2100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 53.111855][ T4847] EXT4-fs: Ignoring removed orlov option [ 53.119904][ T4847] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 53.142293][ T4847] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 53.154538][ T4847] EXT4-fs error (device loop5): ext4_iget_extra_inode:5025: inode #15: comm syz.5.410: corrupted in-inode xattr: e_value size too large [ 53.168697][ T4847] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 53.168914][ T4847] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.410: couldn't read orphan inode 15 (err -117) [ 53.178113][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 53.178129][ C0] EXT4-fs (loop5): initial error at time 1771445576: ext4_iget_extra_inode:5025: inode 15 [ 53.178153][ C0] EXT4-fs (loop5): last error at time 1771445576: ext4_iget_extra_inode:5025: inode 15 [ 53.216141][ T4847] loop5: lost filesystem error report for type 5 error -117 [ 53.216620][ T4847] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.333696][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.693904][ T4880] macvtap1: entered promiscuous mode [ 53.699217][ T4880] macvtap1: entered allmulticast mode [ 53.704844][ T4880] syz_tun: entered promiscuous mode [ 53.710140][ T4880] syz_tun: entered allmulticast mode [ 53.716292][ T4880] team0: Device macvtap1 failed to register rx_handler [ 53.723392][ T4880] syz_tun: left allmulticast mode [ 53.728530][ T4880] syz_tun: left promiscuous mode [ 53.949897][ T4886] xt_limit: Overflow, try lower: 65536/2147483648 [ 54.103184][ T4895] netlink: 'syz.3.431': attribute type 1 has an invalid length. [ 54.104449][ T3398] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 54.131061][ T3398] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 54.209347][ T4895] 8021q: adding VLAN 0 to HW filter on device bond1 [ 54.341132][ T4915] veth1_to_bond: entered allmulticast mode [ 54.348379][ T4915] veth1_to_bond: left allmulticast mode [ 54.420881][ T4921] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4921 comm=syz.3.440 [ 54.611410][ T4926] SELinux: failed to load policy [ 54.659495][ T4932] loop0: detected capacity change from 0 to 128 [ 54.679936][ T4932] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 54.751808][ T4932] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 55.043844][ T4943] loop0: detected capacity change from 0 to 256 [ 55.219638][ T3872] FAT-fs (loop0): error, invalid FAT chain (i_pos 196, last_block 1024) [ 55.227991][ T3872] FAT-fs (loop0): Filesystem has been set read-only [ 55.367466][ T4956] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.398542][ T4956] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.422856][ T4956] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.436873][ T4956] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.463034][ T4961] netlink: 'syz.3.457': attribute type 29 has an invalid length. [ 55.467340][ T4956] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.504291][ T4956] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 55.529998][ T4956] vhci_hcd vhci_hcd.0: pdev(5) rhport(6) sockfd(15) [ 55.536668][ T4956] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 55.569146][ T4956] vhci_hcd vhci_hcd.0: Device attached [ 55.591026][ T4964] vhci_hcd: connection closed [ 55.591239][ T3846] vhci_hcd vhci_hcd.5: stop threads [ 55.616581][ T3846] vhci_hcd vhci_hcd.5: release socket [ 55.642907][ T3846] vhci_hcd vhci_hcd.5: disconnect device [ 56.359316][ T4975] bridge_slave_0: left allmulticast mode [ 56.365526][ T4975] bridge_slave_0: left promiscuous mode [ 56.380718][ T4975] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.470834][ T4975] bridge_slave_1: left allmulticast mode [ 56.476482][ T4975] bridge_slave_1: left promiscuous mode [ 56.524637][ T4975] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.557096][ T4975] bond0: (slave bond_slave_0): Releasing backup interface [ 56.575330][ T4975] bond0: (slave bond_slave_1): Releasing backup interface [ 56.613272][ T4975] team0: Port device team_slave_0 removed [ 56.644305][ T4975] team0: Port device team_slave_1 removed [ 56.661010][ T4975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.671026][ T4975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.690609][ T4975] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.708296][ T4975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 56.723978][ T4975] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 56.987285][ T28] kauditd_printk_skb: 15 callbacks suppressed [ 56.987301][ T28] audit: type=1400 audit(1771445580.054:332): avc: denied { listen } for pid=4987 comm="syz.3.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 57.050944][ T28] audit: type=1400 audit(1771445580.054:333): avc: denied { accept } for pid=4987 comm="syz.3.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 57.237098][ T4992] loop0: detected capacity change from 0 to 128 [ 57.274539][ T4992] FAT-fs (loop0): error, invalid access to FAT (entry 0x0fff0000) [ 57.282620][ T4992] FAT-fs (loop0): Filesystem has been set read-only [ 57.397648][ T28] audit: type=1400 audit(1771445580.464:334): avc: denied { read } for pid=4993 comm="syz.5.470" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 57.442546][ T28] audit: type=1400 audit(1771445580.494:335): avc: denied { open } for pid=4993 comm="syz.5.470" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 57.489994][ T28] audit: type=1400 audit(1771445580.534:336): avc: denied { ioctl } for pid=4993 comm="syz.5.470" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 57.526410][ T4998] loop5: detected capacity change from 0 to 256 [ 57.576432][ T4998] FAT-fs (loop5): Directory bread(block 64) failed [ 57.588121][ T4998] FAT-fs (loop5): Directory bread(block 65) failed [ 57.595457][ T4998] FAT-fs (loop5): Directory bread(block 66) failed [ 57.603373][ T4998] FAT-fs (loop5): Directory bread(block 67) failed [ 57.610513][ T4998] FAT-fs (loop5): Directory bread(block 68) failed [ 57.617859][ T4998] FAT-fs (loop5): Directory bread(block 69) failed [ 57.625462][ T4998] FAT-fs (loop5): Directory bread(block 70) failed [ 57.632347][ T4998] FAT-fs (loop5): Directory bread(block 71) failed [ 57.639404][ T4998] FAT-fs (loop5): Directory bread(block 72) failed [ 57.646288][ T4998] FAT-fs (loop5): Directory bread(block 73) failed [ 57.930093][ T28] audit: type=1400 audit(1771445580.994:337): avc: denied { read write } for pid=5007 comm="syz.3.476" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 58.013035][ T28] audit: type=1400 audit(1771445580.994:338): avc: denied { open } for pid=5007 comm="syz.3.476" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 58.083604][ T5017] netlink: 24 bytes leftover after parsing attributes in process `syz.5.479'. [ 58.094434][ T28] audit: type=1400 audit(1771445581.064:339): avc: denied { connect } for pid=5011 comm="syz.3.478" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.108658][ T5017] netlink: 24 bytes leftover after parsing attributes in process `syz.5.479'. [ 58.409351][ T5029] loop2: detected capacity change from 0 to 512 [ 58.420503][ T5029] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 58.463515][ T5029] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ec01c, mo2=0003] [ 58.487717][ T5029] System zones: 1-2, 4-12, 8-8 [ 58.530659][ T5029] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.485: iget: bad i_size value: 38620345925642 [ 58.594482][ T5029] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 58.594908][ T5029] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.485: couldn't read orphan inode 15 (err -117) [ 58.604158][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 58.604178][ C1] EXT4-fs (loop2): initial error at time 1771445581: ext4_orphan_get:1391: inode 15 [ 58.604217][ C1] EXT4-fs (loop2): last error at time 1771445581: ext4_orphan_get:1391: inode 15 [ 58.666138][ T5029] loop2: lost filesystem error report for type 5 error -117 [ 58.666680][ T5029] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 58.749360][ T5042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.763370][ T5041] netlink: 12 bytes leftover after parsing attributes in process `syz.0.489'. [ 58.833166][ T5047] netlink: 48 bytes leftover after parsing attributes in process `syz.1.491'. [ 58.849051][ T5042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.898345][ T5052] netlink: 8 bytes leftover after parsing attributes in process `syz.0.494'. [ 59.705014][ T5099] loop3: detected capacity change from 0 to 2048 [ 59.716974][ T3872] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm kworker/u8:19: bg 0: block 5: invalid block bitmap [ 59.751292][ T3872] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 59.768355][ T5099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 59.781058][ T3872] EXT4-fs (loop2): This should not happen!! Data will be lost [ 59.781058][ T3872] [ 59.819789][ T5099] ext4 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.841127][ T3872] EXT4-fs (loop2): Total free blocks count 0 [ 59.847250][ T3872] EXT4-fs (loop2): Free/Dirty block details [ 59.853431][ T3872] EXT4-fs (loop2): free_blocks=0 [ 59.858423][ T3872] EXT4-fs (loop2): dirty_blocks=16024 [ 59.864100][ T3872] EXT4-fs (loop2): Block reservation details [ 59.870262][ T3872] EXT4-fs (loop2): i_reserved_data_blocks=16024 [ 59.912957][ T3872] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 60.408777][ T5127] loop1: detected capacity change from 0 to 512 [ 60.467058][ T5140] netlink: 8 bytes leftover after parsing attributes in process `syz.5.512'. [ 60.560971][ T5127] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 60.600813][ T5127] EXT4-fs (loop1): orphan cleanup on readonly fs [ 60.685681][ T5127] EXT4-fs error (device loop1): ext4_do_update_inode:5569: inode #16: comm syz.1.511: corrupted inode contents [ 60.737703][ T28] audit: type=1400 audit(1771445583.784:340): avc: denied { create } for pid=5156 comm="syz.5.514" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 60.745674][ T5127] loop1: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 60.766697][ T28] audit: type=1400 audit(1771445583.784:341): avc: denied { write } for pid=5156 comm="syz.5.514" name="file0" dev="tmpfs" ino=208 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 60.799766][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 60.806923][ C0] EXT4-fs (loop1): initial error at time 1771445583: ext4_do_update_inode:5569: inode 16 [ 60.817594][ C0] EXT4-fs (loop1): last error at time 1771445583: ext4_do_update_inode:5569: inode 16 [ 60.825225][ T5103] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.507: bg 0: block 345: padding at end of block bitmap is not set [ 60.861762][ T5103] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117 [ 60.888534][ T5103] EXT4-fs (loop3): This should not happen!! Data will be lost [ 60.888534][ T5103] [ 60.889756][ T5127] EXT4-fs (loop1): Remounting filesystem read-only [ 60.942033][ T5127] EXT4-fs (loop1): 1 truncate cleaned up [ 60.948309][ T3872] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 60.979347][ T3872] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 61.000207][ T3872] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started [ 61.036641][ T3872] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2031 with error 28 [ 61.038059][ T5127] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 61.069808][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 61.101161][ T3872] EXT4-fs (loop3): This should not happen!! Data will be lost [ 61.101161][ T3872] [ 61.128921][ T3872] EXT4-fs (loop3): Total free blocks count 0 [ 61.140700][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 61.159635][ T3872] EXT4-fs (loop3): Free/Dirty block details [ 61.166415][ T3872] EXT4-fs (loop3): free_blocks=0 [ 61.199116][ T3872] EXT4-fs (loop3): dirty_blocks=2048 [ 61.212295][ T3872] EXT4-fs (loop3): Block reservation details [ 61.632259][ T5192] loop2: detected capacity change from 0 to 512 [ 61.694234][ T5192] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 61.709697][ T5192] EXT4-fs (loop2): orphan cleanup on readonly fs [ 61.773036][ T5192] EXT4-fs error (device loop2): ext4_do_update_inode:5569: inode #16: comm syz.2.529: corrupted inode contents [ 61.805384][ T5192] loop2: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 61.807917][ T5192] EXT4-fs (loop2): Remounting filesystem read-only [ 61.817628][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 61.817849][ C1] EXT4-fs (loop2): initial error at time 1771445584: ext4_do_update_inode:5569: inode 16 [ 61.818117][ C1] EXT4-fs (loop2): last error at time 1771445584: ext4_do_update_inode:5569: inode 16 [ 61.892012][ T5192] EXT4-fs (loop2): 1 truncate cleaned up [ 61.919694][ T30] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 61.939589][ T30] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 61.952563][ T30] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 61.994793][ T5192] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 62.086705][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 62.239566][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 62.239582][ T28] audit: type=1400 audit(1771445585.294:349): avc: denied { setopt } for pid=5208 comm="syz.5.535" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.379613][ T28] audit: type=1400 audit(1771445585.434:350): avc: denied { connect } for pid=5214 comm="syz.0.538" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.615914][ T5225] loop3: detected capacity change from 0 to 256 [ 62.677500][ T5225] bio_check_eod: 89 callbacks suppressed [ 62.677517][ T5225] syz.3.542: attempt to access beyond end of device [ 62.677517][ T5225] loop3: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 62.787374][ T5235] loop1: detected capacity change from 0 to 1024 [ 62.837424][ T5235] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 62.846535][ T5235] System zones: 0-1, 3-36 [ 62.848221][ T5242] netlink: 60 bytes leftover after parsing attributes in process `syz.5.546'. [ 62.860287][ T5235] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.545: bad orphan inode 134217728 [ 62.864741][ T5242] netlink: 60 bytes leftover after parsing attributes in process `syz.5.546'. [ 62.871014][ T5235] loop1: lost filesystem error report for type 5 error -117 [ 62.889567][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 62.903392][ C1] EXT4-fs (loop1): initial error at time 1771445585: ext4_orphan_get:1417 [ 62.911948][ C1] EXT4-fs (loop1): last error at time 1771445585: ext4_orphan_get:1417 [ 62.920589][ T5235] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.028588][ T5252] loop2: detected capacity change from 0 to 128 [ 63.035477][ T5252] msdos: Unknown parameter 'dos1xfl%›4?Ö…y' [ 63.107338][ T5255] loop2: detected capacity change from 0 to 1024 [ 63.151280][ T5255] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.182260][ T5255] EXT4-fs error (device loop2): ext4_check_all_de:660: inode #12: block 7: comm syz.2.553: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=108 fake=0 [ 63.203994][ T5255] EXT4-fs error (device loop2): ext4_read_inline_dir:1486: inode #12: block 7: comm syz.2.553: path /106/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=14, rec_len=8, size=132 fake=0 [ 63.245415][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.278800][ T5263] loop2: detected capacity change from 0 to 128 [ 63.312339][ T5263] FAT-fs (loop2): error, fat_bmap_cluster: request beyond EOF (i_pos 52) [ 63.320890][ T28] audit: type=1400 audit(1771445586.384:351): avc: denied { mount } for pid=5264 comm="syz.0.556" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 63.343562][ T5263] FAT-fs (loop2): Filesystem has been set read-only [ 63.365528][ T28] audit: type=1400 audit(1771445586.384:352): avc: denied { watch watch_reads } for pid=5264 comm="syz.0.556" path="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 63.406457][ T28] audit: type=1400 audit(1771445586.384:353): avc: denied { read write } for pid=5264 comm="syz.0.556" name="ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 63.430921][ T28] audit: type=1400 audit(1771445586.384:354): avc: denied { open } for pid=5264 comm="syz.0.556" path="/dev/ptp0" dev="devtmpfs" ino=247 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 63.441355][ T5271] loop2: detected capacity change from 0 to 512 [ 63.454540][ T28] audit: type=1400 audit(1771445586.424:355): avc: denied { mounton } for pid=5262 comm="syz.2.555" path="/" dev="loop2" ino=29 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 63.488205][ T5271] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 63.500978][ T5271] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.582009][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.655992][ T5281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 63.685056][ T5281] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 63.693844][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 63.740016][ T5284] loop0: detected capacity change from 0 to 1024 [ 63.748662][ T28] audit: type=1400 audit(1771445586.814:356): avc: denied { mounton } for pid=5283 comm="syz.1.563" path="/126/file0" dev="tmpfs" ino=685 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 63.777976][ T5284] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 63.786708][ T5284] System zones: 0-1, 3-36 [ 63.792622][ T5284] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.565: bad orphan inode 134217728 [ 63.805896][ T5284] loop0: lost filesystem error report for type 5 error -117 [ 63.809579][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 63.823295][ C0] EXT4-fs (loop0): initial error at time 1771445586: ext4_orphan_get:1417 [ 63.831825][ C0] EXT4-fs (loop0): last error at time 1771445586: ext4_orphan_get:1417 [ 63.841010][ T5284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 63.870809][ T5292] gretap0: entered promiscuous mode [ 63.896025][ T5292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.567'. [ 63.905061][ T5292] gretap0: left promiscuous mode [ 64.245339][ T5306] loop5: detected capacity change from 0 to 2048 [ 64.274137][ T28] audit: type=1400 audit(1771445587.344:357): avc: denied { ioctl } for pid=5307 comm="syz.1.582" path="socket:[12262]" dev="sockfs" ino=12262 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 64.299375][ T28] audit: type=1400 audit(1771445587.344:358): avc: denied { read } for pid=5307 comm="syz.1.582" path="socket:[12261]" dev="sockfs" ino=12261 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 64.352002][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 64.371531][ T5306] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 64.549907][ T5324] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1315: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 64.564785][ T5324] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 96 with error 28 [ 64.567296][ T5326] loop1: detected capacity change from 0 to 128 [ 64.609837][ T5324] EXT4-fs (loop5): This should not happen!! Data will be lost [ 64.609837][ T5324] [ 64.619491][ T5324] EXT4-fs (loop5): Total free blocks count 0 [ 64.650973][ T5326] FAT-fs (loop1): error, invalid FAT chain (i_pos 548, last_block 8) [ 64.669432][ T5326] FAT-fs (loop1): Filesystem has been set read-only [ 64.670473][ T5324] EXT4-fs (loop5): Free/Dirty block details [ 64.676219][ T5326] FAT-fs (loop1): error, corrupted file size (i_pos 548, 522) [ 64.710806][ T5319] loop0: detected capacity change from 0 to 512 [ 64.778783][ T5324] EXT4-fs (loop5): free_blocks=2415919504 [ 64.813509][ T5319] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 64.847454][ T5319] EXT4-fs (loop0): orphan cleanup on readonly fs [ 64.914737][ T5324] EXT4-fs (loop5): dirty_blocks=2336 [ 64.920300][ T5332] loop1: detected capacity change from 0 to 512 [ 64.926936][ T5332] EXT4-fs: Ignoring removed orlov option [ 64.932703][ T5332] EXT4-fs: Ignoring removed mblk_io_submit option [ 64.942682][ T5332] EXT4-fs error (device loop1): ext4_iget_extra_inode:5025: inode #15: comm syz.1.579: corrupted in-inode xattr: e_value size too large [ 64.962660][ T5324] EXT4-fs (loop5): Block reservation details [ 64.964678][ T5319] EXT4-fs error (device loop0): ext4_do_update_inode:5569: inode #16: comm syz.0.573: corrupted inode contents [ 64.968723][ T5324] EXT4-fs (loop5): i_reserved_data_blocks=199 [ 64.989622][ T5332] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 64.989974][ T5332] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.579: couldn't read orphan inode 15 (err -117) [ 65.010925][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 65.010963][ C1] EXT4-fs (loop1): initial error at time 1771445588: ext4_iget_extra_inode:5025: inode 15 [ 65.010987][ C1] EXT4-fs (loop1): last error at time 1771445588: ext4_iget_extra_inode:5025: inode 15 [ 65.037306][ T5319] loop0: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 65.039548][ C1] EXT4-fs (loop0): error count since last fsck: 1 [ 65.055100][ C1] EXT4-fs (loop0): initial error at time 1771445588: ext4_do_update_inode:5569: inode 16 [ 65.064933][ C1] EXT4-fs (loop0): last error at time 1771445588: ext4_do_update_inode:5569: inode 16 [ 65.074755][ T5319] EXT4-fs (loop0): Remounting filesystem read-only [ 65.090995][ T5319] EXT4-fs (loop0): 1 truncate cleaned up [ 65.109773][ T3860] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 65.120427][ T5332] loop1: lost filesystem error report for type 5 error -117 [ 65.121325][ T5332] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 65.141824][ T3860] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 65.159752][ T3860] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 65.205900][ T5319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 65.222679][ T5332] EXT4-fs error (device loop1): ext4_map_blocks:776: inode #2: block 12: comm syz.1.579: lblock 3 mapped to illegal pblock 12 (length 1) [ 65.281993][ T5306] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 96 with max blocks 2048 with error 28 [ 65.392720][ T5348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 65.410128][ T5348] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 65.438106][ T5348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.588'. [ 65.476949][ T5348] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.490501][ T5350] netlink: 164 bytes leftover after parsing attributes in process `syz.3.590'. [ 65.491577][ T5348] batadv_slave_0: entered promiscuous mode [ 65.527213][ T5348] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 65.650226][ T5358] loop5: detected capacity change from 0 to 512 [ 65.668776][ T5358] EXT4-fs (loop5): 1 truncate cleaned up [ 65.715965][ T5358] EXT4-fs mount: 3 callbacks suppressed [ 65.715979][ T5358] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 65.748983][ T5362] loop2: detected capacity change from 0 to 2048 [ 65.786033][ T5362] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 65.811625][ T5362] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.885281][ T5367] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.589: bg 0: block 465: padding at end of block bitmap is not set [ 65.933462][ T5367] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 65.950534][ T5367] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.589: invalid indirect mapped block 234881024 (level 0) [ 66.146516][ T5369] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.593: bg 0: block 345: padding at end of block bitmap is not set [ 66.162030][ T5369] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117 [ 66.219710][ T5369] EXT4-fs (loop2): This should not happen!! Data will be lost [ 66.219710][ T5369] [ 66.372063][ T3846] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 2031 with error 28 [ 66.388406][ T3846] EXT4-fs (loop2): This should not happen!! Data will be lost [ 66.388406][ T3846] [ 66.416968][ T3846] EXT4-fs (loop2): Total free blocks count 0 [ 66.423241][ T3846] EXT4-fs (loop2): Free/Dirty block details [ 66.429138][ T3846] EXT4-fs (loop2): free_blocks=0 [ 66.434429][ T3846] EXT4-fs (loop2): dirty_blocks=2048 [ 66.449713][ T3846] EXT4-fs (loop2): Block reservation details [ 66.471232][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.356656][ T5428] loop5: detected capacity change from 0 to 1024 [ 67.393465][ T5428] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.435468][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.602829][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 67.602844][ T28] audit: type=1400 audit(1771445590.674:372): avc: denied { nlmsg_write } for pid=5438 comm="syz.1.625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 67.631139][ T28] audit: type=1400 audit(1771445590.674:373): avc: denied { audit_write } for pid=5438 comm="syz.1.625" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 67.652432][ T28] audit: type=1107 audit(1771445590.674:374): pid=5438 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 67.666607][ T28] audit: type=1400 audit(1771445590.704:375): avc: denied { firmware_load } for pid=5438 comm="syz.1.625" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 67.715951][ T5442] netlink: 104 bytes leftover after parsing attributes in process `syz.5.626'. [ 67.790873][ T5448] loop1: detected capacity change from 0 to 256 [ 67.853795][ T5452] netlink: 4 bytes leftover after parsing attributes in process `syz.5.631'. [ 67.886775][ T3860] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.895568][ T5452] netlink: 4 bytes leftover after parsing attributes in process `syz.5.631'. [ 67.904881][ T3860] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.928549][ T3860] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.949476][ T3860] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.158621][ T5473] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 68.191741][ T5473] netlink: 8 bytes leftover after parsing attributes in process `syz.3.639'. [ 68.204498][ T5473] netlink: 16 bytes leftover after parsing attributes in process `syz.3.639'. [ 68.229239][ T28] audit: type=1400 audit(1771445591.294:376): avc: denied { read } for pid=5479 comm="syz.0.642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 68.262480][ T5484] netlink: 8 bytes leftover after parsing attributes in process `syz.3.643'. [ 68.271715][ T5484] netlink: 'syz.3.643': attribute type 5 has an invalid length. [ 68.280221][ T5484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.643'. [ 68.302570][ T5484] geneve2: entered promiscuous mode [ 68.309090][ T5484] geneve2: entered allmulticast mode [ 68.316374][ T30] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 34280 - 0 [ 68.325338][ T30] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 34280 - 0 [ 68.343578][ T30] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 34280 - 0 [ 68.365025][ T30] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 34280 - 0 [ 68.402953][ T30] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.412076][ T30] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.425635][ T30] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.435211][ T30] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 68.450242][ T5485] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 68.463007][ T5485] EXT4-fs (loop5): orphan cleanup on readonly fs [ 68.491579][ T5485] EXT4-fs error (device loop5): ext4_do_update_inode:5569: inode #16: comm syz.5.644: corrupted inode contents [ 68.503914][ T5485] loop5: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117 [ 68.504519][ T5485] EXT4-fs (loop5): Remounting filesystem read-only [ 68.514289][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 68.514430][ C1] EXT4-fs (loop5): initial error at time 1771445591: ext4_do_update_inode:5569: inode 16 [ 68.514659][ C1] EXT4-fs (loop5): last error at time 1771445591: ext4_do_update_inode:5569: inode 16 [ 68.555747][ T5485] EXT4-fs (loop5): 1 truncate cleaned up [ 68.567769][ T30] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 68.586991][ T30] Quota error (device loop5): write_blk: dquota write failed [ 68.608385][ T30] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries [ 68.609474][ T28] audit: type=1400 audit(1771445591.674:377): avc: denied { mount } for pid=5509 comm="syz.3.655" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 68.618531][ T30] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 68.651801][ T30] Quota error (device loop5): write_blk: dquota write failed [ 68.666094][ T30] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list [ 68.676354][ T30] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started [ 68.696792][ T5485] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 68.748607][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.787911][ T5519] 9pnet: p9_errstr2errno: server reported unknown error 0x00000 [ 68.820923][ T5530] set_capacity_and_notify: 2 callbacks suppressed [ 68.820938][ T5530] loop3: detected capacity change from 0 to 1024 [ 68.839082][ T5530] EXT4-fs: inline encryption not supported [ 68.861217][ T5530] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.890316][ T5530] EXT4-fs warning (device loop3): ext4_rename_delete:3729: inode #18: comm syz.3.664: Deleting old file: nlink 2, error=-2 [ 68.914763][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.951437][ T5544] IPv4: Oversized IP packet from 172.20.20.24 [ 68.957729][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 68.963985][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 68.964984][ T5545] __nla_validate_parse: 2 callbacks suppressed [ 68.964997][ T5545] netlink: 1363 bytes leftover after parsing attributes in process `syz.0.669'. [ 69.193264][ T5562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.676'. [ 69.203147][ T5562] netlink: 24 bytes leftover after parsing attributes in process `syz.0.676'. [ 69.277943][ T5566] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.285162][ T5566] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.325960][ T5566] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.335989][ T5566] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.365421][ T30] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.375499][ T30] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.385024][ T30] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 69.400618][ T30] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.411123][ T30] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.420348][ T30] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 69.429292][ T30] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.438283][ T30] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.447363][ T30] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 69.460986][ T30] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 69.470686][ T30] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 69.482697][ T30] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 69.513367][ T5569] loop0: detected capacity change from 0 to 8192 [ 69.545874][ T5569] FAT-fs (loop0): error, clusters badly computed (2 != 1) [ 69.553617][ T5569] FAT-fs (loop0): Filesystem has been set read-only [ 71.050415][ T5471] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 71.227558][ T5602] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 71.269672][ T5602] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 71.287218][ T5602] vhci_hcd vhci_hcd.4: default hub control req: 0016 v0014 i0000 l0 [ 71.308889][ T5606] loop2: detected capacity change from 0 to 128 [ 71.364305][ T5608] netlink: 8 bytes leftover after parsing attributes in process `syz.5.695'. [ 71.398339][ T5608] netlink: 4 bytes leftover after parsing attributes in process `syz.5.695'. [ 71.419808][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.419808][ T3860] loop2: rw=1, sector=145, nr_sectors = 16 limit=128 [ 71.421757][ T5608] netlink: 8 bytes leftover after parsing attributes in process `syz.5.695'. [ 71.439664][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.439664][ T3860] loop2: rw=1, sector=169, nr_sectors = 8 limit=128 [ 71.458853][ T5608] netlink: 4 bytes leftover after parsing attributes in process `syz.5.695'. [ 71.471219][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.471219][ T3860] loop2: rw=1, sector=185, nr_sectors = 8 limit=128 [ 71.502187][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.502187][ T3860] loop2: rw=1, sector=201, nr_sectors = 8 limit=128 [ 71.515802][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.515802][ T3860] loop2: rw=1, sector=217, nr_sectors = 8 limit=128 [ 71.536622][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.536622][ T3860] loop2: rw=1, sector=233, nr_sectors = 8 limit=128 [ 71.567153][ T5616] policy can only be matched on NF_INET_PRE_ROUTING [ 71.567166][ T5616] unable to load match [ 71.570149][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.570149][ T3860] loop2: rw=1, sector=249, nr_sectors = 8 limit=128 [ 71.597466][ T5618] netlink: 44 bytes leftover after parsing attributes in process `syz.0.700'. [ 71.606655][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.606655][ T3860] loop2: rw=1, sector=265, nr_sectors = 8 limit=128 [ 71.625993][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.625993][ T3860] loop2: rw=1, sector=281, nr_sectors = 8 limit=128 [ 71.639511][ T3860] kworker/u8:15: attempt to access beyond end of device [ 71.639511][ T3860] loop2: rw=1, sector=297, nr_sectors = 8 limit=128 [ 71.699306][ T5629] loop0: detected capacity change from 0 to 128 [ 71.717818][ T5629] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 71.792507][ T5629] ext4 filesystem being mounted at /136/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 71.850071][ T3309] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 71.873111][ T5645] sd 0:0:1:0: device reset [ 72.010243][ T5659] vlan2: entered allmulticast mode [ 72.015381][ T5659] macsec0: entered allmulticast mode [ 72.034108][ T5659] veth1_macvtap: entered allmulticast mode [ 72.161679][ T5674] loop0: detected capacity change from 0 to 1024 [ 72.191609][ T5674] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 72.219708][ T5674] ext4 filesystem being mounted at /143/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.353921][ T5683] EXT4-fs error (device loop0): ext4_free_blocks:6726: comm syz.0.724: Freeing blocks not in datazone - block = 0, count = 16 [ 72.488318][ T5691] SELinux: policydb magic number 0x6c65732f does not match expected magic number 0xf97cff8c [ 72.527907][ T5691] SELinux: failed to load policy [ 72.533446][ T83] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm kworker/u8:5: bg 0: block 112: padding at end of block bitmap is not set [ 72.569434][ T83] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 72.583054][ T83] EXT4-fs (loop0): This should not happen!! Data will be lost [ 72.583054][ T83] [ 72.592910][ T83] EXT4-fs (loop0): Total free blocks count 0 [ 72.601846][ T83] EXT4-fs (loop0): Free/Dirty block details [ 72.608027][ T83] EXT4-fs (loop0): free_blocks=16 [ 72.613388][ T83] EXT4-fs (loop0): dirty_blocks=16 [ 72.618649][ T83] EXT4-fs (loop0): Block reservation details [ 72.624928][ T83] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 72.669507][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 72.780355][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 72.780452][ T28] audit: type=1400 audit(1771445595.854:389): avc: denied { write } for pid=5716 comm="syz.0.740" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 72.813691][ T5718] netlink: 104 bytes leftover after parsing attributes in process `syz.0.740'. [ 72.824930][ T5718] netlink: 104 bytes leftover after parsing attributes in process `syz.0.740'. [ 72.955430][ T5732] sch_fq: defrate 7 ignored. [ 73.002951][ T28] audit: type=1326 audit(1771445596.074:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.065443][ T28] audit: type=1326 audit(1771445596.074:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.119338][ T28] audit: type=1326 audit(1771445596.104:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.177419][ T28] audit: type=1326 audit(1771445596.104:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.232016][ T28] audit: type=1326 audit(1771445596.104:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.258846][ T28] audit: type=1326 audit(1771445596.104:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.294323][ T28] audit: type=1326 audit(1771445596.104:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.340144][ T28] audit: type=1326 audit(1771445596.104:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.363811][ T28] audit: type=1326 audit(1771445596.114:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5734 comm="syz.0.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f831895c629 code=0x7ffc0000 [ 73.471252][ T5757] loop5: detected capacity change from 0 to 256 [ 73.491823][ T5757] FAT-fs (loop5): Directory bread(block 64) failed [ 73.520420][ T5757] FAT-fs (loop5): Directory bread(block 65) failed [ 73.529848][ T5757] FAT-fs (loop5): Directory bread(block 66) failed [ 73.538704][ T5757] FAT-fs (loop5): Directory bread(block 67) failed [ 73.547804][ T5757] FAT-fs (loop5): Directory bread(block 68) failed [ 73.554603][ T5757] FAT-fs (loop5): Directory bread(block 69) failed [ 73.561380][ T5757] FAT-fs (loop5): Directory bread(block 70) failed [ 73.567938][ T5757] FAT-fs (loop5): Directory bread(block 71) failed [ 73.574552][ T5757] FAT-fs (loop5): Directory bread(block 72) failed [ 73.581070][ T5757] FAT-fs (loop5): Directory bread(block 73) failed [ 73.803397][ T5775] loop5: detected capacity change from 0 to 512 [ 73.825116][ T5775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.839674][ T5775] ext4 filesystem being mounted at /86/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 73.927441][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 74.149895][ T5792] netlink: 'syz.2.773': attribute type 2 has an invalid length. [ 74.157545][ T5792] __nla_validate_parse: 3 callbacks suppressed [ 74.157595][ T5792] netlink: 8 bytes leftover after parsing attributes in process `syz.2.773'. [ 74.197928][ T5796] netlink: 'syz.2.773': attribute type 2 has an invalid length. [ 74.211056][ T5796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.773'. [ 74.378586][ T5781] loop1: detected capacity change from 0 to 32768 [ 74.391014][ T5781] loop1: p1 p3 < > [ 74.402161][ T5805] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.778'. [ 74.446551][ T5805] netlink: zone id is out of range [ 74.452029][ T5805] netlink: zone id is out of range [ 74.473484][ T5805] netlink: zone id is out of range [ 74.492347][ T5805] netlink: zone id is out of range [ 74.518805][ T5805] netlink: set zone limit has 8 unknown bytes [ 74.526280][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 74.551150][ T4439] udevd[4439]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 74.672681][ T5823] loop5: detected capacity change from 0 to 8192 [ 74.789198][ T5835] vhci_hcd vhci_hcd.4: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 74.831560][ T5837] loop5: detected capacity change from 0 to 1024 [ 74.882387][ T5837] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.954258][ T5841] 9pnet: p9_errstr2errno: server reported unknown error 0x000000 [ 74.984647][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.170736][ T5867] xt_CT: You must specify a L4 protocol and not use inversions on it [ 75.208171][ T5867] netlink: 20 bytes leftover after parsing attributes in process `syz.2.805'. [ 75.245295][ T5877] netlink: 8 bytes leftover after parsing attributes in process `syz.2.810'. [ 75.439895][ T5877] loop2: detected capacity change from 0 to 8192 [ 75.476082][ T5886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 75.516434][ T3299] loop2: p1 < > p2 p4 < p5 > [ 75.521357][ T3299] loop2: partition table partially beyond EOD, truncated [ 75.524806][ T5886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 75.536481][ T3299] loop2: p1 start 134217728 is beyond EOD, truncated [ 75.552728][ T3299] loop2: p2 size 591360 extends beyond EOD, truncated [ 75.593792][ T3299] loop2: p5 size 591360 extends beyond EOD, truncated [ 75.606610][ T5877] loop2: p1 < > p2 p4 < p5 > [ 75.611336][ T5877] loop2: partition table partially beyond EOD, truncated [ 75.620060][ T5877] loop2: p1 start 134217728 is beyond EOD, truncated [ 75.627491][ T5877] loop2: p2 size 591360 extends beyond EOD, truncated [ 75.636989][ T5877] loop2: p5 size 591360 extends beyond EOD, truncated [ 75.725138][ T4440] udevd[4440]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 75.725150][ T4439] udevd[4439]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 75.727200][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 75.767581][ T4439] udevd[4439]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 75.767702][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 75.778592][ T4440] udevd[4440]: inotify_add_watch(7, /dev/loop2p5, 10) failed: No such file or directory [ 76.129329][ T3860] Bluetooth: hci0: Frame reassembly failed (-84) [ 76.339928][ T5926] -1: renamed from syzkaller0 [ 76.609073][ T5936] bond0: (slave dummy0): Releasing backup interface [ 76.631126][ T5936] bridge_slave_0: left allmulticast mode [ 76.636836][ T5936] bridge_slave_0: left promiscuous mode [ 76.642736][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.652743][ T5936] bridge_slave_1: left allmulticast mode [ 76.658390][ T5936] bridge_slave_1: left promiscuous mode [ 76.664168][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.674029][ T5936] bond0: (slave bond_slave_0): Releasing backup interface [ 76.690542][ T5936] bond0: (slave bond_slave_1): Releasing backup interface [ 76.726966][ T5936] team0: Port device team_slave_0 removed [ 76.741955][ T5936] team0: Port device team_slave_1 removed [ 76.746116][ T5941] loop0: detected capacity change from 0 to 512 [ 76.748902][ T5936] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 76.772586][ T5936] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 76.782206][ T5941] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.796786][ T5936] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 76.797188][ T5941] EXT4-fs (loop0): shut down requested (1) [ 76.815072][ T5936] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.828626][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.840822][ T5936] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 76.936196][ T5951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.837'. [ 77.173117][ T5960] loop2: detected capacity change from 0 to 1024 [ 77.195601][ T5960] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 77.244627][ T5960] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 77.327290][ T5960] EXT4-fs error (device loop2): ext4_map_blocks:818: inode #15: block 3: comm syz.2.841: lblock 3 mapped to illegal pblock 3 (length 3) [ 77.373956][ T5970] loop5: detected capacity change from 0 to 1024 [ 77.384918][ T5960] EXT4-fs (loop2): Remounting filesystem read-only [ 77.389969][ T5970] EXT4-fs: inline encryption not supported [ 77.421223][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 77.421572][ T5970] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.517507][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.560619][ T5982] loop5: detected capacity change from 0 to 512 [ 77.577534][ T5982] EXT4-fs: Ignoring removed oldalloc option [ 77.606284][ T5982] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.639303][ T5982] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 77.667689][ T5982] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.852: bg 0: block 217: padding at end of block bitmap is not set [ 77.718951][ T5982] EXT4-fs (loop5): Remounting filesystem read-only [ 77.792199][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.909812][ T5994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.857'. [ 77.951846][ T5994] team1: entered promiscuous mode [ 77.957243][ T5994] team1: entered allmulticast mode [ 77.968117][ T5994] 8021q: adding VLAN 0 to HW filter on device team1 [ 78.154234][ T83] Bluetooth: hci1: Frame reassembly failed (-84) [ 78.154301][ T28] kauditd_printk_skb: 17 callbacks suppressed [ 78.154392][ T28] audit: type=1400 audit(1771445601.224:416): avc: denied { ioctl } for pid=6016 comm="syz.0.865" path="socket:[16189]" dev="sockfs" ino=16189 ioctlcmd=0x48cc scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 78.189576][ T3592] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 78.197790][ T5919] Bluetooth: hci0: command 0x1003 tx timeout [ 78.223628][ T6021] netlink: 'syz.1.866': attribute type 4 has an invalid length. [ 78.236006][ T6021] netlink: 'syz.1.866': attribute type 4 has an invalid length. [ 78.271717][ T6025] loop2: detected capacity change from 0 to 256 [ 78.286654][ T6025] FAT-fs (loop2): Directory bread(block 64) failed [ 78.297783][ T6025] FAT-fs (loop2): Directory bread(block 65) failed [ 78.304389][ T6025] FAT-fs (loop2): Directory bread(block 66) failed [ 78.311133][ T6025] FAT-fs (loop2): Directory bread(block 67) failed [ 78.317686][ T6025] FAT-fs (loop2): Directory bread(block 68) failed [ 78.324260][ T6025] FAT-fs (loop2): Directory bread(block 69) failed [ 78.330839][ T6025] FAT-fs (loop2): Directory bread(block 70) failed [ 78.337403][ T6025] FAT-fs (loop2): Directory bread(block 71) failed [ 78.343934][ T6025] FAT-fs (loop2): Directory bread(block 72) failed [ 78.351047][ T6025] FAT-fs (loop2): Directory bread(block 73) failed [ 78.528554][ T28] audit: type=1400 audit(1771445601.594:417): avc: denied { write } for pid=6040 comm="syz.2.874" path="socket:[16212]" dev="sockfs" ino=16212 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 78.986816][ T28] audit: type=1400 audit(1771445602.044:418): avc: denied { cmd } for pid=6057 comm="syz.5.880" path="socket:[15306]" dev="sockfs" ino=15306 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 79.061940][ T6068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.884'. [ 79.070920][ T6068] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 79.354243][ T6068] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 79.951010][ T6081] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.958755][ T6081] bridge_slave_1: left allmulticast mode [ 79.967904][ T6081] bridge_slave_1: left promiscuous mode [ 79.973877][ T6081] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.014424][ T28] audit: type=1400 audit(1771445603.084:419): avc: denied { setopt } for pid=6087 comm="syz.3.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 80.051039][ T6091] Set syz1 is full, maxelem 6117 reached [ 80.150629][ T6099] process 'syz.3.896' launched '/dev/fd/3' with NULL argv: empty string added [ 80.159583][ T28] audit: type=1400 audit(1771445603.224:420): avc: denied { execute } for pid=6098 comm="syz.3.896" dev="hugetlbfs" ino=15340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 80.190257][ T43] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 80.207294][ T28] audit: type=1400 audit(1771445603.234:421): avc: denied { execute_no_trans } for pid=6098 comm="syz.3.896" path=2F6D656D66643A202864656C6574656429 dev="hugetlbfs" ino=15340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 80.272918][ T28] audit: type=1400 audit(1771445603.334:422): avc: denied { remount } for pid=6102 comm="syz.3.898" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 80.415905][ T6123] loop3: detected capacity change from 0 to 1024 [ 80.436442][ T6123] EXT4-fs: inline encryption not supported [ 80.573430][ T6123] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.609069][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.660726][ T6147] loop3: detected capacity change from 0 to 1024 [ 80.667543][ T6147] EXT4-fs: Ignoring removed orlov option [ 80.682739][ T6147] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.877357][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.430835][ T28] audit: type=1400 audit(1771445604.504:423): avc: denied { bind } for pid=6160 comm="syz.0.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 81.434771][ T6164] loop3: detected capacity change from 0 to 256 [ 81.454403][ T28] audit: type=1400 audit(1771445604.504:424): avc: denied { kexec_image_load } for pid=6160 comm="syz.0.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 81.777030][ T6179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'. [ 82.068368][ T6193] loop0: detected capacity change from 0 to 512 [ 82.084173][ T6193] EXT4-fs (loop0): 1 truncate cleaned up [ 82.090473][ T6193] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.179991][ T6196] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.935: bg 0: block 465: padding at end of block bitmap is not set [ 82.194561][ T6196] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6687: Corrupt filesystem [ 82.203565][ T6196] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #13: comm syz.0.935: invalid indirect mapped block 234881024 (level 0) [ 82.455943][ T6198] netlink: 24 bytes leftover after parsing attributes in process `syz.2.936'. [ 82.475383][ T3309] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.507827][ T83] Bluetooth: hci0: Frame reassembly failed (-84) [ 82.934063][ T6219] netlink: 1363 bytes leftover after parsing attributes in process `syz.5.946'. [ 83.661557][ T6223] netlink: 104 bytes leftover after parsing attributes in process `syz.5.950'. [ 83.751610][ T3398] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 83.759118][ T3398] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 83.768295][ T3398] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 83.787601][ T3398] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 83.927943][ T6240] veth4: entered promiscuous mode [ 83.933895][ T6240] veth4: entered allmulticast mode [ 84.038249][ T6251] netlink: 24 bytes leftover after parsing attributes in process `syz.5.958'. [ 84.102525][ T6255] loop2: detected capacity change from 0 to 7 [ 84.136570][ T6257] netlink: 24 bytes leftover after parsing attributes in process `syz.5.962'. [ 84.154038][ T6259] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 84.511452][ T3592] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 84.523747][ T6278] netlink: 8 bytes leftover after parsing attributes in process `syz.5.969'. [ 84.539331][ T6280] netlink: 'syz.0.970': attribute type 13 has an invalid length. [ 84.824731][ T6300] netlink: 60 bytes leftover after parsing attributes in process `syz.3.978'. [ 84.859390][ T6295] netlink: 60 bytes leftover after parsing attributes in process `syz.3.978'. [ 84.889965][ T6306] netlink: 'syz.1.982': attribute type 13 has an invalid length. [ 84.936070][ T6310] netlink: 'syz.0.983': attribute type 4 has an invalid length. [ 84.992606][ T6314] netlink: 'syz.0.983': attribute type 4 has an invalid length. [ 85.175519][ T6322] netlink: 'syz.2.989': attribute type 4 has an invalid length. [ 85.208491][ T6322] netlink: 'syz.2.989': attribute type 4 has an invalid length. [ 85.915368][ T28] audit: type=1400 audit(1771445608.984:425): avc: denied { create } for pid=6344 comm="syz.3.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 85.938262][ T28] audit: type=1400 audit(1771445609.004:426): avc: denied { bind } for pid=6344 comm="syz.3.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 86.316302][ T6364] netlink: 'syz.5.1001': attribute type 13 has an invalid length. [ 86.422511][ T6372] loop3: detected capacity change from 0 to 512 [ 86.436431][ T6372] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 86.449916][ T6372] EXT4-fs (loop3): 1 truncate cleaned up [ 86.456150][ T6372] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.493746][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 86.504249][ T28] audit: type=1400 audit(1771445609.554:427): avc: denied { create } for pid=6371 comm="syz.3.1004" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 87.099337][ T28] audit: type=1400 audit(1771445610.164:428): avc: denied { open } for pid=6379 comm="syz.3.1007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 87.127317][ T28] audit: type=1400 audit(1771445610.164:429): avc: denied { kernel } for pid=6379 comm="syz.3.1007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 87.201718][ T30] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.220360][ T30] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.237859][ T6387] loop1: detected capacity change from 0 to 128 [ 87.245208][ T30] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.259341][ T30] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.379777][ T28] audit: type=1400 audit(1771445610.444:430): avc: denied { tracepoint } for pid=6395 comm="syz.5.1013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 87.401941][ T6397] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=6397 comm=syz.5.1013 [ 87.481584][ T3866] bio_check_eod: 40 callbacks suppressed [ 87.481597][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.481597][ T3866] loop1: rw=1, sector=145, nr_sectors = 16 limit=128 [ 87.519761][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.519761][ T3866] loop1: rw=1, sector=169, nr_sectors = 8 limit=128 [ 87.546576][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.546576][ T3866] loop1: rw=1, sector=185, nr_sectors = 8 limit=128 [ 87.562195][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.562195][ T3866] loop1: rw=1, sector=201, nr_sectors = 8 limit=128 [ 87.595771][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.595771][ T3866] loop1: rw=1, sector=217, nr_sectors = 8 limit=128 [ 87.610096][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.610096][ T3866] loop1: rw=1, sector=233, nr_sectors = 8 limit=128 [ 87.633970][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.633970][ T3866] loop1: rw=1, sector=249, nr_sectors = 8 limit=128 [ 87.647715][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.647715][ T3866] loop1: rw=1, sector=265, nr_sectors = 8 limit=128 [ 87.661436][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.661436][ T3866] loop1: rw=1, sector=281, nr_sectors = 8 limit=128 [ 87.675121][ T3866] kworker/u8:17: attempt to access beyond end of device [ 87.675121][ T3866] loop1: rw=1, sector=297, nr_sectors = 8 limit=128 [ 87.714926][ T3852] bridge_slave_1: left allmulticast mode [ 87.758153][ T3852] bridge_slave_1: left promiscuous mode [ 87.767489][ T3852] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.775334][ T3852] bridge_slave_0: left allmulticast mode [ 87.781708][ T3852] bridge_slave_0: left promiscuous mode [ 87.787499][ T3852] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.861414][ T3852] bond1 (unregistering): (slave geneve2): Releasing active interface [ 87.951611][ T3852] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.972018][ T3852] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.991148][ T3852] bond0 (unregistering): Released all slaves [ 88.008552][ T3852] bond1 (unregistering): Released all slaves [ 88.022721][ T3852] bond2 (unregistering): Released all slaves [ 88.208083][ T3852] hsr_slave_0: left promiscuous mode [ 88.228031][ T3852] hsr_slave_1: left promiscuous mode [ 88.235963][ T3852] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.249384][ T6443] loop3: detected capacity change from 0 to 128 [ 88.255958][ T3852] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.320805][ T3852] team0 (unregistering): Port device team_slave_1 removed [ 88.339687][ T3852] team0 (unregistering): Port device team_slave_0 removed [ 88.361617][ T6448] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1027'. [ 88.383984][ T3852] team0 (unregistering): Port device dummy0 removed [ 88.398213][ T6448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1027'. [ 88.505134][ T28] audit: type=1400 audit(1771445611.574:431): avc: denied { write } for pid=6456 comm="syz.1.1028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 88.571842][ T6398] chnl_net:caif_netlink_parms(): no params data found [ 88.653553][ T6398] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.661553][ T6398] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.668677][ T6398] bridge_slave_0: entered allmulticast mode [ 88.675440][ T6398] bridge_slave_0: entered promiscuous mode [ 88.682305][ T6398] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.689418][ T6398] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.696769][ T6398] bridge_slave_1: entered allmulticast mode [ 88.703387][ T6398] bridge_slave_1: entered promiscuous mode [ 88.738549][ T6398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.758432][ T6398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.781903][ T6398] team0: Port device team_slave_0 added [ 88.795956][ T6398] team0: Port device team_slave_1 added [ 88.818395][ T6398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.825515][ T6398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.854803][ T6398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.867437][ T6398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.880639][ T6398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.910710][ T6398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.975302][ T28] audit: type=1326 audit(1771445612.044:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6426 comm="syz.5.1020" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12232fc629 code=0x7fc00000 [ 89.040195][ T6499] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1034'. [ 89.158887][ T6398] hsr_slave_0: entered promiscuous mode [ 89.165174][ T6398] hsr_slave_1: entered promiscuous mode [ 89.482068][ T6398] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 89.585188][ T6398] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 89.598459][ T6398] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 89.617520][ T6398] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 89.704815][ T6398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.733910][ T6398] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.761513][ T3852] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.768563][ T3852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.777580][ T3852] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.784796][ T3852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.874517][ T6398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.101148][ T6398] veth0_vlan: entered promiscuous mode [ 90.140644][ T6398] veth1_vlan: entered promiscuous mode [ 90.164056][ T6398] veth0_macvtap: entered promiscuous mode [ 90.177286][ T6398] veth1_macvtap: entered promiscuous mode [ 90.264402][ T6568] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.271622][ T6568] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.279137][ T6573] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1045'. [ 90.404950][ T6568] veth1_macvtap: left allmulticast mode [ 90.440227][ T30] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.458139][ T30] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.488791][ T30] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.512144][ T30] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.538127][ T6398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.564795][ T6398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.596741][ T3852] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.621431][ T3852] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.646340][ T6582] lo: Caught tx_queue_len zero misconfig [ 90.664517][ T3852] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.683619][ T3852] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.733767][ T28] audit: type=1400 audit(1771445613.794:433): avc: denied { mounton } for pid=6398 comm="syz-executor" path="/root/syzkaller.8JkocN/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=17358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 90.819738][ T28] audit: type=1400 audit(1771445613.834:434): avc: denied { mount } for pid=6398 comm="syz-executor" name="/" dev="gadgetfs" ino=4600 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 90.833836][ T6589] loop1: detected capacity change from 0 to 512 [ 91.054948][ T28] audit: type=1326 audit(1771445614.124:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6569 comm="syz.5.1044" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f12232fc629 code=0x7fc00000 [ 91.361053][ T6613] loop5: detected capacity change from 0 to 128 [ 91.377848][ T6613] EXT4-fs: test_dummy_encryption option not supported [ 91.499900][ T6620] sd 0:0:1:0: device reset [ 91.906144][ T6625] loop1: detected capacity change from 0 to 1024 [ 91.920138][ T6625] EXT4-fs: Ignoring removed nomblk_io_submit option [ 91.954978][ T6625] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.247205][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.450098][ T6650] xt_hashlimit: size too large, truncated to 1048576 [ 92.491703][ T28] audit: type=1400 audit(1771445615.564:436): avc: denied { name_bind } for pid=6649 comm="syz.1.1073" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 92.786987][ T6666] sit0: Caught tx_queue_len zero misconfig [ 92.850032][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1082'. [ 92.892460][ T6673] loop6: detected capacity change from 0 to 128 [ 92.905896][ T28] audit: type=1400 audit(1771445615.974:437): avc: denied { mounton } for pid=6672 comm="syz.6.1083" path="/15/file0" dev="loop6" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 92.975466][ T6675] loop6: detected capacity change from 0 to 7 [ 92.989779][ T3592] Bluetooth: hci0: command 0x1003 tx timeout [ 92.989774][ T43] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 93.177430][ T6693] loop1: detected capacity change from 0 to 512 [ 93.186303][ T6685] loop3: detected capacity change from 0 to 8192 [ 93.205029][ T6693] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.218188][ T6693] ext4 filesystem being mounted at /221/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.248142][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.295589][ T6698] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1093'. [ 93.312627][ T6700] loop3: detected capacity change from 0 to 1024 [ 93.326170][ T6700] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 93.334362][ T6700] System zones: 0-1, 3-36 [ 93.340107][ T6700] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.1094: bad orphan inode 134217728 [ 93.350972][ T6700] loop3: lost filesystem error report for type 5 error -117 [ 93.351610][ T6700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.461324][ T6706] syzkaller1: entered promiscuous mode [ 93.466814][ T6706] syzkaller1: entered allmulticast mode [ 93.706568][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.735709][ T6709] pim6reg: entered allmulticast mode [ 93.743968][ T6709] pim6reg: left allmulticast mode [ 93.833812][ T6725] loop6: detected capacity change from 0 to 128 [ 93.840784][ T6725] EXT4-fs: Ignoring removed nobh option [ 93.858543][ T6725] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 93.870894][ T6725] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 93.885605][ T28] audit: type=1400 audit(1771445616.954:438): avc: denied { setattr } for pid=6724 comm="syz.6.1103" path="/21/mnt/file1" dev="loop6" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 93.965872][ T6398] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 94.085098][ T28] audit: type=1400 audit(1771445617.154:439): avc: denied { module_load } for pid=6739 comm="syz.1.1117" path=2F6D656D66643A20C736BE918D183229219A25A2D238D606070EFCFE128F2613AE254054A3B03E5CECA9F951403641108C6E7C202864656C6574656429 dev="hugetlbfs" ino=18698 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=system permissive=1 [ 94.107941][ T6741] Invalid ELF header magic: != ELF [ 94.125201][ T6742] loop2: detected capacity change from 0 to 1024 [ 94.142568][ T6742] EXT4-fs: Ignoring removed nomblk_io_submit option [ 94.157382][ T28] audit: type=1400 audit(1771445617.204:440): avc: denied { shutdown } for pid=6737 comm="syz.6.1105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 94.182795][ T6745] loop6: detected capacity change from 0 to 1024 [ 94.197465][ T6745] EXT4-fs: Ignoring removed orlov option [ 94.212095][ T6742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.230742][ T6745] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.333938][ T6398] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.480227][ T6764] pim6reg1: entered promiscuous mode [ 94.500084][ T6764] pim6reg1: entered allmulticast mode [ 94.538877][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.630271][ T6776] usb usb8: usbfs: interface 0 claimed by hub while 'syz.5.1121' sets config #0 [ 94.894580][ T6790] loop1: detected capacity change from 0 to 8192 [ 94.977498][ T6801] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 94.989468][ T6801] System zones: 0-1, 3-36 [ 94.995485][ T6801] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.1128: bad orphan inode 134217728 [ 95.008648][ T6801] loop2: lost filesystem error report for type 5 error -117 [ 95.009540][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 95.020272][ T6801] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.023266][ C1] EXT4-fs (loop2): initial error at time 1771445618: ext4_orphan_get:1417 [ 95.044170][ C1] EXT4-fs (loop2): last error at time 1771445618: ext4_orphan_get:1417 [ 95.099127][ T6805] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.124310][ T6805] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.147575][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.316716][ T6820] pim6reg1: entered promiscuous mode [ 95.322630][ T6820] pim6reg1: entered allmulticast mode [ 95.345058][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.365910][ T6823] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1135'. [ 95.405541][ T6826] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1137'. [ 95.422633][ T28] audit: type=1326 audit(1771445618.494:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6772 comm="syz.6.1119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99a306c629 code=0x7fc00000 [ 95.565439][ T6846] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1144'. [ 95.607785][ T6848] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 95.615977][ T6848] System zones: 0-1, 3-36 [ 95.625363][ T6848] EXT4-fs error (device loop6): ext4_orphan_get:1417: comm syz.6.1145: bad orphan inode 134217728 [ 95.636851][ T6848] loop6: lost filesystem error report for type 5 error -117 [ 95.637372][ T6848] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.669189][ T6853] EXT4-fs: Ignoring removed nomblk_io_submit option [ 95.691804][ T6853] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 95.903620][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.916428][ T6859] bio_check_eod: 63 callbacks suppressed [ 95.916508][ T6859] syz.5.1148: attempt to access beyond end of device [ 95.916508][ T6859] loop5: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 96.029475][ T6398] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.051365][ T28] audit: type=1400 audit(1771445619.124:442): avc: denied { create } for pid=6864 comm="syz.2.1151" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 96.073615][ T6863] pim6reg1: entered promiscuous mode [ 96.078987][ T6863] pim6reg1: entered allmulticast mode [ 96.135503][ T3852] Bluetooth: hci0: Frame reassembly failed (-84) [ 96.259855][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.278896][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.288548][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.297383][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.320799][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.331431][ T6892] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1162'. [ 96.344614][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.371283][ T6887] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 96.397520][ T6894] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 96.414092][ T6894] System zones: 0-1, 3-36 [ 96.420023][ T6887] vhci_hcd vhci_hcd.0: pdev(3) rhport(7) sockfd(17) [ 96.426603][ T6887] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 96.435733][ T6894] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.1163: bad orphan inode 134217728 [ 96.446746][ T28] audit: type=1400 audit(1771445619.504:443): avc: denied { execute } for pid=6898 comm="syz.5.1165" name="file0" dev="ramfs" ino=19837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 96.468674][ T28] audit: type=1400 audit(1771445619.504:444): avc: denied { execute_no_trans } for pid=6898 comm="syz.5.1165" path="/file0" dev="ramfs" ino=19837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 96.470122][ T6887] vhci_hcd vhci_hcd.0: Device attached [ 96.491404][ T28] audit: type=1400 audit(1771445619.504:445): avc: denied { listen } for pid=6899 comm="syz.2.1166" lport=53229 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 96.502387][ T6894] loop1: lost filesystem error report for type 5 error -117 [ 96.520488][ T28] audit: type=1400 audit(1771445619.504:446): avc: denied { accept } for pid=6899 comm="syz.2.1166" lport=53229 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 96.538735][ T6894] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.584591][ T6901] vhci_hcd: connection closed [ 96.584868][ T83] vhci_hcd vhci_hcd.3: stop threads [ 96.604536][ T83] vhci_hcd vhci_hcd.3: release socket [ 96.610041][ T83] vhci_hcd vhci_hcd.3: disconnect device [ 96.669725][ T1032] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 96.694763][ T6910] syzkaller0: entered promiscuous mode [ 96.700454][ T6910] syzkaller0: entered allmulticast mode [ 96.831758][ T6917] EXT4-fs (loop5): orphan cleanup on readonly fs [ 96.841056][ T6917] EXT4-fs (loop5): 1 truncate cleaned up [ 96.848679][ T6917] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 96.872337][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.901558][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.930092][ T6922] set_capacity_and_notify: 7 callbacks suppressed [ 96.930108][ T6922] loop1: detected capacity change from 0 to 512 [ 96.945992][ T6922] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.958692][ T6922] ext4 filesystem being mounted at /239/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 97.136493][ T6933] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1177'. [ 97.179133][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1177'. [ 97.527138][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.189786][ T43] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 98.190069][ T3592] Bluetooth: hci0: command 0x1003 tx timeout [ 98.231229][ T6956] loop6: detected capacity change from 0 to 1024 [ 98.231801][ T6953] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1187'. [ 98.238607][ T6956] EXT4-fs: Ignoring removed nomblk_io_submit option [ 98.279087][ T6956] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.331933][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.346049][ T6965] xt_hashlimit: size too large, truncated to 1048576 [ 98.354648][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.375342][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.396627][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.410659][ T6970] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1191'. [ 98.441845][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.466500][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.491557][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.499610][ T6973] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1192'. [ 98.523997][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.534635][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.542289][ T3398] hid-generic 0103:0004:0000.0003: unknown main item tag 0x0 [ 98.551055][ T6977] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1193'. [ 98.568806][ T3398] hid-generic 0103:0004:0000.0003: hidraw0: HID v0.02 Device [syz0] on syz1 [ 98.603594][ T6983] loop3: detected capacity change from 0 to 128 [ 98.616764][ T6981] fido_id[6981]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 98.630324][ T6983] FAT-fs (loop3): bogus number of reserved sectors [ 98.649624][ T6983] FAT-fs (loop3): This looks like a DOS 1.x volume, but isn't a recognized floppy size (128 sectors) [ 98.663824][ T6983] FAT-fs (loop3): Can't find a valid FAT filesystem [ 98.665613][ T6980] syzkaller0: entered promiscuous mode [ 98.702259][ T6985] loop2: detected capacity change from 0 to 1024 [ 98.705758][ T6398] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.709361][ T6980] syzkaller0: entered allmulticast mode [ 98.743053][ T6985] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 98.761533][ T6985] System zones: 0-1, 3-36 [ 98.771746][ T6985] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.1196: bad orphan inode 134217728 [ 98.782962][ T6985] loop2: lost filesystem error report for type 5 error -117 [ 98.783608][ T6985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.167887][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.220570][ T7005] loop3: detected capacity change from 0 to 1024 [ 99.228963][ T7005] EXT4-fs: Ignoring removed orlov option [ 99.264836][ T7005] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 99.307923][ T7005] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.616526][ T7023] loop5: detected capacity change from 0 to 1024 [ 99.643810][ T6994] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.653738][ T6994] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.666457][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.685840][ T7023] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.807003][ T6994] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.838587][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.839312][ T6994] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.934441][ T3846] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.952142][ T3846] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.999810][ T3846] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.019201][ T3846] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.094926][ T7070] loop6: detected capacity change from 0 to 1024 [ 100.140446][ T7070] EXT4-fs (loop6): orphan cleanup on readonly fs [ 100.145060][ T7074] loop1: detected capacity change from 0 to 128 [ 100.168271][ T7070] EXT4-fs (loop6): 1 truncate cleaned up [ 100.214631][ T7070] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 100.237191][ T7074] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.287659][ T7074] ext4 filesystem being mounted at /246/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.309335][ T7089] netlink: 'syz.5.1225': attribute type 1 has an invalid length. [ 100.318775][ T6398] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.363319][ T28] audit: type=1326 audit(1771445623.434:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7094 comm="syz.3.1228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f899a91c629 code=0x0 [ 100.374632][ T7089] bond1: entered promiscuous mode [ 100.391638][ T7089] bond1: entered allmulticast mode [ 100.396942][ T7089] 8021q: adding VLAN 0 to HW filter on device bond1 [ 100.431318][ T3315] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.447079][ T7089] macvlan2: entered promiscuous mode [ 100.452559][ T7089] macvlan2: entered allmulticast mode [ 100.459198][ T7089] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 100.645364][ T7118] netlink: 'syz.1.1231': attribute type 1 has an invalid length. [ 100.646450][ T7115] loop5: detected capacity change from 0 to 512 [ 100.659617][ T7118] netlink: 'syz.1.1231': attribute type 2 has an invalid length. [ 100.667335][ T7118] __nla_validate_parse: 1 callbacks suppressed [ 100.667349][ T7118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1231'. [ 100.688221][ T7115] EXT4-fs error (device loop5): ext4_orphan_get:1391: inode #15: comm syz.5.1230: inode has both inline data and extents flags [ 100.711443][ T7115] loop5: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 100.711684][ T7115] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.1230: couldn't read orphan inode 15 (err -117) [ 100.720858][ C1] EXT4-fs (loop5): error count since last fsck: 1 [ 100.720881][ C1] EXT4-fs (loop5): initial error at time 1771445623: ext4_orphan_get:1391: inode 15 [ 100.720913][ C1] EXT4-fs (loop5): last error at time 1771445623: ext4_orphan_get:1391: inode 15 [ 100.757849][ T7115] loop5: lost filesystem error report for type 5 error -117 [ 100.758399][ T7115] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.810038][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.148645][ T7140] io-wq is not configured for unbound workers [ 101.249742][ T7149] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1237'. [ 101.304031][ T7151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1238'. [ 101.314983][ T28] audit: type=1400 audit(1771445624.374:448): avc: denied { bind } for pid=7150 comm="syz.1.1238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 101.375885][ T28] audit: type=1400 audit(1771445624.374:449): avc: denied { setopt } for pid=7150 comm="syz.1.1238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 101.409781][ T28] audit: type=1400 audit(1771445624.424:450): avc: denied { execute_no_trans } for pid=7152 comm="syz.3.1239" path="/261/file0" dev="tmpfs" ino=1374 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 101.860479][ T7175] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1245'. [ 101.894836][ T7178] loop2: detected capacity change from 0 to 7 [ 101.911593][ T3299] loop2: [ 101.915391][ T30] Bluetooth: hci0: Frame reassembly failed (-84) [ 101.930946][ T7178] loop2: [ 101.965151][ T2999] loop2: [ 101.987871][ T28] audit: type=1400 audit(1771445625.054:451): avc: denied { read write } for pid=7182 comm="syz.6.1247" name="usbmon6" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 102.062345][ T28] audit: type=1400 audit(1771445625.084:452): avc: denied { open } for pid=7182 comm="syz.6.1247" path="/dev/usbmon6" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 102.631607][ T28] audit: type=1400 audit(1771445625.704:453): avc: denied { read } for pid=7200 comm="syz.6.1255" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 102.745867][ T7204] loop2: detected capacity change from 0 to 128 [ 102.809202][ T7204] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.840813][ T7204] ext4 filesystem being mounted at /233/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 102.921123][ T3316] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.624948][ T83] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.639268][ T83] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.652559][ T83] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.673904][ T83] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.673948][ T7218] loop5: detected capacity change from 0 to 1024 [ 103.694420][ T7218] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e040c01c, mo2=0002] [ 103.694670][ T7221] loop2: detected capacity change from 0 to 2048 [ 103.713393][ T7218] System zones: 0-1, 3-36 [ 103.724630][ T3866] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.728556][ T7218] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.1260: bad orphan inode 134217728 [ 103.737424][ T7221] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.744812][ T7218] loop5: lost filesystem error report for type 5 error -117 [ 103.756674][ T3866] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.757080][ T7218] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.764050][ T3866] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 103.794413][ T3866] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.917534][ T3316] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.927656][ T7234] ================================================================== [ 103.935738][ T7234] BUG: KCSAN: data-race in filemap_read / filemap_read [ 103.942583][ T7234] [ 103.944896][ T7234] read to 0xffff88811c918468 of 8 bytes by task 7218 on cpu 1: [ 103.952427][ T7234] filemap_read+0x6f/0xa10 [ 103.956846][ T7234] generic_file_read_iter+0x79/0x330 [ 103.962132][ T7234] ext4_file_read_iter+0x1cc/0x290 [ 103.967255][ T7234] copy_splice_read+0x471/0x6c0 [ 103.972111][ T7234] splice_direct_to_actor+0x28f/0x670 [ 103.977477][ T7234] do_splice_direct+0x119/0x1a0 [ 103.979778][ T43] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 103.982340][ T7234] do_sendfile+0x382/0x650 [ 103.992795][ T7234] __x64_sys_sendfile64+0x105/0x150 [ 103.997989][ T7234] x64_sys_call+0x2dc4/0x3020 [ 104.002660][ T7234] do_syscall_64+0x12c/0x370 [ 104.007246][ T7234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.013125][ T7234] [ 104.015433][ T7234] write to 0xffff88811c918468 of 8 bytes by task 7234 on cpu 0: [ 104.023048][ T7234] filemap_read+0x98d/0xa10 [ 104.027544][ T7234] generic_file_read_iter+0x79/0x330 [ 104.032819][ T7234] ext4_file_read_iter+0x1cc/0x290 [ 104.037935][ T7234] copy_splice_read+0x471/0x6c0 [ 104.042790][ T7234] splice_direct_to_actor+0x28f/0x670 [ 104.048148][ T7234] do_splice_direct+0x119/0x1a0 [ 104.052983][ T7234] do_sendfile+0x382/0x650 [ 104.057391][ T7234] __x64_sys_sendfile64+0x105/0x150 [ 104.062576][ T7234] x64_sys_call+0x2dc4/0x3020 [ 104.067245][ T7234] do_syscall_64+0x12c/0x370 [ 104.071835][ T7234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.077715][ T7234] [ 104.080021][ T7234] value changed: 0x0000000000000130 -> 0x0000000000000131 [ 104.087106][ T7234] [ 104.089415][ T7234] Reported by Kernel Concurrency Sanitizer on: [ 104.095559][ T7234] CPU: 0 UID: 0 PID: 7234 Comm: syz.5.1260 Not tainted syzkaller #0 PREEMPT(full) [ 104.104833][ T7234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 104.114874][ T7234] ================================================================== [ 104.258738][ T4408] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.