last executing test programs: 1m33.935793788s ago: executing program 32 (id=85): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x3) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10, 0x3}}}}}}, 0x0) 1m25.735998742s ago: executing program 33 (id=288): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x18) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x24, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r2}, &(0x7f0000000700), &(0x7f0000000740)=r1}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000002c0)={r2, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20) 1m24.964557695s ago: executing program 2 (id=308): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x3) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000300)=@gcm_256={{0x304}, "62648f4b35b737b9", "21c20c7e7ad9ecfe5bccea278546791cbaf728f83c0a7efa8e26655613653bb4", '\x00', "01d787a90d233d89"}, 0x38) 1m24.871178452s ago: executing program 34 (id=309): syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f00000001c0)=ANY=[@ANYRES8=0x0], 0x4, 0x26d, &(0x7f00000005c0)="$eJzs281OE18Yx/EfL/8/CMJUURSM8YludDOBegUNgcTYRIPU+JKYDDLVpkNLOg2mxgg7t14HcenOxHgDbLwCF+7YuGRhHMNMLS2UqAuZaL+fzXnI4deck+dMcxadnXuvV8vF0C16dfX3mQalTe1KGfVrQIm+5tgf1/+r3aauTeQ/Xbxz/8HNXD4/v2i2kFu6njWz8Uvvn714c/lDffTu2/F3Q9rOPNr5kv28Pbk9tfNt6WkptFJolWrdPFuuVuvecuDbSiksu2a3A98LfStVQr/WMV8MqmtrDfMqK2MjazU/DM2rNKzsN6xetXqtYd4Tr1Qx13VtbET4mcLW4qKXS3sV+LNqtZw3J2n60ExhK5UFAQCAVHH/72Xc/3vB3v3/YfP57cT9HwAAAAAAAAAAAAAAAAAAAACAv8FuFDlRFDk/xv+k+A2fqPn3CUkjkkYlnZQ0JmlckiMpI+mUpNOSJiSdkXRW0qSkc5LOS5pq+6y094rDjur/AP3vCTz/vY3+97a2F3eHpdVX64X1QjIm87miSgrka0aOvsa9bErqhRv5+RmLZXRhdaOZ31gvDHTmZ+XsHZhu+dkkb535ofjctfJZOXsHrFs+2zU/rKtX2vKuHH18rKoCrcRncj//ctZs7lb+QH46/r9/nWstXfvnukfNJ/lfOB/RTNf+DGp6MN29Qwobz8teEPg1CgoKilaR9jcTjsN+09NeCQAAAAAAAAAAAAAAAADgdxzHzwnT3iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd9DwAA//+TC2AL") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) unlink(&(0x7f0000000300)='./file1\x00') ftruncate(r0, 0x8201) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa140d3, 0x0, 0x1, 0x0, &(0x7f0000000d40)) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9) 1m24.823648436s ago: executing program 2 (id=312): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000740), 0x1, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x67, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) 1m24.799680068s ago: executing program 2 (id=313): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f00000009c0)={[{@errors_remount}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x2, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=") mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00') 1m24.535531269s ago: executing program 2 (id=314): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d80)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0x10000000000000}, 0x18) setrlimit(0x9, &(0x7f0000000000)) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) 1m24.049311819s ago: executing program 2 (id=320): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}, @IFLA_PROTO_DOWN={0x5}]}, 0x44}}, 0x0) 1m23.997186223s ago: executing program 35 (id=320): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}, @IFLA_PROTO_DOWN={0x5}]}, 0x44}}, 0x0) 1m23.840648395s ago: executing program 0 (id=325): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='signal_generate\x00', r0}, 0x10) r1 = gettid() tkill(r1, 0x21) 1m23.766053972s ago: executing program 0 (id=327): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102"], 0x50) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]}) utimes(&(0x7f0000000080)='./file0\x00', 0x0) 1m23.741087494s ago: executing program 0 (id=329): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000003}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2c, r3, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x2c}}, 0x0) 1m23.704941937s ago: executing program 0 (id=330): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f00000009c0)={[{@errors_remount}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x2, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=") mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) chroot(&(0x7f0000000000)='./file0/../file0\x00') pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='./file0\x00') 1m23.477595765s ago: executing program 0 (id=332): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x10001}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xa2980, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1, 0x0, 0x1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 1m23.148061602s ago: executing program 0 (id=334): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) io_setup(0x8, &(0x7f00000002c0)=0x0) r3 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) io_submit(r2, 0x1, &(0x7f0000000140)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x1000}]) 1m23.147871312s ago: executing program 36 (id=334): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) io_setup(0x8, &(0x7f00000002c0)=0x0) r3 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) io_submit(r2, 0x1, &(0x7f0000000140)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x1000}]) 21.130617818s ago: executing program 1 (id=2576): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x41, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) 20.944977693s ago: executing program 6 (id=2583): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000580081044e81f782db44b904", 0x10}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x22}, 0x94) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4c) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'vlan1\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000080)) 20.875699578s ago: executing program 6 (id=2587): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x45c, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x2, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x40000000, 0x1000, 0x6, 0x0, 0x0, 0x8000002, 0x0, 0x7e150a0b, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x100000, 0x0, 0x43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x10000, 0x5d2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf7fffffe, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x40000000, 0x3, 0x3, 0x6, 0x1, 0x8, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x9, 0x0, 0x3, 0x7, 0xfbfffffd, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x4fd, 0x2000, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffe, 0x0, 0x7e98263b, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x6, 0x10000000, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2d1, 0x0, 0x0, 0xb2e, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xff, 0x1000, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x6, 0xc3f3, 0x1, 0x0, 0x800, 0x9, 0x800, 0x0, 0x8, 0xe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0xfffffffe, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x8000, 0x0, 0xfffffffd, 0x0, 0x0, 0xd819ac9, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x80000001, 0x0, 0x10, 0x20, 0x4, 0x400000b2, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1000, 0x100, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xfffffffd, 0x1, 0x1, 0xfffffffe, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x4, 0x0, 0x0, 0x20000040, 0xffffffff, 0x400, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x80, 0x0, 0x0, 0x8000, 0x1ff, 0x23, 0xaaf0]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0xf, 0x0, 0x1, 0xffffffff}, 0x7, 0x10, 0x2000000}}]}}]}, 0x45c}}, 0x0) 20.841558011s ago: executing program 6 (id=2591): r0 = inotify_init() r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x400008bf) 20.780103376s ago: executing program 6 (id=2592): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = inotify_init1(0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x20008000) close_range(r0, 0xffffffffffffffff, 0x0) 20.436270314s ago: executing program 7 (id=2619): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0x3, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x46f8, 0x0, 0x0, 0x0, 0xbd}}, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001200)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f07df33c9f7b986", 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 20.294760055s ago: executing program 7 (id=2628): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 20.228066881s ago: executing program 1 (id=2631): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r2}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x3, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000c700000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x23}, 0x94) sendmsg$can_j1939(r0, &(0x7f0000000140)={&(0x7f0000000300)={0x1d, r2, 0x20000000000, {0x1, 0x0, 0x4}, 0xfd}, 0x18, &(0x7f0000000080)={0x0}, 0x4, 0x0, 0x0, 0x8001}, 0x8080) 20.180749285s ago: executing program 1 (id=2634): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f0000000400)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000008c0)='kfree\x00', r2, 0x0, 0x3}, 0x18) r3 = perf_event_open(&(0x7f0000000380)={0x2, 0x80, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f00000001c0)='cpu&\"\"\nt\x00') 20.180065755s ago: executing program 7 (id=2636): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x0) 20.158508376s ago: executing program 7 (id=2638): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = gettid() tkill(r0, 0x7) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000a40)={[{@jqfmt_vfsv0}, {@grpquota}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@quota}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r1 = open(&(0x7f0000000340)='./file1\x00', 0x185102, 0x38) sync_file_range(r1, 0x6, 0x10000000000000, 0x2) 20.096105991s ago: executing program 1 (id=2639): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x2}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SURVEY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000100)={0x1c, r3, 0x3a9, 0x3, 0x0, {{}, {@val={0x8, 0x140}, @void}}}, 0x1c}}, 0x4004050) 20.095481642s ago: executing program 1 (id=2641): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20) syz_io_uring_setup(0x83d, 0x0, 0x0, 0x0) rmdir(0x0) 20.084423752s ago: executing program 7 (id=2642): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x41, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) 20.008641389s ago: executing program 6 (id=2643): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x10000b}, 0x18) r1 = socket$key(0xf, 0x3, 0x2) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000240)=0x4) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030003110000002cbd7000fcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000000070c0000000005000500000000000a"], 0x88}, 0x1, 0x7}, 0x0) 19.825819773s ago: executing program 1 (id=2644): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000dc0)={0x30, r1, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0x4, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4090}, 0x0) 19.798570466s ago: executing program 37 (id=2644): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000dc0)={0x30, r1, 0xc4fc9e906872338b, 0x70bd2a, 0x0, {{0x15}, {@void, @val={0xc, 0x99, {0x4, 0x3a}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4090}, 0x0) 19.616650141s ago: executing program 6 (id=2646): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)="d800000018007b7be00212ba0d0505040a003f00000f040b067c55a1bc000900b80006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e07000000", 0xd4}, {&(0x7f0000000100)="d8bcf4de", 0x4}], 0x2, 0x0, 0x0, 0x2663}, 0x0) 19.61643806s ago: executing program 38 (id=2646): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000440)="d800000018007b7be00212ba0d0505040a003f00000f040b067c55a1bc000900b80006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b3162700e06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5005ccca262f3d40fad95667e04adcdf63cc1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e07000000", 0xd4}, {&(0x7f0000000100)="d8bcf4de", 0x4}], 0x2, 0x0, 0x0, 0x2663}, 0x0) 19.578296044s ago: executing program 7 (id=2647): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) 19.578079393s ago: executing program 39 (id=2647): syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) 4.763458964s ago: executing program 8 (id=3107): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x64, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2, @perf_config_ext={0xffffffff, 0xff}, 0x0, 0x0, 0x800000, 0x6, 0x2, 0xcb, 0xffff, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r1, 0x545c, 0x200000000000000) 3.915383283s ago: executing program 8 (id=3126): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f00000004c0), &(0x7f0000000500)=r2}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0x0) 3.758131535s ago: executing program 8 (id=3134): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 3.717109609s ago: executing program 8 (id=3137): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) r0 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x1, 0x2, 0x156}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x26c8, 0x0, 0x1, 0x0, 0x10) 3.569934591s ago: executing program 8 (id=3140): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) 2.800137303s ago: executing program 8 (id=3165): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x1, 0x8) 2.799804763s ago: executing program 40 (id=3165): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x1, 0x8) 1.686009944s ago: executing program 4 (id=3195): r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000004780)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) lseek(r0, 0x8b6c, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) add_key$fscrypt_v1(&(0x7f0000000500), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000600)={0xfffffe00, "060000000000000089e67197f90bf62e81386ba42400f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59301000080", 0x30}, 0xfffffcf5, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc4}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) 1.678430684s ago: executing program 9 (id=3204): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0xd000000, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x8000002b) 1.674999314s ago: executing program 5 (id=3196): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000008000000070000000900000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x8401) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff}) ioctl$SG_BLKTRACETEARDOWN(r2, 0x1276, 0x0) 1.571973313s ago: executing program 4 (id=3197): r0 = socket$inet(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000500)='kfree\x00', r2}, 0x18) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)=ANY=[], 0x10) 1.505608918s ago: executing program 5 (id=3198): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x25, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 1.102222111s ago: executing program 5 (id=3200): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x210000, &(0x7f0000000280)={[{@user_xattr}, {@noquota}, {@dioread_nolock}, {@jqfmt_vfsv1}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x70}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7b1}}, {@stripe={'stripe', 0x3d, 0x20}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x3fe}}, {@user_xattr}, {@noinit_itable}]}, 0x3, 0x583, &(0x7f0000000800)="$eJzs3c9rHGUfAPDvbHb7+32bQilvX15eCj1Yqd00iT8qeKhH0WJBPdclmYaSTbdkN6WJBduDvXiRIohYEO969+ChePHoX1HQQpES9OBlZTazybbZJJt0Y2L384Fpn2dmNs8888z34Zl9dpgABtaJ7J9CxPGI+CyJONyxrRj5xhNL+y0+vjmRLUk0m+/9lkSSr2vvn+T/H8wz/4mIHz+JOF1YXW59fmG6Uq2ms3l+pDFzbaQ+v3DmykxlKp1Kr46Nj597ZXzs9dde7VtdX7z4x5fv3n/r3KcnF7/47uGRu0mcj0P5ts56PINbnZkTzWZ+Tkpx/qkdR/tQ2G6S7PQBsCVDeZyXIuJ46XCpHfXA8+/jiGgCAyrZZPzv1V/Ac6I9Dmjf2/fpPvgf49GbSzdAq+tfXPpuJPa17o0OLCZP3Bll97vDfSg/K+P7X+/dzZbo3/cQABu6dTsizhaLq/u/JO//tu5sD/s8XYb+D/4+97Pxz0vdxj+F5fFPdBn/HOwSu1uxcfwXHvahmDVl4783uo5/lyethofy3L9aY75ScvlKNc36tn9HxKko7c3y683nnFt80FxrW+f4L1uy8ttjwfw4Hhb3PvmZyUqj8ix17vTodsR/u45/k+X2T7q0f3Y+PuixjGPpvf+vtW3j+m+v5jcRL3Rt/5UZrWT9+cmR1vUw0r4qVvv9zrGf1yq/e/1/+mEbqtpV1v4H1q//cNI5X1vffBlf7/szXWvbVq//Pcn7rfSefN2NSqMxOxqxJ3ln9fqxlc+28+39s/qfOrl+/9ft+t8fER/2WP87R7/939brv72y+k9uqv03n3jw9kdfrVV+b+3/cit1Kl/TS//X6wE+y7kDAAAAAACA3aYQEYciKZRjX54uFMrlpd93HI0DhWqt3jh9uTZ3dTJaz8oOR6nQnuk+3PF7iNH897Dt/NhT+fGIOBIRnw/tb+XLE7Xq5E5XHgAAAAAAAAAAAAAAAAAAAHaJg8vP/8cTz/9nfhna6aMDtl1x6f3fwADa8JX//XjTE7ArbRj/wHNL/MPgEv8wuMQ/DKTWFJ/4h8El/mFwiX8YXOIfAAAAAAAAAAAAAAAAAAAAAAAAAAAA+urihQvZ0lx8fHMiy09en5+brl0/M5nWp8szcxPlidrstfJUrTZVTcsTtZmN/l61Vrs2OhZzN0Yaab0xUp9fuDRTm7vauHRlpjKVXkq9ZxwAAAAAAAAAAAAAAAAAAABWq88vTFeq1XS2D4lStZoWIqKXnSP6VOgAJrJ2u1Xs7TxvTyKJlTXF3XJaJPqa2OmeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABW/BUAAP//2SsyHQ==") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) write$UHID_INPUT(r2, &(0x7f0000002c80)={0x8, {"6f94dc6c7916222282bc8269d45d1b1b879346eb12511f9a4ccfd2c6cdc402faa0802ab3b7c5b26dbf43c9eb752d5a68a1c9b6e2c1d97e83a121f32ab986bffbfc747820223977aa2e5fa5ebf338ac6e54cb2fe4bcff86a5f108d03b117e7eaaf14d67a270eac6f8443a2392f962ecd3da6abeed2a3d0e914ac6591b07ec0b532b3b72c6a513fed2437961967d4cd23bb39d5ee2bce80f3d74f0cb8394265d348a42fdc43a41e3ce8625d8891521e68f258153e12fe7cc6966353a276e71004ada7e6380afa43d67f3fd25cd30538455dc103453ba29dda21dad8c61eb321df526f0f333216bcc339d82f37f9e7be27a1f2b00dcfa9fe3134ff5f41a85a98372e7094440f1908ce431507aca62096a99c7143115795deeea0e96547ba07b837cdaac3c662c905f9eb8ec54dac59b0775d473aa8a970a659f82470248d20d283c0b8e91f3b524ca2de18173ab652b8e126a1659a16664ae6e25beb468163f8b91a8b8030b1c31c67f58253cef8598d28e1817af68d2687697ae1d255513d92993301d26beb95dbf71b1671cc01d5c800900473442beec8ae3c85f3ab752aa0d5a81355767c461a08e5e2aa3bfd684b5fa78090e7ac5ea92f1d83cf35347ef72bac047472c5762e78497804d919232909f02dcaded06e18fa9a8f155c4d7281351d79186ecfe77fbcf99edbd91e254044c9d296877ef73cf4fc78fe8fdd7393536c8baff012aac6240303ef3721cc5cc5a2c7029746c5c15505cffd7bcc577bbbfcf93e69af473fae94e971fe7f6cba5692ddfa6a6dfcd8cf01cc198ad037620a99fb9b6c293340f82db031addebdebdc980c8f819612b367a7f5cd02c5dac38fea74783d3b78887302ba72789c5325a1225eea4155c3bcc134f2beb0ab38892720f42cb662d84d536db78089b826d42cb5de700e89837e06092a591d546dd587c7d7867577b3696b9426e4b2ef0ff186225b01914664a0691962f66b53d552ea747e0ab7f658be2d62bfcceecb533c24c247e35726a66f4324bf09c557d9e86bbda75a2520105b4d3230a87d211aa64c6ee367343d40eb56fbf657151b840888f8f9beea3b9d3425674a019fd1fbdc95ab71c9b2ee8f616c9766a6561e31c0fa6d88ff1d919aac3094d82cc080f49cc98d004e7a1c3d1161897dbf90a1913c1cb592013c812ab00297210403729e6f03fd5a096b06276475e78cf1e9f866e50a4d3c408e9a9ee0f68cafa263236c7450012d95cfc30a67295c77f23c80549ae35bf6154d0a6bbda8400a405b0a5bbfd67e6b9cd62709324587dddc1daa8aba94e59eedab50c6365c1e20650f700d4efc392d61acebc2aa5bb77f7d6626e7b91c01a29bc35462dca5fb6d31fec4d0fe447bff7487ee7db2391f45151e2c6dfc7f36a4b3deecf29d7a59967b0bab1fea786020fb7613f8ce87d325dc1da7c1f04e6fc469d37a4759c149a622447d66e3a01989e15b38d4bc41a9268f360ec917789a2ff48f391d07bad4ac3fcf89474bb1283867df7baa9546cfaa247a431229aa42a57f0e618bfa0af06546ddc5e1e605ff4c297033be2fac8b85a0e17715e1db9f9d4a1c05cc4b7789d6b413a6453c97d15fd397545bf3f6c67a2b6ecaaf2871594f973506f2a90c12ce6661a93abb2db156608339d32abf74599510926c5659d219c7c61968016ff5c97baacb966752a1651083ce043dde51eb333ada339d3970a16a9d156435bd0639f819c94c98db6afbf3e197112411a8aa1ddd374e082f38a8a5d7603bd11fe09fcecd35009aa24da6a34d626b08a6a4b2b3df7970a7b25fe6a663398d5452aec7e8cb1da95812a97155b0482ab0633440117619c051582e1431d7a3f7022ef176155a993aede9c07d871b25a8502c69de6197a961a30968825d97ffd6f7c77768275594e96e989db9e9ac5f4ce2f601577a6251ce7adeffae26551d67d386f68d1582dd53ab8d5d595038ab7738e2ee202cd245774faa20c06d6532009c88cef34aac535778b581a7b9b37228643279d25f0802d54760cfc292e1ade9e5c1e0786d07af017053a3db74cded8dedf8ece7a37411b0a0b48ef1e3bb22bf0aca8df45e66975e93ae6706712da78c9d8224f876886e542ff4d18048fe4d54c9641be9051828e724768ac57ecce0928158fdccad7947ff9570313b42040398b726d709b223dcb87ce0efc1838225d3d91bd22c2e0fa2c6b569c53534ba1324c0abd0663ee6571804cd47929c204566302164068431b895ba248e745c641dc322b9b2d4ea0cb783ea133a63f87180be5ecafd5385cf278537ce5cf78d63f3a91e2c9c239be7c9356e8458d0f96f39d9a98cbd85c3244bf4cc45bd41e89945b3220d8f2dffa629912867d2889fe91fc7475c32f36d9dce7cf1bb5af0b61b3f6c236497b0a024f9e8eb46bce942c6afcd9671479169e42d90dd1ff0fdf77a9a390567cf910b59b95e5872045289480716a5c144a9531905cfcffcedfe4b78204088b0409b6a1fb31981e15b321382d178143dcda109a7848f40f690529b8834e20287227977791faf4246d551bf0018417719020a349c6779f1ed824a6ea8f66b90df55da35e75c4ba22065b926cbdb47366955ee3366245f474d65ed7a0c5c167610b132c3c9324347f7cb31b1bedf1669c76c66a4537d5f4649f9d0c721fee5110d92e62e93788fa7e13fb2a7d58ea41c426cbda9b5b81a9d9c989ab8ad564bf8aaf2d2d06c6f39de8cc3346d1e3195df9bebe0b59917dc9a90ea30209fc0078ebec45a58f2772d159f6534ad0568226234bc0212f1e364b7eae4d34e502e73549d0e6d143737c92e2a79412692e1c31be397ec7340c0f8f8894271b7bb48a3af74b48f55b6608e755194a7a1bd908472f292af937cf50a8a41a3ee13b16cb739f4b62ab8b8a904d2f4d20520790612eaef6ed5ed9939b053d138c90ce1bf130c050d5070dbeafb2858f3f368062593edc5d7dc52a44b8c3073b0aeb7642094bb52525b066c5d58d5d212e4ba5aaedd7f73ed5eac1bc8d7c379230d45c557964d40c12e9a811bfa30261b8d52fd05c7f0f339b0f5c16a3de96d16746ccb0a4f4feca89b9400ddccd7d52f34bafe03866d6ca1871498f2195e6d011fa87ae1545f9270c5fd6d2d01efc4f4e2a1a14e2ed28c124a297077beeb6286f29890be764f0e5857f9dc3751e910bbee328829c8001212d191603c041edb7c61ea7c5613d09b0187929ce1f960db11e26ad782800fd278121d14336249c0425ac2e129c3e91ab332c48d55d041372ae6a4c38f03388186100ed6498614c3e2c98fcaa20b7aaa707a2fa6e782326823c20113f864d440be6069869bbaf816573f7b9856ae543e5141ec15cdcd6d8bb5c42188ec34c278f36c029aeb9e4f6634ae7cef4ca15491ed54d7cbcb0b2e98dae21d5e06ceaf4f4b05baf20b1dd7c2607a265968a6a756cd6fa8421d1c6e4f263d40480240b895caec01c850250a4dc29941171489a72eaf755056ec4a0129aec2ce77915b2bcc0925296acc635be9a5cc14a0865f2c656230eda1f02f902b153ed81744cac8abbc020db1f6d4ee81ab748b98c4227302f4e33df0aa0a90d21fd9802c1225afbc8bb710ba697c8a5b1b32723adf114ec43cc114943148f1bf04ef603b039bf8951cd634b7f21dbb361a6946c346e3a036feaa5746af77b09e15196c719dcdff0286f3caf09fe01b74e9eb8d49b7a7d988d00416da05010c8cbdf8fd0c1cd9a0e6edf4bed120580f1169d9859e40262978a3ac14bb9fbe93116b551783022780c377dafe017c2edc5761e7c3dc6112c3bcafcbd1a5fd3366dbc5d8805bed466c7f232013e3ce4d901efddda160dcbd931af0d1586f1125f71d328cf3eff4840d847d5b91192eafb33436e488161dee9beceaa3a645650c996766f8c92a7887425626580257dfe98cb69f81f9e26684b761475002db7edeba1dc656629f1f319f149a097c300a086791e1b854618061c8108279244dbc59418f4dccd3b059b19d511e66419c532cab88a19d801ea1529a50ed16b27c09db2e77145ce1609b4705b308800a834abe432cffff85b2856e68f09a2980acea00cb2d6754b30fd9b78a41aafd284a3c4ed15ed780ea26d005f45419b27204b1718f2a081e9d14a178b7bf98b2826e31b48275eaeb1fb98e7cc2014da771e593be97002962fbcc314553821d19426d50e549be0b3160e70a3184bdb11f45d1a13bd945e31f669d95af269677036c340d608c2bbbaf7c40815925eae955175c244d489e1644329ee4bd2de6f29595b1533ccef9e19d5221c11fde1fc5ceaa1f743e38b2f3dfca0c232f2a825d591862f0891c7ca7076d7728b6503e99ea50587a1b221654b03ff5bcac2dd135bbe3e0a10832e75b526d5a1f7626ff920c0831bbe347c0c789b4c4e96a0e4652fac8a940f86cc9ebaff5b5930e59faa63680a48ddb805306701ba7e8351ae4a7bad3fa19745bd65fd98f9211187bb712cf9169933dfdd64e47bbfdb2c8ab112a4e6a74226ca7a9934ed1d3f841afa659eff921d5f252979f476cad778d8f58f5089811c5af3370fba6bca3641ade238633e3477e6d7207b7084d8dc0ab1862a26fe06629a05d431f68ada6b3cf27da329bbf0bf29081f780d3227e78122c9dc5d756937af0a4aa75ea20a3a1b869dda2c43b82e4ca1894d261e93f783d8f014fd9b2686d045d2690a540a6b9b63a2b53a5b83998f7a65f09aae7520b264add8a2b038f083d5f58faecd64dd458991874ec0148ed3a7f99e0248cd5e161dc4d579463d82b48a9e742c16c2b5990db45a665d64777fb0623205e3f04e72222e40422768aacf57d721b6ae19c09a055ad6ddbf890435b03a9933399d943be799a1d546be4864eb6af63ce566d404d299827dcba745f50e3cc0684bf7d1afe04a836546333e0292f52972509e21bd07e197285a5721290dc9ad5aea6865aee6c8920be8e2f964fbc4988912f1d83b50f22252474a1e7b8da5551ac7d4f2f7b7eb08cc4f9f0c075066ce2a08cb0fb4a136a3547bcfa421200ce1d61a661e9053a86e6e5319c682e8813c64358f360fceb401085ab53a4364a3035f732d645e04cb13ecfe9c59a152351fe75eb78ab21112422918727dc40db75ad3d7bbafb023f8bae0aad5485bc34513732464de5bf71a21bf1b3d806540b9db71ccd9f4a842338aecec8d6c09477bd2a8dd557cb4760ccde547af0a5df0bd2224b609e3837819b5951bc999886325efc009da95f6aae1b96159617d7de0f7e3928934fd74e937c82e0760b7cbc2acf6bfc3a428b74f8aaeeb708f11f608c35c2a2cce22736c525d4567fbef67e773c645540c7aed6a57f48b218115d8425fa81349ee1e62ec629709fa8a70e8f626da433707590cf11d89075f6dfe3231ca5b44f5e043e7a931862cd5982a97592fc74ca151a7cb728c0baca3cbff9ea263f2c13c129ae896f9db000ebd504017969a8e3adf6a56dba8f4ceddbec562c1cb43520e4539ac7bed70b8925022870eb415fcdd12d7364dfd25fe99d822e9e4116c32061ce7b74b0b17bce6a10dc637a9c4307b3875584bf76ee66f851de66e3715811efd07e0614eaf7d1d3832df52806bef89944f6d14ff6775aaa99d40820127378d67f1b3bb805a009fdb16071b5523f9543ece0b29439e26937fdf672df4b1d9b012174ae58fccd6541b5e69ce297a0b44ed6927cd432f1cce6c319fa181a6ffe3e84762870c2c3a4969e50142399c8e7a1df2f0fb6fe063b03f7f7e24b68e253a09b739577583cf3b9d7091275a3c", 0x1000}}, 0x1006) 1.101984931s ago: executing program 4 (id=3201): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18) epoll_create1(0x0) get_robust_list(0x0, &(0x7f0000001580)=0x0, &(0x7f00000015c0)) 1.081230722s ago: executing program 4 (id=3202): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r0, &(0x7f0000000080)=[{0x0}, {&(0x7f0000002140)=""/4096, 0x1000}], 0x2) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000100)=0x730) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 837.729532ms ago: executing program 9 (id=3203): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b33000000feffffff0005000000080003"], 0x38}}, 0x0) 836.590792ms ago: executing program 5 (id=3205): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000100)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xd, 0x10, 0xb, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0x7, 0x1, 0x2}}}}}]}}]}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) syz_clone(0xe50c1700, 0x0, 0x0, 0x0, 0x0, 0x0) 649.181168ms ago: executing program 9 (id=3206): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) r1 = fsopen(&(0x7f0000000400)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000240)=',-\x10*\x00', &(0x7f0000000380)='$\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000540)='\x00', &(0x7f0000001c80)='n', 0x1) close(r1) 605.933001ms ago: executing program 4 (id=3207): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x4}, 0x18) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'dummy0\x00', &(0x7f0000000100)=@ethtool_channels={0x3c, 0xe35, 0x4, 0x4, 0x7, 0x7, 0x10, 0x7ff, 0xffff}}) 565.774504ms ago: executing program 9 (id=3209): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x88000cc, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) mknod$loop(0x0, 0x100000000000600d, 0x1) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 531.853547ms ago: executing program 4 (id=3211): r0 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580, 0xfffffffd, 0x400}, &(0x7f0000000100), &(0x7f0000000040)) r1 = socket(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x7, 0x4) readv(r1, &(0x7f0000003600)=[{&(0x7f0000002340)=""/138, 0x8a}], 0x1) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000140)={0x10000018}) 529.472127ms ago: executing program 9 (id=3221): r0 = socket$inet(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000500)='kfree\x00', r2}, 0x18) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)=ANY=[], 0x10) 420.160456ms ago: executing program 9 (id=3223): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 279.968368ms ago: executing program 3 (id=3216): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) dup(0xffffffffffffffff) r2 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) 191.866615ms ago: executing program 3 (id=3217): r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000004780)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) lseek(r0, 0x8b6c, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000540)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) add_key$fscrypt_v1(&(0x7f0000000500), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000600)={0xfffffe00, "060000000000000089e67197f90bf62e81386ba42400f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59301000080", 0x30}, 0xfffffcf5, 0xffffffffffffffff) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc4}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) 178.096896ms ago: executing program 3 (id=3218): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'}) 144.098058ms ago: executing program 3 (id=3220): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='highspeed\x00', 0xa) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2, 0x6}, 0x1c) shutdown(r0, 0x1) 109.600581ms ago: executing program 3 (id=3222): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x88000cc, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) mknod$loop(0x0, 0x100000000000600d, 0x1) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) 28.124818ms ago: executing program 5 (id=3224): unshare(0x20040600) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$inet6(0xa, 0x2, 0x0) recvmsg(r2, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x40000050) 8.742779ms ago: executing program 3 (id=3225): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000003000000080000000100000000000000", @ANYRES32, @ANYBLOB="0000000002"], 0x50) 8.48759ms ago: executing program 2 (id=3167): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f00000004c0), &(0x7f0000000500)=r2}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100626f6e64000000000c000280050001000600000008000a0079"], 0x44}}, 0x0) 0s ago: executing program 5 (id=3226): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x4}, 0x18) r1 = memfd_create(&(0x7f0000000bc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0dÑSÇ IN'…ùÌ=Y^»_Gí^1M÷ê@`•a°«È¥ýqxà¸ì½ÌYï±Ìä_¬uµ\ [ 101.649901][ T8755] ª†×¬ìÊ [ 101.649901][ T8755] ©y´ÒŸ¬vðy®®ÃýhBŽ/–Ê –P^À…i/òÜÙÞŠö [ 101.649901][ T8755] ûDú‡ÜÍôl¦Ú°’¨{ôþ™8ÄÀAOú™IÁ›ÚA„†:¿ð?vœ¸0¶î‘ŽË'‘û!ŸÓœÏB8kpÙ«]Š ^Š6H7Ú6É$è+ŽNÍJ·U¿ý#/Jmÿ]UGòꦴwM`Z°Ë¶Ìçù^J’*Pq«UdáãP}ïK—¥öÚ5\ðÀÁµaý×4ÂÆû4 ”f»ÿˆòî9ݳ¯è –~ø-¤÷Væˆì”ÿ—ÿÿ) failed with errno=-22 [ 101.717246][ T8751] 8021q: adding VLAN 0 to HW filter on device bond1 [ 101.734637][ T8751] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 101.745156][ T8751] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 101.759546][ T8758] netlink: 'syz.1.1945': attribute type 3 has an invalid length. [ 101.778196][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1944'. [ 101.790841][ T8751] bond1: (slave ip6gre1): making interface the new active one [ 101.798444][ T8751] ip6gre1: entered promiscuous mode [ 101.852936][ T8751] bond1: (slave ip6gre1): Enslaving as an active interface with an up link [ 101.897978][ T8778] openvswitch: netlink: Message has 6 unknown bytes. [ 102.032336][ T8797] loop7: detected capacity change from 0 to 512 [ 102.060372][ T8797] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 102.076679][ T8804] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=8804 comm=syz.1.1965 [ 102.089694][ T8797] System zones: 0-2, 18-18, 34-35 [ 102.106866][ T8797] EXT4-fs error (device loop7): ext4_quota_enable:7124: inode #4: comm syz.7.1962: iget: bad i_size value: 5910974510929920 [ 102.126129][ T8797] EXT4-fs error (device loop7): ext4_quota_enable:7127: comm syz.7.1962: Bad quota inode: 4, type: 1 [ 102.139503][ T8797] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 102.173835][ T8797] EXT4-fs (loop7): mount failed [ 102.197291][ T8797] loop7: detected capacity change from 0 to 512 [ 102.228647][ T8809] loop8: detected capacity change from 0 to 1024 [ 102.264626][ T8817] netlink: 'syz.6.1970': attribute type 1 has an invalid length. [ 102.273276][ T8797] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.291839][ T8809] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.306063][ T8817] bond1: entered promiscuous mode [ 102.307109][ T8797] ext4 filesystem being mounted at /304/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 102.313351][ T8817] 8021q: adding VLAN 0 to HW filter on device bond1 [ 102.342155][ T8797] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #2: comm syz.7.1962: corrupted inode contents [ 102.355805][ T8797] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #2: comm syz.7.1962: mark_inode_dirty error [ 102.373686][ T8797] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #2: comm syz.7.1962: corrupted inode contents [ 102.387134][ T8826] 8021q: adding VLAN 0 to HW filter on device bond1 [ 102.391410][ T8797] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #2: comm syz.7.1962: mark_inode_dirty error [ 102.397533][ T8826] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 102.406001][ T8806] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 102.415323][ T8826] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 102.436030][ T8826] bond1: (slave ip6gre1): making interface the new active one [ 102.442039][ T8797] EXT4-fs warning (device loop7): ext4_empty_dir:3093: inode #18: comm syz.7.1962: directory missing '.' [ 102.443560][ T8826] ip6gre1: entered promiscuous mode [ 102.463397][ T8826] bond1: (slave ip6gre1): Enslaving as an active interface with an up link [ 102.550187][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.559717][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.784870][ T8867] loop6: detected capacity change from 0 to 512 [ 102.806315][ T8867] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 102.815912][ T8867] System zones: 0-2, 18-18, 34-35 [ 102.825566][ T8867] EXT4-fs error (device loop6): ext4_quota_enable:7124: inode #4: comm syz.6.1989: iget: bad i_size value: 5910974510929920 [ 102.846532][ T8867] EXT4-fs error (device loop6): ext4_quota_enable:7127: comm syz.6.1989: Bad quota inode: 4, type: 1 [ 102.875172][ T8867] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 102.890117][ T8867] EXT4-fs (loop6): mount failed [ 102.915677][ T8867] loop6: detected capacity change from 0 to 512 [ 102.950109][ T8867] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.994370][ T8867] ext4 filesystem being mounted at /340/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 103.015321][ T8867] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #2: comm syz.6.1989: corrupted inode contents [ 103.043344][ T8867] EXT4-fs error (device loop6): ext4_dirty_inode:6538: inode #2: comm syz.6.1989: mark_inode_dirty error [ 103.092383][ T8867] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #2: comm syz.6.1989: corrupted inode contents [ 103.105712][ T8867] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #2: comm syz.6.1989: mark_inode_dirty error [ 103.150562][ T8904] EXT4-fs warning (device loop6): ext4_empty_dir:3093: inode #18: comm syz.6.1989: directory missing '.' [ 103.177874][ T8908] __nla_validate_parse: 4 callbacks suppressed [ 103.177891][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2004'. [ 103.210157][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2004'. [ 103.236788][ T4323] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.372368][ T8921] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 103.383293][ T8920] IPVS: stopping master sync thread 8921 ... [ 103.451605][ T8930] program syz.1.2013 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.565936][ T9] syzkaller1: tun_net_xmit 90 [ 103.582304][ T8936] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 103.588177][ T8936] syzkaller1: Linktype set failed because interface is up [ 103.610572][ T7977] syzkaller1: tun_net_xmit 86 [ 103.619519][ T8945] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2022'. [ 103.649059][ T8945] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2022'. [ 103.697078][ T8953] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 103.723968][ T29] kauditd_printk_skb: 211 callbacks suppressed [ 103.723982][ T29] audit: type=1326 audit(1754723376.247:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.740442][ T8953] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 103.757577][ T29] audit: type=1326 audit(1754723376.247:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8957 comm="syz.6.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 103.785694][ T29] audit: type=1326 audit(1754723376.247:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8957 comm="syz.6.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 103.809285][ T29] audit: type=1326 audit(1754723376.279:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.832977][ T29] audit: type=1326 audit(1754723376.279:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.834954][ T8953] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 103.856491][ T29] audit: type=1326 audit(1754723376.279:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.888152][ T29] audit: type=1326 audit(1754723376.279:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.911806][ T29] audit: type=1326 audit(1754723376.279:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.935334][ T29] audit: type=1326 audit(1754723376.279:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8959 comm="syz.7.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 103.958956][ T8953] netlink: 8 bytes leftover after parsing attributes in process `wg1'. [ 103.959667][ T29] audit: type=1326 audit(1754723376.301:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8957 comm="syz.6.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 104.028781][ T8965] loop8: detected capacity change from 0 to 1024 [ 104.060197][ T8965] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.132077][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.208652][ T8984] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 104.221306][ T8987] loop8: detected capacity change from 0 to 512 [ 104.240788][ T8987] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 104.263663][ T8987] EXT4-fs (loop8): invalid journal inode [ 104.269384][ T8987] EXT4-fs (loop8): can't get journal size [ 104.291022][ T8987] EXT4-fs (loop8): 1 truncate cleaned up [ 104.297194][ T8987] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.322683][ T8987] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.401516][ T9003] loop8: detected capacity change from 0 to 512 [ 104.443659][ T9003] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 104.457327][ T9009] netlink: 'syz.1.2046': attribute type 10 has an invalid length. [ 104.465294][ T9009] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2046'. [ 104.475109][ T9009] dummy0: entered promiscuous mode [ 104.481070][ T9009] bridge0: port 3(dummy0) entered blocking state [ 104.487509][ T9009] bridge0: port 3(dummy0) entered disabled state [ 104.490311][ T9003] System zones: 0-2, 18-18, 34-35 [ 104.494101][ T9009] dummy0: entered allmulticast mode [ 104.505297][ T9009] bridge0: port 3(dummy0) entered blocking state [ 104.511759][ T9009] bridge0: port 3(dummy0) entered forwarding state [ 104.520103][ T9003] EXT4-fs error (device loop8): ext4_quota_enable:7124: inode #4: comm syz.8.2043: iget: bad i_size value: 5910974510929920 [ 104.551283][ T9003] EXT4-fs error (device loop8): ext4_quota_enable:7127: comm syz.8.2043: Bad quota inode: 4, type: 1 [ 104.569982][ T9003] EXT4-fs warning (device loop8): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 104.615122][ T9003] EXT4-fs (loop8): mount failed [ 104.629804][ T9018] random: crng reseeded on system resumption [ 104.648449][ T9022] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2052'. [ 104.664918][ T9003] loop8: detected capacity change from 0 to 512 [ 104.706659][ T9003] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.735643][ T9003] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.776326][ T9003] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #2: comm syz.8.2043: corrupted inode contents [ 104.799047][ T9003] EXT4-fs error (device loop8): ext4_dirty_inode:6538: inode #2: comm syz.8.2043: mark_inode_dirty error [ 104.828119][ T9003] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #2: comm syz.8.2043: corrupted inode contents [ 104.850980][ T9003] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #2: comm syz.8.2043: mark_inode_dirty error [ 104.872353][ T9040] EXT4-fs warning (device loop8): ext4_empty_dir:3093: inode #18: comm syz.8.2043: directory missing '.' [ 104.922887][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.184290][ T9083] loop6: detected capacity change from 0 to 2048 [ 105.198650][ T9083] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.271453][ T4323] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.377956][ T9117] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.385591][ T9117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.400471][ T9117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.407911][ T9117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.420769][ T9117] batman_adv: batadv0: Removing interface: bridge1 [ 105.447084][ T9125] netlink: 'syz.8.2100': attribute type 21 has an invalid length. [ 105.467890][ T9125] netlink: 'syz.8.2100': attribute type 1 has an invalid length. [ 105.571511][ T9139] loop7: detected capacity change from 0 to 512 [ 105.584702][ T9142] loop6: detected capacity change from 0 to 512 [ 105.593556][ T9139] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 105.606292][ T9139] EXT4-fs (loop7): 1 truncate cleaned up [ 105.612440][ T9139] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.642218][ T9142] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=e000c018, mo2=0002] [ 105.650364][ T9142] System zones: 0-2, 18-18, 34-35 [ 105.655928][ T9142] EXT4-fs error (device loop6): ext4_quota_enable:7124: inode #4: comm syz.6.2107: iget: bad i_size value: 5910974510929920 [ 105.669092][ T9142] EXT4-fs error (device loop6): ext4_quota_enable:7127: comm syz.6.2107: Bad quota inode: 4, type: 1 [ 105.680961][ T9142] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 105.696248][ T9142] EXT4-fs (loop6): mount failed [ 105.708949][ T9142] loop6: detected capacity change from 0 to 512 [ 105.728742][ T9142] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.741353][ T9142] ext4 filesystem being mounted at /365/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 105.754663][ T9142] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #2: comm syz.6.2107: corrupted inode contents [ 105.768488][ T9142] EXT4-fs error (device loop6): ext4_dirty_inode:6538: inode #2: comm syz.6.2107: mark_inode_dirty error [ 105.769352][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.780323][ T9142] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #2: comm syz.6.2107: corrupted inode contents [ 105.801853][ T9142] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #2: comm syz.6.2107: mark_inode_dirty error [ 105.820598][ T9142] EXT4-fs warning (device loop6): ext4_empty_dir:3093: inode #18: comm syz.6.2107: directory missing '.' [ 105.844903][ T4323] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.957458][ T9173] SELinux: Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped). [ 106.148732][ T9185] netlink: 'syz.1.2118': attribute type 1 has an invalid length. [ 106.163337][ T9185] bond2: entered promiscuous mode [ 106.169722][ T9185] 8021q: adding VLAN 0 to HW filter on device bond2 [ 106.188291][ T9185] 8021q: adding VLAN 0 to HW filter on device bond2 [ 106.196951][ T9185] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 106.207301][ T9185] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 106.221657][ T9185] bond2: (slave ip6gre1): making interface the new active one [ 106.229279][ T9185] ip6gre1: entered promiscuous mode [ 106.236698][ T9185] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 106.740484][ T9245] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 107.141477][ T9284] loop6: detected capacity change from 0 to 512 [ 107.151351][ T9284] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 107.165708][ T9284] EXT4-fs (loop6): 1 truncate cleaned up [ 107.202730][ T9284] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.319417][ T9303] loop7: detected capacity change from 0 to 1024 [ 107.348277][ T9303] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.387506][ T9303] EXT4-fs error (device loop7): ext4_xattr_inode_iget:437: inode #11: comm syz.7.2174: missing EA_INODE flag [ 107.403238][ T9303] EXT4-fs (loop7): Remounting filesystem read-only [ 107.435454][ T4323] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.447592][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.559139][ T9] hid_parser_main: 6 callbacks suppressed [ 107.559167][ T9] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 107.572431][ T9] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 107.579850][ T9] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 107.596069][ T9] hid-generic 0000:0004:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 107.648707][ T9336] loop8: detected capacity change from 0 to 512 [ 107.667529][ T9336] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 107.771947][ T9336] EXT4-fs (loop8): 1 truncate cleaned up [ 107.784037][ T9336] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.842948][ T9345] siw: device registration error -23 [ 107.862383][ T9347] loop6: detected capacity change from 0 to 512 [ 107.903492][ T9347] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 107.933203][ T9347] EXT4-fs (loop6): mount failed [ 108.012701][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.046676][ T9360] __nla_validate_parse: 3 callbacks suppressed [ 108.046697][ T9360] netlink: 92 bytes leftover after parsing attributes in process `syz.9.2200'. [ 108.061895][ T9360] netem: unknown loss type 0 [ 108.066741][ T9360] netem: change failed [ 108.076411][ T9364] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 108.087899][ T9364] SELinux: failed to load policy [ 108.137879][ T9369] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 108.210096][ T9376] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9376 comm=syz.6.2207 [ 108.300607][ T9388] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=263 sclass=netlink_audit_socket pid=9388 comm=syz.6.2207 [ 108.403672][ T9394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2213'. [ 108.412857][ T9394] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2213'. [ 108.425184][ T9394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2213'. [ 108.436714][ T9394] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2213'. [ 108.445871][ T9394] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2213'. [ 108.476539][ T29] kauditd_printk_skb: 159 callbacks suppressed [ 108.476553][ T29] audit: type=1400 audit(1754724149.301:2844): avc: denied { create } for pid=9395 comm="syz.8.2216" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 108.530959][ T29] audit: type=1400 audit(1754724149.343:2845): avc: denied { write } for pid=9395 comm="syz.8.2216" name="file0" dev="tmpfs" ino=1902 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 108.531003][ T29] audit: type=1400 audit(1754724149.343:2846): avc: denied { open } for pid=9395 comm="syz.8.2216" path="/367/file0" dev="tmpfs" ino=1902 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 108.531089][ T29] audit: type=1400 audit(1754724149.343:2847): avc: denied { ioctl } for pid=9395 comm="syz.8.2216" path="/367/file0" dev="tmpfs" ino=1902 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 108.603765][ T29] audit: type=1400 audit(1754724149.428:2848): avc: denied { unlink } for pid=4427 comm="syz-executor" name="file0" dev="tmpfs" ino=1902 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 108.622426][ T9400] loop8: detected capacity change from 0 to 512 [ 108.642860][ T9400] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.665485][ T9400] ext4 filesystem being mounted at /368/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.707179][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.905570][ T9424] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2228'. [ 108.981340][ T29] audit: type=1400 audit(1754724149.840:2849): avc: denied { bind } for pid=9432 comm="syz.8.2231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 109.015932][ T29] audit: type=1400 audit(1754724149.861:2850): avc: denied { write } for pid=9432 comm="syz.8.2231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 109.111503][ T9445] loop7: detected capacity change from 0 to 512 [ 109.122102][ T29] audit: type=1326 audit(1754724149.978:2851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9447 comm="syz.6.2238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 109.122185][ T29] audit: type=1326 audit(1754724149.988:2852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9447 comm="syz.6.2238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 109.123193][ T29] audit: type=1326 audit(1754724149.988:2853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9447 comm="syz.6.2238" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 109.124883][ T9445] EXT4-fs (loop7): Cannot turn on journaled quota: type 0: error -2 [ 109.124995][ T9445] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #13: comm syz.7.2236: invalid indirect mapped block 2683928664 (level 1) [ 109.125290][ T9445] EXT4-fs (loop7): 1 truncate cleaned up [ 109.125868][ T9445] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.302803][ T9458] netlink: 'syz.1.2243': attribute type 21 has an invalid length. [ 109.310756][ T9458] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2243'. [ 109.349317][ T9445] EXT4-fs error (device loop7): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.7.2236: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 109.394566][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.410469][ T9471] : renamed from bond0 (while UP) [ 109.430276][ T9473] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2251'. [ 109.458318][ T9477] loop7: detected capacity change from 0 to 1024 [ 109.477129][ T9477] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.580894][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.656598][ T9511] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2267'. [ 109.690922][ T7977] nci: nci_ntf_packet: unsupported ntf opcode 0xf3d [ 109.809703][ T9531] loop7: detected capacity change from 0 to 4096 [ 109.819623][ T9531] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.835006][ T9531] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #15: comm syz.7.2275: corrupted inode contents [ 109.848469][ T9531] EXT4-fs error (device loop7): ext4_dirty_inode:6538: inode #15: comm syz.7.2275: mark_inode_dirty error [ 109.867332][ T9531] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #15: comm syz.7.2275: corrupted inode contents [ 109.882306][ T9531] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #15: comm syz.7.2275: mark_inode_dirty error [ 109.894060][ T9531] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #15: comm syz.7.2275: corrupted inode contents [ 109.907620][ T9531] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #15: comm syz.7.2275: mark_inode_dirty error [ 109.920792][ T9531] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #15: comm syz.7.2275: corrupted inode contents [ 109.933464][ T9531] EXT4-fs error (device loop7): ext4_truncate:4666: inode #15: comm syz.7.2275: mark_inode_dirty error [ 109.947060][ T9531] EXT4-fs error (device loop7) in ext4_setattr:6071: Corrupt filesystem [ 109.957703][ T9537] EXT4-fs error (device loop7): ext4_do_update_inode:5653: inode #15: comm syz.7.2275: corrupted inode contents [ 109.986691][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.061551][ T9551] netlink: zone id is out of range [ 110.066989][ T9551] netlink: zone id is out of range [ 110.092068][ T9551] netlink: del zone limit has 8 unknown bytes [ 110.196456][ T9576] loop7: detected capacity change from 0 to 128 [ 110.254744][ T9586] batadv_slave_1: entered promiscuous mode [ 110.262570][ T9585] batadv_slave_1: left promiscuous mode [ 110.484199][ T9626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.517436][ T9626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.040887][ T9672] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 111.040887][ T9672] program syz.8.2338 not setting count and/or reply_len properly [ 111.334064][ T9702] loop8: detected capacity change from 0 to 1024 [ 111.342216][ T9702] EXT4-fs: Ignoring removed orlov option [ 111.348752][ T9702] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.385506][ T9702] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.413827][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 111.458534][ T9721] veth0: entered promiscuous mode [ 111.789640][ T9768] loop8: detected capacity change from 0 to 1024 [ 111.800845][ T9768] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.814309][ T9768] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 111.829284][ T9768] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 111.841567][ T9768] EXT4-fs (loop8): This should not happen!! Data will be lost [ 111.841567][ T9768] [ 111.851355][ T9768] EXT4-fs (loop8): Total free blocks count 0 [ 111.857400][ T9768] EXT4-fs (loop8): Free/Dirty block details [ 111.863335][ T9768] EXT4-fs (loop8): free_blocks=20480 [ 111.868670][ T9768] EXT4-fs (loop8): dirty_blocks=16 [ 111.873797][ T9768] EXT4-fs (loop8): Block reservation details [ 111.879867][ T9768] EXT4-fs (loop8): i_reserved_data_blocks=1 [ 111.901343][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.384244][ T9821] pim6reg: entered allmulticast mode [ 112.394919][ T9821] pim6reg: left allmulticast mode [ 112.452840][ T9827] binfmt_misc: register: failed to install interpreter file ./file2 [ 112.888031][ T9859] __nla_validate_parse: 15 callbacks suppressed [ 112.888051][ T9859] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2424'. [ 112.941886][ T9859] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2424'. [ 113.205262][ T9893] loop7: detected capacity change from 0 to 512 [ 113.269742][ T9893] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 113.310742][ T9893] EXT4-fs (loop7): 1 truncate cleaned up [ 113.318169][ T9893] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.390074][ T9918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2448'. [ 113.399353][ T9918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2448'. [ 113.414965][ T9918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2448'. [ 113.424041][ T9918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2448'. [ 113.439351][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.552047][ T9918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2448'. [ 113.561146][ T9918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2448'. [ 113.674539][ T9952] netlink: 268 bytes leftover after parsing attributes in process `syz.1.2459'. [ 113.744151][ T29] kauditd_printk_skb: 244 callbacks suppressed [ 113.744167][ T29] audit: type=1326 audit(1754724154.872:3098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9957 comm="syz.7.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 113.773926][ T29] audit: type=1326 audit(1754724154.872:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9957 comm="syz.7.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 113.797483][ T29] audit: type=1326 audit(1754724154.872:3100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9957 comm="syz.7.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 113.821001][ T29] audit: type=1326 audit(1754724154.872:3101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9957 comm="syz.7.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 113.844484][ T29] audit: type=1326 audit(1754724154.872:3102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9957 comm="syz.7.2464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f427c86ebe9 code=0x7ffc0000 [ 113.891924][ T9960] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2465'. [ 113.903371][ T9960] IPVS: Error joining to the multicast group [ 113.951720][ T9968] loop6: detected capacity change from 0 to 512 [ 113.966286][ T29] audit: type=1400 audit(1754724155.105:3103): avc: denied { relabelfrom } for pid=9969 comm="syz.7.2471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 113.986314][ T29] audit: type=1400 audit(1754724155.105:3104): avc: denied { relabelto } for pid=9969 comm="syz.7.2471" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 114.081263][ T9968] EXT4-fs (loop6): too many log groups per flexible block group [ 114.089192][ T9968] EXT4-fs (loop6): failed to initialize mballoc (-12) [ 114.136273][ T9968] EXT4-fs (loop6): mount failed [ 114.165711][ T29] audit: type=1400 audit(1754724155.327:3105): avc: denied { mount } for pid=9981 comm="syz.8.2474" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 114.247291][ T29] audit: type=1400 audit(1754724155.380:3106): avc: denied { unmount } for pid=4427 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 114.291090][ T29] audit: type=1326 audit(1754724155.454:3107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9985 comm="syz.6.2478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66a82cebe9 code=0x7ffc0000 [ 114.379136][T10001] loop6: detected capacity change from 0 to 1024 [ 114.403092][T10001] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.492857][ T4323] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.077961][T10080] loop6: detected capacity change from 0 to 512 [ 115.114846][T10080] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.136966][T10080] ext4 filesystem being mounted at /441/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 115.274312][ T4323] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.397030][T10102] bond2: entered promiscuous mode [ 115.402132][T10102] bond2: entered allmulticast mode [ 115.454640][T10102] 8021q: adding VLAN 0 to HW filter on device bond2 [ 115.498607][T10102] bond2 (unregistering): Released all slaves [ 115.627579][T10126] loop8: detected capacity change from 0 to 512 [ 115.636422][T10126] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.649324][T10126] ext4 filesystem being mounted at /413/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 115.683870][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.855658][T10151] netlink: 'syz.8.2548': attribute type 1 has an invalid length. [ 116.710571][T10239] netem: change failed [ 116.715347][T10242] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 116.779320][T10252] netdevsim netdevsim8: Direct firmware load for ./file0 failed with error -2 [ 116.872948][T10258] netlink: 'syz.8.2596': attribute type 21 has an invalid length. [ 117.026472][T10286] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 117.097730][T10296] IPVS: Error connecting to the multicast addr [ 117.440187][T10346] loop7: detected capacity change from 0 to 1024 [ 117.447432][T10346] EXT4-fs: Ignoring removed bh option [ 117.465394][T10346] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.504573][ T4373] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.777610][ T8021] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.865913][ T8021] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.932658][ T8021] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.029154][ T8021] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.076955][ T8021] dummy0: left allmulticast mode [ 118.082070][ T8021] bridge0: port 3(dummy0) entered disabled state [ 118.089670][ T8021] bridge_slave_1: left allmulticast mode [ 118.095411][ T8021] bridge_slave_1: left promiscuous mode [ 118.101095][ T8021] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.109024][ T8021] bridge_slave_0: left allmulticast mode [ 118.114846][ T8021] bridge_slave_0: left promiscuous mode [ 118.120536][ T8021] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.157091][ T8021] bond2 (unregistering): (slave ip6gre1): Releasing backup interface [ 118.165314][ T8021] ip6gre1 (unregistering): left promiscuous mode [ 118.218064][ T8021]  (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.227371][ T8021]  (unregistering): Released all slaves [ 118.236186][ T8021] bond1 (unregistering): (slave batadv1): Releasing active interface [ 118.245264][ T8021] bond1 (unregistering): Released all slaves [ 118.254473][ T8021] bond2 (unregistering): Released all slaves [ 118.284878][ T8021] tipc: Left network mode [ 118.308216][ T8021] hsr_slave_0: left promiscuous mode [ 118.314237][ T8021] hsr_slave_1: left promiscuous mode [ 118.319882][ T8021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.327352][ T8021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.334922][ T8021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.342460][ T8021] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.352721][ T8021] veth1_macvtap: left promiscuous mode [ 118.358231][ T8021] veth0_macvtap: left promiscuous mode [ 118.363765][ T8021] veth1_vlan: left promiscuous mode [ 118.369021][ T8021] veth0_vlan: left promiscuous mode [ 118.440958][ T8021] team0 (unregistering): Port device team_slave_1 removed [ 118.450928][ T8021] team0 (unregistering): Port device team_slave_0 removed [ 118.481182][ T3478] infiniband syz1: ib_query_port failed (-19) [ 118.638170][ T29] kauditd_printk_skb: 97 callbacks suppressed [ 118.638256][ T29] audit: type=1400 audit(1754724389.037:3205): avc: denied { mounton } for pid=10387 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 118.779271][ T8021] ------------[ cut here ]------------ [ 118.784781][ T8021] WARNING: CPU: 0 PID: 8021 at net/ipv6/xfrm6_tunnel.c:341 xfrm6_tunnel_net_exit+0x94/0x100 [ 118.791013][T10387] chnl_net:caif_netlink_parms(): no params data found [ 118.795133][ T8021] Modules linked in: [ 118.805878][ T8021] CPU: 0 UID: 0 PID: 8021 Comm: kworker/u8:54 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 118.819964][ T8021] Tainted: [W]=WARN [ 118.823805][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 118.833960][ T8021] Workqueue: netns cleanup_net [ 118.838859][ T8021] RIP: 0010:xfrm6_tunnel_net_exit+0x94/0x100 [ 118.844973][ T8021] Code: 02 65 ab fc 4b 83 3c 3e 00 75 19 e8 e6 93 90 fc 49 81 ff f8 07 00 00 74 1d e8 d8 93 90 fc 49 83 c7 08 eb d7 e8 cd 93 90 fc 90 <0f> 0b 90 49 81 ff f8 07 00 00 75 e3 49 81 c6 00 08 00 00 31 db 49 [ 118.864955][ T8021] RSP: 0018:ffffc9000a813c78 EFLAGS: 00010293 [ 118.871090][ T8021] RAX: ffffffff84c765f3 RBX: ffff8881181f97c0 RCX: ffff88811b5f5280 [ 118.879249][ T8021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888118350000 [ 118.887261][ T8021] RBP: ffffffff86c93920 R08: 0001ffff86847f7f R09: 0000000000000000 [ 118.895301][ T8021] R10: ffff88811b5f5300 R11: 0000000000001000 R12: ffffffff86c93940 [ 118.903325][ T8021] R13: ffff8881181f97e8 R14: ffff888118350000 R15: 0000000000000000 [ 118.911407][ T8021] FS: 0000000000000000(0000) GS:ffff8882aee44000(0000) knlGS:0000000000000000 [ 118.920357][ T8021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.926970][ T8021] CR2: 00007f7299d64e9c CR3: 00000001091b2000 CR4: 00000000003506f0 [ 118.935115][ T8021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 118.943138][ T8021] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 118.951187][ T8021] Call Trace: [ 118.954560][ T8021] [ 118.957495][ T8021] ops_undo_list+0x27b/0x410 [ 118.962151][ T8021] cleanup_net+0x2de/0x4d0 [ 118.966599][ T8021] process_scheduled_works+0x4ce/0x9d0 [ 118.972150][ T8021] worker_thread+0x582/0x770 [ 118.976844][ T8021] kthread+0x486/0x510 [ 118.980935][ T8021] ? finish_task_switch+0xad/0x2b0 [ 118.986109][ T8021] ? __pfx_worker_thread+0x10/0x10 [ 118.991282][ T8021] ? __pfx_kthread+0x10/0x10 [ 118.995935][ T8021] ret_from_fork+0xda/0x150 [ 119.000494][ T8021] ? __pfx_kthread+0x10/0x10 [ 119.005125][ T8021] ret_from_fork_asm+0x1a/0x30 [ 119.009965][ T8021] [ 119.013007][ T8021] ---[ end trace 0000000000000000 ]--- [ 119.019352][ T8021] ------------[ cut here ]------------ [ 119.024863][ T8021] WARNING: CPU: 0 PID: 8021 at net/ipv6/xfrm6_tunnel.c:344 xfrm6_tunnel_net_exit+0xd8/0x100 [ 119.035157][ T8021] Modules linked in: [ 119.039056][ T8021] CPU: 0 UID: 0 PID: 8021 Comm: kworker/u8:54 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 119.053047][ T8021] Tainted: [W]=WARN [ 119.056935][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 119.067029][ T8021] Workqueue: netns cleanup_net [ 119.071914][ T8021] RIP: 0010:xfrm6_tunnel_net_exit+0xd8/0x100 [ 119.077994][ T8021] Code: be 64 ab fc 49 83 3c 1e 00 75 19 e8 a2 93 90 fc 48 81 fb f8 07 00 00 74 1d e8 94 93 90 fc 48 83 c3 08 eb d7 e8 89 93 90 fc 90 <0f> 0b 90 48 81 fb f8 07 00 00 75 e3 e8 77 93 90 fc 5b 41 5e 41 5f [ 119.097630][ T8021] RSP: 0018:ffffc9000a813c78 EFLAGS: 00010293 [ 119.103812][ T8021] RAX: ffffffff84c76637 RBX: 0000000000000008 RCX: ffff88811b5f5280 [ 119.111797][ T8021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888118350808 [ 119.119851][ T8021] RBP: ffffffff86c93920 R08: 0001ffff86847f7f R09: 0000000000000000 [ 119.127843][ T8021] R10: ffff88811b5f5300 R11: 0000000000001000 R12: ffffffff86c93940 [ 119.135914][ T8021] R13: ffff8881181f97e8 R14: ffff888118350800 R15: 00000000000007f8 [ 119.143918][ T8021] FS: 0000000000000000(0000) GS:ffff8882aee44000(0000) knlGS:0000000000000000 [ 119.152872][ T8021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.159556][ T8021] CR2: 00007f7299d64e9c CR3: 00000001091b2000 CR4: 00000000003506f0 [ 119.167552][ T8021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.175670][ T8021] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 119.183694][ T8021] Call Trace: [ 119.187008][ T8021] [ 119.189966][ T8021] ops_undo_list+0x27b/0x410 [ 119.194708][ T8021] cleanup_net+0x2de/0x4d0 [ 119.199212][ T8021] process_scheduled_works+0x4ce/0x9d0 [ 119.204702][ T8021] worker_thread+0x582/0x770 [ 119.209347][ T8021] kthread+0x486/0x510 [ 119.213430][ T8021] ? finish_task_switch+0xad/0x2b0 [ 119.218603][ T8021] ? __pfx_worker_thread+0x10/0x10 [ 119.223835][ T8021] ? __pfx_kthread+0x10/0x10 [ 119.228449][ T8021] ret_from_fork+0xda/0x150 [ 119.232994][ T8021] ? __pfx_kthread+0x10/0x10 [ 119.237710][ T8021] ret_from_fork_asm+0x1a/0x30 [ 119.242523][ T8021] [ 119.245669][ T8021] ---[ end trace 0000000000000000 ]--- [ 119.257444][ T8021] IPVS: stop unused estimator thread 0... [ 119.268919][ T8021] ------------[ cut here ]------------ [ 119.274478][ T8021] WARNING: CPU: 1 PID: 8021 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0 [ 119.284091][ T8021] Modules linked in: [ 119.288041][ T8021] CPU: 1 UID: 0 PID: 8021 Comm: kworker/u8:54 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 119.301978][ T8021] Tainted: [W]=WARN [ 119.305791][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 119.315966][ T8021] Workqueue: netns cleanup_net [ 119.320763][ T8021] RIP: 0010:xfrm_state_fini+0x17c/0x1f0 [ 119.326314][ T8021] Code: 48 8d bb 30 0e 00 00 e8 82 10 bd fc 48 8b bb 30 0e 00 00 e8 46 91 c9 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 05 53 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 f7 52 a2 fc 90 0f 0b 90 4c 89 f7 e8 4b [ 119.346017][ T8021] RSP: 0018:ffffc9000a813c60 EFLAGS: 00010293 [ 119.352339][ T8021] RAX: ffffffff84b5a6bb RBX: ffff8881181f97c0 RCX: ffff88811b5f5280 [ 119.360420][ T8021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881181fa5c0 [ 119.368443][ T8021] RBP: ffffffff86c8b7a0 R08: 0001ffff86847f7f R09: 0000000000000000 [ 119.376463][ T8021] R10: ffffc9000a813be8 R11: 0001c9000a813be8 R12: ffffffff86c8b7c0 [ 119.384462][ T8021] R13: ffff8881181f97e8 R14: ffff8881181fa5c0 R15: ffff8881181f97c0 [ 119.392444][ T8021] FS: 0000000000000000(0000) GS:ffff8882aef44000(0000) knlGS:0000000000000000 [ 119.401420][ T8021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.408224][ T8021] CR2: 00007f07964c5e9c CR3: 000000011a290000 CR4: 00000000003506f0 [ 119.416215][ T8021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 119.424196][ T8021] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 119.432283][ T8021] Call Trace: [ 119.435772][ T8021] [ 119.438788][ T8021] xfrm_net_exit+0x2d/0x60 [ 119.443272][ T8021] ops_undo_list+0x27b/0x410 [ 119.447894][ T8021] cleanup_net+0x2de/0x4d0 [ 119.452437][ T8021] process_scheduled_works+0x4ce/0x9d0 [ 119.458010][ T8021] worker_thread+0x582/0x770 [ 119.462622][ T8021] kthread+0x486/0x510 [ 119.466767][ T8021] ? finish_task_switch+0xad/0x2b0 [ 119.471903][ T8021] ? __pfx_worker_thread+0x10/0x10 [ 119.477329][ T8021] ? __pfx_kthread+0x10/0x10 [ 119.481947][ T8021] ret_from_fork+0xda/0x150 [ 119.486516][ T8021] ? __pfx_kthread+0x10/0x10 [ 119.491120][ T8021] ret_from_fork_asm+0x1a/0x30 [ 119.495906][ T8021] [ 119.498922][ T8021] ---[ end trace 0000000000000000 ]--- [ 119.510180][T10387] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.517286][T10387] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.524568][T10387] bridge_slave_0: entered allmulticast mode [ 119.531099][T10387] bridge_slave_0: entered promiscuous mode [ 119.537890][T10387] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.545091][T10387] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.552341][T10387] bridge_slave_1: entered allmulticast mode [ 119.558863][T10387] bridge_slave_1: entered promiscuous mode [ 119.578614][ T8021] netdevsim netdevsim7 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.588988][ T8021] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.601421][T10387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.611768][T10387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.635217][T10387] team0: Port device team_slave_0 added [ 119.641709][T10387] team0: Port device team_slave_1 added [ 119.659482][ T8021] netdevsim netdevsim7 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.669854][ T8021] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.681879][T10387] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.688881][T10387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.715080][T10387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.726419][T10387] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.733390][T10387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.759393][T10387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 119.792516][ T8021] netdevsim netdevsim7 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.802888][ T8021] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.867266][ T8021] netdevsim netdevsim7 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 119.877683][ T8021] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.898908][ T29] audit: type=1326 audit(1754724390.349:3206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10414 comm="syz.8.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 119.914065][T10418] loop8: detected capacity change from 0 to 512 [ 119.922568][ T29] audit: type=1326 audit(1754724390.349:3207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10414 comm="syz.8.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 119.952217][ T29] audit: type=1326 audit(1754724390.349:3208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10414 comm="syz.8.2652" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 119.980030][T10387] hsr_slave_0: entered promiscuous mode [ 119.986983][T10387] hsr_slave_1: entered promiscuous mode [ 119.993538][T10418] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 119.995021][T10387] debugfs: 'hsr0' already exists in 'hsr' [ 120.006236][T10418] ext4 filesystem being mounted at /454/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 120.011868][T10387] Cannot create hsr debugfs directory [ 120.048230][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.115895][ T8021] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.190427][ T8021] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.238007][T10445] loop8: detected capacity change from 0 to 164 [ 120.257151][ T29] audit: type=1400 audit(1754724390.738:3209): avc: denied { mount } for pid=10443 comm="syz.8.2660" name="/" dev="loop8" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 120.263793][ T8021] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.285314][T10445] bio_check_eod: 17 callbacks suppressed [ 120.285335][T10445] syz.8.2660: attempt to access beyond end of device [ 120.285335][T10445] loop8: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 120.309771][T10445] syz.8.2660: attempt to access beyond end of device [ 120.309771][T10445] loop8: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 120.358137][ T29] audit: type=1400 audit(1754724390.832:3210): avc: denied { unmount } for pid=4427 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 120.401260][ T8021] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.420011][ T29] audit: type=1400 audit(1754724390.874:3211): avc: denied { name_bind } for pid=10453 comm="syz.8.2663" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 120.446757][ T29] audit: type=1400 audit(1754724390.937:3212): avc: denied { ioctl } for pid=10455 comm="+}[@" path="socket:[29199]" dev="sockfs" ino=29199 ioctlcmd=0x48cb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 120.483564][T10405] chnl_net:caif_netlink_parms(): no params data found [ 120.528070][ T29] audit: type=1326 audit(1754724391.011:3213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10459 comm="syz.9.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 120.551763][ T29] audit: type=1326 audit(1754724391.011:3214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10459 comm="syz.9.2666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 120.624984][T10405] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.632280][T10405] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.641552][T10405] bridge_slave_0: entered allmulticast mode [ 120.650404][T10405] bridge_slave_0: entered promiscuous mode [ 120.687132][T10405] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.694672][T10405] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.701246][T10477] SELinux: Context system_u:object is not valid (left unmapped). [ 120.721246][T10405] bridge_slave_1: entered allmulticast mode [ 120.727842][T10405] bridge_slave_1: entered promiscuous mode [ 120.747354][T10481] __nla_validate_parse: 10 callbacks suppressed [ 120.747369][T10481] netlink: 332 bytes leftover after parsing attributes in process `syz.8.2674'. [ 120.766155][T10411] chnl_net:caif_netlink_parms(): no params data found [ 120.786536][T10405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 120.805735][T10405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 120.816434][ T8021] dummy0: left allmulticast mode [ 120.821924][ T8021] bridge0: port 3(dummy0) entered disabled state [ 120.831396][ T8021] bridge_slave_1: left promiscuous mode [ 120.837154][ T8021] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.844998][ T8021] bridge_slave_0: left allmulticast mode [ 120.850726][ T8021] bridge_slave_0: left promiscuous mode [ 120.856494][ T8021] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.856746][T10489] SELinux: policydb version 0 does not match my version range 15-35 [ 120.872020][T10489] SELinux: failed to load policy [ 120.940877][ T8021] bond1 (unregistering): (slave ip6gre1): Releasing backup interface [ 120.950744][ T8021] ip6gre1 (unregistering): left promiscuous mode [ 121.037797][ T8019] smc: removing ib device syz2 [ 121.042912][ T8021] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.052029][ T8021] bond_slave_0: left allmulticast mode [ 121.059958][ T8021] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.070028][ T8021] bond_slave_1: left allmulticast mode [ 121.076766][ T8021] bond0 (unregistering): Released all slaves [ 121.085767][ T8021] bond1 (unregistering): Released all slaves [ 121.097366][ T8021] bond1 (unregistering): (slave ip6gre1): Releasing backup interface [ 121.105557][ T8021] ip6gre1 (unregistering): left promiscuous mode [ 121.199337][ T8021] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 121.208645][ T8021] bond_slave_0: left allmulticast mode [ 121.215575][ T8021] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 121.225168][ T8021] bond_slave_1: left allmulticast mode [ 121.231853][ T8021] bond0 (unregistering): Released all slaves [ 121.241283][ T8021] bond1 (unregistering): Released all slaves [ 121.266206][T10405] team0: Port device team_slave_0 added [ 121.322251][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2683'. [ 121.327598][T10405] team0: Port device team_slave_1 added [ 121.338188][T10504] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2683'. [ 121.402919][T10405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.409948][T10405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.436095][T10405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.496446][T10411] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.503755][T10411] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.512527][T10411] bridge_slave_0: entered allmulticast mode [ 121.523185][T10411] bridge_slave_0: entered promiscuous mode [ 121.532462][T10405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.539647][T10405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.565969][T10405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.580427][ T8021] hsr_slave_0: left promiscuous mode [ 121.586157][ T8021] hsr_slave_1: left promiscuous mode [ 121.591952][ T8021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.599429][ T8021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 121.607314][ T8021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 121.614787][ T8021] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 121.635265][ T8021] hsr_slave_0: left promiscuous mode [ 121.644558][ T8021] hsr_slave_1: left promiscuous mode [ 121.661176][ T8021] veth1_macvtap: left promiscuous mode [ 121.667300][ T8021] veth0_macvtap: left promiscuous mode [ 121.676771][ T8021] veth1_vlan: left promiscuous mode [ 121.683275][ T8021] veth1_macvtap: left promiscuous mode [ 121.689446][ T8021] veth0_macvtap: left promiscuous mode [ 121.695128][ T8021] veth1_vlan: left promiscuous mode [ 121.700421][ T8021] veth0_vlan: left promiscuous mode [ 121.806184][T10536] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2697'. [ 121.825654][ T8021] team0 (unregistering): Port device team_slave_1 removed [ 121.836207][ T8021] team0 (unregistering): Port device team_slave_0 removed [ 121.897366][ T8021] team0 (unregistering): Port device team_slave_1 removed [ 121.907304][ T8021] team0 (unregistering): Port device team_slave_0 removed [ 121.938480][T10411] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.945762][T10411] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.952990][T10411] bridge_slave_1: entered allmulticast mode [ 121.959777][T10411] bridge_slave_1: entered promiscuous mode [ 121.990349][T10411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.003443][T10411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.058144][T10405] hsr_slave_0: entered promiscuous mode [ 122.065889][T10405] hsr_slave_1: entered promiscuous mode [ 122.077984][T10411] team0: Port device team_slave_0 added [ 122.083920][T10546] netdevsim netdevsim9: loading /lib/firmware/. failed with error -22 [ 122.084705][T10411] team0: Port device team_slave_1 added [ 122.092174][T10546] netdevsim netdevsim9: Direct firmware load for . failed with error -22 [ 122.119241][T10411] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.126293][T10411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.152383][T10411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.183212][T10411] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.190254][T10411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.216207][T10411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.270878][T10411] hsr_slave_0: entered promiscuous mode [ 122.289072][T10411] hsr_slave_1: entered promiscuous mode [ 122.295287][T10411] debugfs: 'hsr0' already exists in 'hsr' [ 122.301035][T10411] Cannot create hsr debugfs directory [ 122.365542][T10387] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 122.387825][T10387] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 122.399017][T10572] netlink: 'syz.9.2713': attribute type 10 has an invalid length. [ 122.410260][T10387] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 122.421238][T10387] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 122.432580][T10572] team0: Port device hsr_slave_0 added [ 122.438918][T10574] vhci_hcd: invalid port number 96 [ 122.444223][T10574] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 122.478772][T10582] Invalid ELF header magic: != ELF [ 122.513721][T10588] loop8: detected capacity change from 0 to 1024 [ 122.524537][ T8021] IPVS: stop unused estimator thread 0... [ 122.527046][T10588] EXT4-fs: Ignoring removed orlov option [ 122.545108][T10588] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.552869][ T8021] ------------[ cut here ]------------ [ 122.563233][ T8021] WARNING: CPU: 1 PID: 8021 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0 [ 122.572919][ T8021] Modules linked in: [ 122.576877][ T8021] CPU: 1 UID: 0 PID: 8021 Comm: kworker/u8:54 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 122.590855][ T8021] Tainted: [W]=WARN [ 122.594671][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 122.604782][ T8021] Workqueue: netns cleanup_net [ 122.609684][ T8021] RIP: 0010:xfrm_state_fini+0x17c/0x1f0 [ 122.615295][ T8021] Code: 48 8d bb 30 0e 00 00 e8 82 10 bd fc 48 8b bb 30 0e 00 00 e8 46 91 c9 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 05 53 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 f7 52 a2 fc 90 0f 0b 90 4c 89 f7 e8 4b [ 122.617129][T10387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.635144][ T8021] RSP: 0018:ffffc9000a813c60 EFLAGS: 00010293 [ 122.647806][ T8021] RAX: ffffffff84b5a6bb RBX: ffff8881181fc740 RCX: ffff88811b5f5280 [ 122.655906][ T8021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881181fd540 [ 122.663898][ T8021] RBP: ffffffff86c8b7a0 R08: 0001ffff86847f7f R09: 0000000000000000 [ 122.671969][ T8021] R10: ffffc9000a813be8 R11: 0001c9000a813be8 R12: ffffffff86c8b7c0 [ 122.680078][ T8021] R13: ffff8881181fc768 R14: ffff8881181fd540 R15: ffff8881181fc740 [ 122.688173][ T8021] FS: 0000000000000000(0000) GS:ffff8882aef44000(0000) knlGS:0000000000000000 [ 122.697221][ T8021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 122.703961][ T8021] CR2: 000000110c272d22 CR3: 00000001091b2000 CR4: 00000000003506f0 [ 122.712013][ T8021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 122.715295][T10387] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.720064][ T8021] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 122.734814][ T8021] Call Trace: [ 122.738184][ T8021] [ 122.741232][ T8021] xfrm_net_exit+0x2d/0x60 [ 122.745836][ T8021] ops_undo_list+0x27b/0x410 [ 122.750684][ T8021] cleanup_net+0x2de/0x4d0 [ 122.755168][ T8021] process_scheduled_works+0x4ce/0x9d0 [ 122.760702][ T8021] worker_thread+0x582/0x770 [ 122.765326][ T8021] kthread+0x486/0x510 [ 122.766061][ T7978] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.769497][ T8021] ? finish_task_switch+0xad/0x2b0 [ 122.776502][ T7978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.781610][ T8021] ? __pfx_worker_thread+0x10/0x10 [ 122.793972][ T8021] ? __pfx_kthread+0x10/0x10 [ 122.798654][ T8021] ret_from_fork+0xda/0x150 [ 122.803255][ T8021] ? __pfx_kthread+0x10/0x10 [ 122.807922][ T8021] ret_from_fork_asm+0x1a/0x30 [ 122.812723][ T8021] [ 122.815783][ T8021] ---[ end trace 0000000000000000 ]--- [ 122.831993][T10387] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 122.842540][T10387] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 122.859362][ T7978] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.866487][ T7978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.886476][ T8021] ------------[ cut here ]------------ [ 122.891977][ T8021] WARNING: CPU: 0 PID: 8021 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0 [ 122.901755][ T8021] Modules linked in: [ 122.905782][ T8021] CPU: 0 UID: 0 PID: 8021 Comm: kworker/u8:54 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 122.919787][ T8021] Tainted: [W]=WARN [ 122.923727][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 122.933894][ T8021] Workqueue: netns cleanup_net [ 122.938759][ T8021] RIP: 0010:xfrm_state_fini+0x17c/0x1f0 [ 122.944372][ T8021] Code: 48 8d bb 30 0e 00 00 e8 82 10 bd fc 48 8b bb 30 0e 00 00 e8 46 91 c9 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 05 53 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 f7 52 a2 fc 90 0f 0b 90 4c 89 f7 e8 4b [ 122.964260][ T8021] RSP: 0018:ffffc9000a813c60 EFLAGS: 00010293 [ 122.970424][ T8021] RAX: ffffffff84b5a6bb RBX: ffff888109b1df00 RCX: ffff88811b5f5280 [ 122.978469][ T8021] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888109b1ed00 [ 122.986476][ T8021] RBP: ffffffff86c8b7a0 R08: 0001ffff86847f7f R09: 0000000000000000 [ 122.994506][ T8021] R10: ffffc9000a813be8 R11: 0001c9000a813be8 R12: ffffffff86c8b7c0 [ 123.002636][ T8021] R13: ffff888109b1df28 R14: ffff888109b1ed00 R15: ffff888109b1df00 [ 123.010688][ T8021] FS: 0000000000000000(0000) GS:ffff8882aee44000(0000) knlGS:0000000000000000 [ 123.019701][ T8021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.026373][ T8021] CR2: 00007f8362a7df98 CR3: 0000000118d48000 CR4: 00000000003506f0 [ 123.034427][ T8021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.042488][ T8021] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 123.050539][ T8021] Call Trace: [ 123.053867][ T8021] [ 123.056846][ T8021] xfrm_net_exit+0x2d/0x60 [ 123.061356][ T8021] ops_undo_list+0x27b/0x410 [ 123.066064][ T8021] cleanup_net+0x2de/0x4d0 [ 123.070569][ T8021] process_scheduled_works+0x4ce/0x9d0 [ 123.076096][ T8021] worker_thread+0x582/0x770 [ 123.080736][ T8021] kthread+0x486/0x510 [ 123.084867][ T8021] ? finish_task_switch+0xad/0x2b0 [ 123.090061][ T8021] ? __pfx_worker_thread+0x10/0x10 [ 123.095337][ T8021] ? __pfx_kthread+0x10/0x10 [ 123.099951][ T8021] ret_from_fork+0xda/0x150 [ 123.104581][ T8021] ? __pfx_kthread+0x10/0x10 [ 123.109213][ T8021] ret_from_fork_asm+0x1a/0x30 [ 123.114041][ T8021] [ 123.117069][ T8021] ---[ end trace 0000000000000000 ]--- [ 123.226777][T10387] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.275306][T10405] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 123.299077][T10405] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 123.328259][T10405] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 123.338942][T10405] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 123.388931][T10608] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2720'. [ 123.478278][T10405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.495694][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.530552][T10387] veth0_vlan: entered promiscuous mode [ 123.544098][T10405] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.556272][T10411] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 123.567629][T10387] veth1_vlan: entered promiscuous mode [ 123.576988][ T7978] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.584100][ T7978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.603911][T10411] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 123.614143][T10411] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 123.624938][T10411] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 123.637001][ T7977] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.644228][ T7977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.685229][T10387] veth0_macvtap: entered promiscuous mode [ 123.702177][ T29] kauditd_printk_skb: 46 callbacks suppressed [ 123.702195][ T29] audit: type=1326 audit(1754724394.338:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10629 comm="syz.9.2725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 123.735205][ T29] audit: type=1326 audit(1754724394.380:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10629 comm="syz.9.2725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 123.759048][ T29] audit: type=1326 audit(1754724394.380:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10629 comm="syz.9.2725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 123.782717][ T29] audit: type=1326 audit(1754724394.380:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10629 comm="syz.9.2725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 123.807414][T10387] veth1_macvtap: entered promiscuous mode [ 123.840471][T10387] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.866470][T10411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.875555][T10387] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.887299][T10411] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.909913][ T7986] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.918966][ T7986] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.936914][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.944215][ T7986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.953209][ T2280] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.962241][ T2280] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.981864][ T2280] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.988996][ T2280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.000859][T10650] netlink: 32 bytes leftover after parsing attributes in process `syz.9.2729'. [ 124.002359][T10405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.036102][ T29] audit: type=1400 audit(1754724394.706:3265): avc: denied { mounton } for pid=10387 comm="syz-executor" path="/root/syzkaller.MpezzG/syz-tmp" dev="sda1" ino=2059 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 124.080673][T10411] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.091274][ T29] audit: type=1400 audit(1754724394.727:3266): avc: denied { mounton } for pid=10387 comm="syz-executor" path="/root/syzkaller.MpezzG/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 124.118397][ T29] audit: type=1400 audit(1754724394.727:3267): avc: denied { mounton } for pid=10387 comm="syz-executor" path="/root/syzkaller.MpezzG/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=30010 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 124.146246][ T29] audit: type=1400 audit(1754724394.737:3268): avc: denied { mounton } for pid=10387 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 124.169409][ T29] audit: type=1400 audit(1754724394.737:3269): avc: denied { mount } for pid=10387 comm="syz-executor" name="/" dev="gadgetfs" ino=4560 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 124.188486][T10411] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.261133][T10405] veth0_vlan: entered promiscuous mode [ 124.272079][T10405] veth1_vlan: entered promiscuous mode [ 124.296344][T10405] veth0_macvtap: entered promiscuous mode [ 124.305590][T10405] veth1_macvtap: entered promiscuous mode [ 124.323153][T10405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.344416][T10405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.371585][ T7977] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.404513][ T2280] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.432716][ T7977] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.455851][T10411] veth0_vlan: entered promiscuous mode [ 124.461610][ T7977] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.463356][T10405] block device autoloading is deprecated and will be removed. [ 124.473260][T10411] veth1_vlan: entered promiscuous mode [ 124.501206][T10694] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2645'. [ 124.553942][T10411] veth0_macvtap: entered promiscuous mode [ 124.567343][T10411] veth1_macvtap: entered promiscuous mode [ 124.584471][T10411] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.611885][T10704] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 124.625916][T10411] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.639229][T10707] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2742'. [ 124.641825][ T1455] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.684997][ T8021] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.727804][ T8021] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.739948][ T8021] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.763310][T10716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2746'. [ 124.873983][ T29] audit: type=1326 audit(1754724395.577:3270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10724 comm="syz.9.2749" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39018cebe9 code=0x7ffc0000 [ 124.980898][T10736] vxcan1: entered allmulticast mode [ 125.156904][T10758] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 125.167199][T10758] SELinux: failed to load policy [ 125.220481][T10405] block device autoloading is deprecated and will be removed. [ 125.253566][T10766] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2769'. [ 125.352482][T10785] loop3: detected capacity change from 0 to 1024 [ 125.371867][T10785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.452406][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.679956][T10838] __nla_validate_parse: 4 callbacks suppressed [ 125.679974][T10838] netlink: 256 bytes leftover after parsing attributes in process `syz.5.2800'. [ 126.360752][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360778][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360829][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360863][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360914][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360942][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360970][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.360996][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.361018][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.361115][ T36] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 126.363212][ T36] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz0] on syz1 [ 126.588167][T10898] netlink: 'syz.3.2826': attribute type 21 has an invalid length. [ 126.633100][T10905] loop4: detected capacity change from 0 to 128 [ 126.660569][T10905] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 126.681405][T10905] ext4 filesystem being mounted at /11/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 126.723562][T10905] EXT4-fs warning (device loop4): ext4_dirblock_csum_verify:375: inode #2: comm syz.4.2829: No space for directory leaf checksum. Please run e2fsck -D. [ 126.738979][T10905] EXT4-fs error (device loop4): __ext4_find_entry:1626: inode #2: comm syz.4.2829: checksumming directory block 0 [ 126.781872][T10411] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 126.820707][T10921] loop3: detected capacity change from 0 to 512 [ 126.836174][T10930] netlink: 268 bytes leftover after parsing attributes in process `syz.8.2839'. [ 126.854207][T10921] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 126.871785][T10921] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.2836: invalid indirect mapped block 8 (level 2) [ 126.893757][T10921] EXT4-fs (loop3): Remounting filesystem read-only [ 126.900635][T10921] EXT4-fs (loop3): 1 truncate cleaned up [ 126.921453][T10921] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.952818][T10944] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2841'. [ 126.973767][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.992729][T10944] vxlan0: entered promiscuous mode [ 127.010983][ T7986] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.020801][ T7986] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.031848][ T7986] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.062501][T10953] netlink: 'syz.3.2846': attribute type 3 has an invalid length. [ 127.070355][T10953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2846'. [ 127.074798][ T7986] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.395139][T10992] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2865'. [ 127.416346][T10996] loop3: detected capacity change from 0 to 512 [ 127.446244][T10996] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.482369][T10996] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.507174][T11007] loop8: detected capacity change from 0 to 512 [ 127.532701][T11007] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 127.546694][T11008] SELinux: ebitmap: truncated map [ 127.553213][T11007] EXT4-fs (loop8): 1 truncate cleaned up [ 127.559410][T11007] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.572908][T11008] SELinux: failed to load policy [ 127.574037][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.629435][T11016] syz_tun: entered promiscuous mode [ 127.633052][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.636044][T11016] batadv_slave_0: entered promiscuous mode [ 127.650652][T11016] hsr1: entered allmulticast mode [ 127.655770][T11016] syz_tun: entered allmulticast mode [ 127.661147][T11016] batadv_slave_0: entered allmulticast mode [ 127.668820][T11018] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 127.868079][T11046] loop5: detected capacity change from 0 to 512 [ 127.879307][T11042] ALSA: seq fatal error: cannot create timer (-19) [ 127.910688][T11046] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 127.939111][T11046] EXT4-fs (loop5): 1 truncate cleaned up [ 128.125670][T11070] loop4: detected capacity change from 0 to 256 [ 128.155838][T11074] loop8: detected capacity change from 0 to 128 [ 128.171312][T11074] ext4 filesystem being mounted at /511/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 128.269379][T11087] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11087 comm=syz.4.2907 [ 128.281982][T11087] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11087 comm=syz.4.2907 [ 128.302582][T11089] netlink: 'syz.3.2908': attribute type 3 has an invalid length. [ 128.397717][T11101] atomic_op ffff88810399f128 conn xmit_atomic 0000000000000000 [ 128.406927][T11108] loop5: detected capacity change from 0 to 512 [ 128.468955][ T29] kauditd_printk_skb: 224 callbacks suppressed [ 128.468973][ T29] audit: type=1400 audit(1754724399.356:3495): avc: denied { create } for pid=11115 comm="syz.5.2919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 128.476474][ T29] audit: type=1400 audit(1754724399.367:3496): avc: denied { listen } for pid=11115 comm="syz.5.2919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 128.476569][ T29] audit: type=1400 audit(1754724399.367:3497): avc: denied { accept } for pid=11115 comm="syz.5.2919" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 128.530817][ T29] audit: type=1400 audit(1754724399.409:3498): avc: denied { ioctl } for pid=11117 comm="syz.8.2920" path="socket:[32962]" dev="sockfs" ino=32962 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 128.561085][ T29] audit: type=1326 audit(1754724399.419:3499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11120 comm="syz.8.2921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 128.561126][ T29] audit: type=1326 audit(1754724399.419:3500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11120 comm="syz.8.2921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 128.561202][ T29] audit: type=1326 audit(1754724399.451:3501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11120 comm="syz.8.2921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 128.561238][ T29] audit: type=1326 audit(1754724399.451:3502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11120 comm="syz.8.2921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 128.561269][ T29] audit: type=1326 audit(1754724399.451:3503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11120 comm="syz.8.2921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 128.561304][ T29] audit: type=1326 audit(1754724399.451:3504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11120 comm="syz.8.2921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f836403ebe9 code=0x7ffc0000 [ 128.756563][T11134] batadv_slave_1: entered promiscuous mode [ 128.789660][T11133] batadv_slave_1: left promiscuous mode [ 128.887438][T11141] ALSA: seq fatal error: cannot create timer (-19) [ 129.057821][T11160] netlink: 'syz.8.2938': attribute type 1 has an invalid length. [ 129.197683][T10405] block device autoloading is deprecated and will be removed. [ 129.332733][T11189] bond2: entered promiscuous mode [ 129.338074][T11189] bond2: entered allmulticast mode [ 129.344155][T11189] 8021q: adding VLAN 0 to HW filter on device bond2 [ 129.357031][T11189] bond2 (unregistering): Released all slaves [ 129.590108][T11214] netlink: 'syz.8.2959': attribute type 13 has an invalid length. [ 129.590126][T11214] netlink: 172 bytes leftover after parsing attributes in process `syz.8.2959'. [ 129.600351][T11214] erspan0: refused to change device tx_queue_len [ 129.691784][T11222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2962'. [ 129.900334][T11248] SELinux: policydb version 0 does not match my version range 15-35 [ 129.900378][T11248] SELinux: failed to load policy [ 130.333002][T11277] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 130.344323][T11276] IPVS: stopping master sync thread 11277 ... [ 130.410349][T11288] loop8: detected capacity change from 0 to 1764 [ 130.760871][T11332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.760944][T11332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.888230][T11322] loop3: detected capacity change from 0 to 32768 [ 131.337602][T11364] program syz.5.3020 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.526584][T11398] loop3: detected capacity change from 0 to 1024 [ 131.534563][T11398] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 131.591475][T11398] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #3: block 1: comm syz.3.3028: lblock 1 mapped to illegal pblock 1 (length 1) [ 131.618211][T11398] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.3028: Failed to acquire dquot type 0 [ 131.641251][T11398] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.3028: Freeing blocks not in datazone - block = 0, count = 4096 [ 131.675813][T11398] EXT4-fs error (device loop3): ext4_read_inode_bitmap:139: comm syz.3.3028: Invalid inode bitmap blk 0 in block_group 0 [ 131.698500][ T7985] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:30: lblock 1 mapped to illegal pblock 1 (length 1) [ 131.713432][T11398] EXT4-fs error (device loop3) in ext4_free_inode:361: Corrupt filesystem [ 131.729103][T11398] EXT4-fs (loop3): 1 orphan inode deleted [ 131.736870][T11422] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3043'. [ 131.738877][ T7985] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:30: Failed to release dquot type 0 [ 131.776078][T11398] EXT4-fs mount: 6 callbacks suppressed [ 131.776099][T11398] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.810403][T11398] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.841245][T11431] openvswitch: netlink: Message has 6 unknown bytes. [ 131.937837][T11447] loop3: detected capacity change from 0 to 512 [ 131.950030][T11447] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 131.958959][T11447] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.3055: invalid indirect mapped block 8 (level 2) [ 131.973549][T11447] EXT4-fs (loop3): Remounting filesystem read-only [ 131.980230][T11447] EXT4-fs (loop3): 1 truncate cleaned up [ 131.988086][T11447] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.022614][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.062634][T11461] hub 9-0:1.0: USB hub found [ 132.067653][T11461] hub 9-0:1.0: 8 ports detected [ 132.352987][T11510] SELinux: Context system_u:object_r:inetd_var_run_t:s0 is not valid (left unmapped). [ 132.419613][T11520] netlink: 'syz.9.3088': attribute type 21 has an invalid length. [ 132.430781][T11520] netlink: 132 bytes leftover after parsing attributes in process `syz.9.3088'. [ 132.452402][T11525] loop4: detected capacity change from 0 to 128 [ 132.472832][T11525] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 132.488306][T11525] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 132.543151][T11534] loop8: detected capacity change from 0 to 1024 [ 132.561423][T10411] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 132.578794][T11534] EXT4-fs: Ignoring removed orlov option [ 132.604829][T11534] EXT4-fs (loop8): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 132.645009][T11534] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.687789][ T4427] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.121018][T11588] netlink: 'syz.5.3115': attribute type 2 has an invalid length. [ 133.128881][T11588] netlink: 'syz.5.3115': attribute type 1 has an invalid length. [ 133.136657][T11588] netlink: 199820 bytes leftover after parsing attributes in process `syz.5.3115'. [ 133.245049][T11598] loop5: detected capacity change from 0 to 512 [ 133.257803][T11598] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.272061][T11598] ext4 filesystem being mounted at /90/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 133.306019][T11598] EXT4-fs (loop5): shut down requested (1) [ 133.324395][T10387] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.341000][ T29] kauditd_printk_skb: 310 callbacks suppressed [ 133.341018][ T29] audit: type=1326 audit(1754724404.469:3812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.389316][ T29] audit: type=1326 audit(1754724404.500:3813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.412980][ T29] audit: type=1326 audit(1754724404.500:3814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.436642][ T29] audit: type=1326 audit(1754724404.500:3815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.460170][ T29] audit: type=1326 audit(1754724404.500:3816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.483730][ T29] audit: type=1326 audit(1754724404.500:3817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.507409][ T29] audit: type=1326 audit(1754724404.500:3818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.531032][ T29] audit: type=1326 audit(1754724404.500:3819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.554663][ T29] audit: type=1326 audit(1754724404.500:3820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.578260][ T29] audit: type=1326 audit(1754724404.500:3821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11601 comm="syz.5.3121" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f841eefebe9 code=0x7ffc0000 [ 133.715804][T11610] bond2: entered promiscuous mode [ 133.720918][T11610] bond2: entered allmulticast mode [ 133.735023][T11610] 8021q: adding VLAN 0 to HW filter on device bond2 [ 133.756274][T11610] bond2 (unregistering): Released all slaves [ 133.772843][T11617] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.783410][T11617] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.842131][T11617] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.852853][T11617] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.901121][T11640] loop8: detected capacity change from 0 to 512 [ 133.910970][T11639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3139'. [ 133.920165][T11639] netlink: 312 bytes leftover after parsing attributes in process `syz.4.3139'. [ 133.925175][T11640] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.929674][T11639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3139'. [ 133.943346][T11640] ext4 filesystem being mounted at /567/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 133.964868][T11617] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 133.975302][T11617] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.026188][ T4427] EXT4-fs error (device loop8): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816 [ 134.053962][T11646] loop3: detected capacity change from 0 to 1024 [ 134.063116][ T4427] EXT4-fs error (device loop8): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816 [ 134.077837][T11646] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.096414][T11617] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.107049][T11617] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.137094][T11650] bond1: entered promiscuous mode [ 134.142329][T11650] bond1: entered allmulticast mode [ 134.149410][T11650] 8021q: adding VLAN 0 to HW filter on device bond1 [ 134.170714][T11650] bond1 (unregistering): Released all slaves [ 134.179154][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.216411][ T3446] netdevsim netdevsim5 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.224703][ T3446] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.235973][ T3446] netdevsim netdevsim5 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.244263][ T3446] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.255487][ T3446] netdevsim netdevsim5 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.263777][ T3446] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.297374][ T3446] netdevsim netdevsim5 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 134.305700][ T3446] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.315487][T11659] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3147'. [ 134.400283][T11669] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3151'. [ 134.440732][T11669] 8021q: adding VLAN 0 to HW filter on device bond1 [ 134.460335][T11669] bond1: (slave batadv1): Opening slave failed [ 134.492434][ T6838] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.522822][T11681] SELinux: policydb version 0 does not match my version range 15-35 [ 134.538035][T11681] SELinux: failed to load policy [ 134.586128][T11687] loop4: detected capacity change from 0 to 1024 [ 134.602295][T11687] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.617672][T11687] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 134.634094][T11687] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 134.646500][T11687] EXT4-fs (loop4): This should not happen!! Data will be lost [ 134.646500][T11687] [ 134.650153][T11695] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3163'. [ 134.656263][T11687] EXT4-fs (loop4): Total free blocks count 0 [ 134.671175][T11687] EXT4-fs (loop4): Free/Dirty block details [ 134.677127][T11687] EXT4-fs (loop4): free_blocks=20480 [ 134.682429][T11687] EXT4-fs (loop4): dirty_blocks=16 [ 134.687705][T11687] EXT4-fs (loop4): Block reservation details [ 134.693692][T11687] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 134.715600][T10411] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.749257][ T7985] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.759584][T11700] loop4: detected capacity change from 0 to 1024 [ 134.768297][T11700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.803076][T10411] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.815319][ T7985] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.870920][ T7985] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.909181][ T7985] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.932986][T11717] loop4: detected capacity change from 0 to 512 [ 134.944180][T11717] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.960959][T11717] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 135.019239][ T7985] batman_adv: batadv0: Interface deactivated: gretap1 [ 135.030854][T10411] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.066134][ T7985] bond1 (unregistering): (slave ip6gre1): Releasing backup interface [ 135.074299][ T7985] ip6gre1 (unregistering): left promiscuous mode [ 135.102261][ T7985] batman_adv: batadv0: Removing interface: gretap1 [ 135.122808][ T7985] team0: Port device bond0 removed [ 135.130401][ T7985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.140672][ T7985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.150328][ T7985] bond0 (unregistering): Released all slaves [ 135.159289][ T7985] bond1 (unregistering): Released all slaves [ 135.174687][T11703] chnl_net:caif_netlink_parms(): no params data found [ 135.184951][T11734] loop4: detected capacity change from 0 to 128 [ 135.217283][ T7985] hsr_slave_0: left promiscuous mode [ 135.224060][ T7985] hsr_slave_1: left promiscuous mode [ 135.234533][ T7985] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 135.241984][ T7985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 135.250307][ T7985] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 135.257775][ T7985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 135.283687][ T7985] veth1_macvtap: left promiscuous mode [ 135.293439][ T7985] veth0_macvtap: left promiscuous mode [ 135.293655][T11746] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3178'. [ 135.300751][ T7985] veth1_vlan: left promiscuous mode [ 135.313365][ T7985] veth0_vlan: left promiscuous mode [ 135.384213][ T7985] team0 (unregistering): Port device team_slave_1 removed [ 135.397759][ T7985] team0 (unregistering): Port device C removed [ 135.417563][T11749] loop3: detected capacity change from 0 to 1024 [ 135.441150][T11749] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.468584][T11703] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.472857][T11749] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 135.475854][T11703] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.497536][T11703] bridge_slave_0: entered allmulticast mode [ 135.504145][T11703] bridge_slave_0: entered promiscuous mode [ 135.521986][T11703] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.529172][T11703] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.536530][T11703] bridge_slave_1: entered allmulticast mode [ 135.544105][T11703] bridge_slave_1: entered promiscuous mode [ 135.552718][T11749] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 135.565017][T11749] EXT4-fs (loop3): This should not happen!! Data will be lost [ 135.565017][T11749] [ 135.574804][T11749] EXT4-fs (loop3): Total free blocks count 0 [ 135.580922][T11749] EXT4-fs (loop3): Free/Dirty block details [ 135.586226][T11758] vhci_hcd: invalid port number 96 [ 135.586872][T11749] EXT4-fs (loop3): free_blocks=20480 [ 135.591998][T11758] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 135.604641][T11749] EXT4-fs (loop3): dirty_blocks=16 [ 135.609994][T11749] EXT4-fs (loop3): Block reservation details [ 135.616044][T11749] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 135.646212][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.647699][T11762] loop5: detected capacity change from 0 to 1024 [ 135.663921][T11762] EXT4-fs: Ignoring removed nomblk_io_submit option [ 135.665329][T11703] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.692229][T11762] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.706466][T11703] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.756146][T11703] team0: Port device team_slave_0 added [ 135.771546][T11703] team0: Port device team_slave_1 added [ 135.783285][T11775] loop3: detected capacity change from 0 to 512 [ 135.792747][T11775] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.805462][T11775] ext4 filesystem being mounted at /88/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 135.816747][T11703] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 135.823903][T11703] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.849934][T11703] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 135.862614][T11703] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 135.869694][T11703] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 135.895664][T11703] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 135.908365][T10405] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.919127][T10387] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.941324][T11703] hsr_slave_0: entered promiscuous mode [ 135.959547][T11703] hsr_slave_1: entered promiscuous mode [ 135.970119][T11703] debugfs: 'hsr0' already exists in 'hsr' [ 135.975939][T11703] Cannot create hsr debugfs directory [ 135.985775][ T7985] IPVS: stop unused estimator thread 0... [ 136.031486][ T7985] ------------[ cut here ]------------ [ 136.036990][ T7985] WARNING: CPU: 0 PID: 7985 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x17c/0x1f0 [ 136.046715][ T7985] Modules linked in: [ 136.050675][ T7985] CPU: 0 UID: 0 PID: 7985 Comm: kworker/u8:30 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 136.064640][ T7985] Tainted: [W]=WARN [ 136.068494][ T7985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 136.078611][ T7985] Workqueue: netns cleanup_net [ 136.083454][ T7985] RIP: 0010:xfrm_state_fini+0x17c/0x1f0 [ 136.089166][ T7985] Code: 48 8d bb 30 0e 00 00 e8 82 10 bd fc 48 8b bb 30 0e 00 00 e8 46 91 c9 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 05 53 a2 fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 f7 52 a2 fc 90 0f 0b 90 4c 89 f7 e8 4b [ 136.108864][ T7985] RSP: 0018:ffffc90001ae7c60 EFLAGS: 00010293 [ 136.115001][ T7985] RAX: ffffffff84b5a6bb RBX: ffff888109b1c740 RCX: ffff888113d21080 [ 136.123007][ T7985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888109b1d540 [ 136.131050][ T7985] RBP: ffffffff86c8b7a0 R08: 0001ffff86847f7f R09: 0000000000000000 [ 136.139114][ T7985] R10: ffffc90001ae7be8 R11: 0001c90001ae7be8 R12: ffffffff86c8b7c0 [ 136.147145][ T7985] R13: ffff888109b1c768 R14: ffff888109b1d540 R15: ffff888109b1c740 [ 136.155220][ T7985] FS: 0000000000000000(0000) GS:ffff8882aee44000(0000) knlGS:0000000000000000 [ 136.164573][ T7985] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 136.171186][ T7985] CR2: 0000200000362000 CR3: 000000011ab56000 CR4: 00000000003506f0 [ 136.179264][ T7985] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 136.187293][ T7985] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 136.195321][ T7985] Call Trace: [ 136.198622][ T7985] [ 136.201619][ T7985] xfrm_net_exit+0x2d/0x60 [ 136.206085][ T7985] ops_undo_list+0x27b/0x410 [ 136.210752][ T7985] cleanup_net+0x2de/0x4d0 [ 136.215225][ T7985] process_scheduled_works+0x4ce/0x9d0 [ 136.220822][ T7985] worker_thread+0x582/0x770 [ 136.225513][ T7985] kthread+0x486/0x510 [ 136.229639][ T7985] ? finish_task_switch+0xad/0x2b0 [ 136.234783][ T7985] ? __pfx_worker_thread+0x10/0x10 [ 136.240045][ T7985] ? __pfx_kthread+0x10/0x10 [ 136.244660][ T7985] ret_from_fork+0xda/0x150 [ 136.249325][ T7985] ? __pfx_kthread+0x10/0x10 [ 136.253952][ T7985] ret_from_fork_asm+0x1a/0x30 [ 136.258831][ T7985] [ 136.261864][ T7985] ---[ end trace 0000000000000000 ]--- [ 136.513675][T11794] loop5: detected capacity change from 0 to 1024 [ 136.535872][T11794] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 136.558293][T11797] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.568889][T11794] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 136.586069][T11802] netlink: 'syz.3.3210': attribute type 16 has an invalid length. [ 136.593989][T11802] netlink: 'syz.3.3210': attribute type 17 has an invalid length. [ 136.606453][T11794] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 5 with error 28 [ 136.618786][T11794] EXT4-fs (loop5): This should not happen!! Data will be lost [ 136.618786][T11794] [ 136.628452][T11794] EXT4-fs (loop5): Total free blocks count 0 [ 136.634525][T11794] EXT4-fs (loop5): Free/Dirty block details [ 136.640478][T11794] EXT4-fs (loop5): free_blocks=20480 [ 136.645778][T11794] EXT4-fs (loop5): dirty_blocks=16 [ 136.650944][T11794] EXT4-fs (loop5): Block reservation details [ 136.657017][T11794] EXT4-fs (loop5): i_reserved_data_blocks=1 [ 136.671167][T11797] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.759444][T10387] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.808647][T11802] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.815823][T11802] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.826215][T11802] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.833381][T11802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.893575][T11810] netlink: 28 bytes leftover after parsing attributes in process `syz.9.3203'. [ 136.965851][T11703] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 136.980923][T11703] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 137.009656][T11703] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 137.028543][T11703] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 137.118636][T11703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.134824][T11703] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.144145][ T8034] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.151295][ T8034] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.188678][ T7985] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.195886][ T7985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.286393][T11703] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 137.343643][T11852] vhci_hcd: invalid port number 96 [ 137.348872][T11852] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 137.388839][T11703] veth0_vlan: entered promiscuous mode [ 137.410570][T11703] veth1_vlan: entered promiscuous mode [ 137.430297][T11703] veth0_macvtap: entered promiscuous mode [ 137.468821][T11703] veth1_macvtap: entered promiscuous mode [ 137.483186][T11703] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 137.496814][T11703] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 137.522244][ T8034] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.561131][ T8034] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.577094][ T8034] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.586783][ T8034] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.608752][T11872] loop5: detected capacity change from 0 to 164 [ 137.629821][T11870] bond1: entered promiscuous mode [ 137.635051][T11870] bond1: entered allmulticast mode [ 137.646880][T11849] ================================================================== [ 137.655021][T11849] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 137.664266][T11849] [ 137.666606][T11849] write to 0xffff88813460e768 of 8 bytes by task 11835 on cpu 0: [ 137.674332][T11849] shmem_file_splice_read+0x470/0x600 [ 137.679742][T11849] splice_direct_to_actor+0x26f/0x680 [ 137.685157][T11849] do_splice_direct+0xda/0x150 [ 137.689943][T11849] do_sendfile+0x380/0x650 [ 137.694386][T11849] __x64_sys_sendfile64+0x105/0x150 [ 137.699604][T11849] x64_sys_call+0x2bb0/0x2ff0 [ 137.704314][T11849] do_syscall_64+0xd2/0x200 [ 137.708844][T11849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.714747][T11849] [ 137.717077][T11849] write to 0xffff88813460e768 of 8 bytes by task 11849 on cpu 1: [ 137.724881][T11849] shmem_file_splice_read+0x470/0x600 [ 137.730272][T11849] splice_direct_to_actor+0x26f/0x680 [ 137.735658][T11849] do_splice_direct+0xda/0x150 [ 137.740439][T11849] do_sendfile+0x380/0x650 [ 137.744875][T11849] __x64_sys_sendfile64+0x105/0x150 [ 137.750092][T11849] x64_sys_call+0x2bb0/0x2ff0 [ 137.754780][T11849] do_syscall_64+0xd2/0x200 [ 137.759304][T11849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.765214][T11849] [ 137.767547][T11849] value changed: 0x0000000000003a0a -> 0x0000000000003a0b [ 137.774667][T11849] [ 137.777003][T11849] Reported by Kernel Concurrency Sanitizer on: [ 137.783250][T11849] CPU: 1 UID: 0 PID: 11849 Comm: syz.9.3223 Tainted: G W 6.16.0-syzkaller-12245-g2988dfed8a5d #0 PREEMPT(voluntary) [ 137.797077][T11849] Tainted: [W]=WARN [ 137.800882][T11849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 137.810940][T11849] ================================================================== [ 137.825238][T11870] 8021q: adding VLAN 0 to HW filter on device bond1 [ 137.837576][T11870] bond1 (unregistering): Released all slaves [ 137.845243][T11872] syz.5.3226: attempt to access beyond end of device [ 137.845243][T11872] loop5: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 137.860239][T11872] syz.5.3226: attempt to access beyond end of device [ 137.860239][T11872] loop5: rw=0, sector=263328, nr_sectors = 4 limit=164