last executing test programs: 13.999837704s ago: executing program 1 (id=223): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) r2 = syz_io_uring_setup(0x7246, &(0x7f00000000c0)={0x0, 0x3236, 0x10000, 0x2, 0x19d}, &(0x7f00000001c0)=0x0, &(0x7f00000004c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000180)={0xfffffffffffffffd, r2, 0x20, {0x4, 0x20b}, 0xcc}, 0x1) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r1, 0x5, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000018110000a78fac42a97600b73e4300000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fgetxattr(r6, &(0x7f0000000740)=@known='user.incfs.id\x00', &(0x7f00000007c0)=""/47, 0x2f) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="14000000", @ANYRES64=r3, @ANYBLOB="000225bd7000fddbdf251800000058e11433b2b1ba648d32cf5fdfa2da1268f91bfe0b91eca05412067df87c97b7283316985776e66140776dbb583db779f5953f72cd426a0beb63c5ed4fcac322570da7cf437e36c3600425ac"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000180)={0xfffffffd, 0x0, 0x0, 'queue0\x00'}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x18) r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18) ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0}) r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r11, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) semget$private(0x0, 0x4, 0x503) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), r1) sendmsg$IPVS_CMD_SET_CONFIG(r11, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r12, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0xa}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x89}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x4) setsockopt$WPAN_WANTACK(r11, 0x0, 0x0, &(0x7f0000000000), 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x80000}, 0x100}) 13.266250826s ago: executing program 1 (id=228): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x13, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xaf) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 13.087670634s ago: executing program 1 (id=232): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000140), 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_mems\x00', 0x275a, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000080)={0x0, r1, 0x2, 0xffffffffffffffff, 0x0, 0x6}) 12.061980958s ago: executing program 1 (id=236): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = syz_open_dev$loop(&(0x7f0000000680), 0x9, 0x103480) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x5, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a01000000000b0000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x6e) 11.491270913s ago: executing program 1 (id=251): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1, &(0x7f00000000c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000640)="98", 0x1}], 0x1}}], 0x1, 0x2090) 11.189709786s ago: executing program 1 (id=254): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000004240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080)) 11.189350626s ago: executing program 32 (id=254): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000004240)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r1}, 0x18) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080)) 1.783238003s ago: executing program 4 (id=447): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) syz_emit_ethernet(0x2ce, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6ef5c98000282901fec0ffff000000000000ffffe0000001fe8000000000000000000000000000aa"], 0x0) 1.740761954s ago: executing program 4 (id=448): r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r2, 0x0, 0x8}, 0x18) sendfile(r1, r0, 0x0, 0x3a) 1.738854605s ago: executing program 5 (id=449): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000080)={0xb, 0x4690, 0x4}) 1.689686957s ago: executing program 4 (id=450): io_setup(0x4082, &(0x7f0000000380)=0x0) io_submit(r0, 0x0, 0x0) syz_io_uring_setup(0x100293f, &(0x7f0000001400)={0x0, 0x5839, 0x10, 0xfffffffc}, &(0x7f0000000080), &(0x7f00000014c0)) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='jbd2_end_commit\x00', r1, 0x0, 0xfffffffffffffffb}, 0x18) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f742f5f62726964676500140001007767320000000000000000000000000014000100766574683069746f5f7465616d00000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x4040895}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a2c000000180a01030000000000000000020000000900020073797a30000000000900010073797a3000000000140000000a00010000000000000000000300000a54662a3d15f6d156e08edea699144beb81513f173d4c831363d415fc4a4a42e81b968a89fcabf047606a569647387c982f261a76ebec420100fc74bf0f4859c667991de5c53146170ec63edd6ed7c454f5d9e8a87c24e2c7b95f1624f3b62da611d0cc5b5985bd96a305e3e899c28a182b8f3ec36ab8e12593db1e67a91da47ee1ea46e6f75919aeb9a6016ffeb72e97bdfde8ab06415b06a189959680ba164e810cee6e8fc0a6626a251953af3053ce6db26c36edb91c3b89e6c1a7bd6ff82b9e3b86a7e86b5616d41d7557721328a7f569a2e36c162b27b8718e63deb1dfd781bd7eacffb5e1d70845a96d0d3788ca476cfcb6a33f02c5f39879d648aece1893b5ec2deb9ebd745932d3e765800f9df13157290439ac8a05f26360a8a457245f7545908b206ce44aa911157abe"], 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000980)=ANY=[@ANYBLOB="1800000000000008000000000000000018110081", @ANYRES64, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) clock_nanosleep(0x7, 0x0, &(0x7f0000000580)={0x0, 0x3938700}, 0x0) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000080)=0x300, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) sendmsg$NL80211_CMD_RADAR_DETECT(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000008c0)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200027bd7000fedbdf255e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900030000000000000019010f000000"], 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x20000000) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='kfree\x00', r7, 0x0, 0xfffffffffffffffd}, 0x18) fcntl$lock(r2, 0x24, &(0x7f0000000640)={0x2, 0x4, 0x100, 0xffffffffffffffff}) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r5, 0x0, 0xfffd}, 0x18) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="2c0000003f00070dfeffffff00000000017c0000040077000c00038006"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0x4044000) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r10, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000007c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="03724e8dd59f0986c5", @ANYBLOB="24b0d0400000fbdbdf0200766574aeff"], 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x4008800) 1.453067947s ago: executing program 2 (id=452): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x80000}, 0x18) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01022dbd7000ffdb652520e7000109001f0070687931000000000a0001007770616e33000000050020"], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.444482517s ago: executing program 5 (id=453): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000a40)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000a80)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0xc5) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 1.337662552s ago: executing program 2 (id=455): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0) r1 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r1, &(0x7f0000001a00)={&(0x7f0000000280)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000e40)=[{&(0x7f0000000380)="5d09a11ccedb8037005290e2050e7e24", 0x10}], 0x1}, 0x4000) 1.316495463s ago: executing program 2 (id=459): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x20081e, &(0x7f0000000240)={[{@sysvgroups}, {@auto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsold}, {@acl}]}, 0x81, 0x502, &(0x7f0000000a00)="$eJzs3c9vI1cdAPCvnV9OmjZp6QEQokspLGi1TuJto6oHKCeEUCVEjyBtQ+KNothxFDulCXvY/g9IVOIER/4Azj3xJyC4cYEDEj8iULMSSFPNeLzrzdob7yaxs/HnI41m3ryxv+/t7rzn+W7iF8DYuhYR9yJiOiI+iIiF/Hwh3+Ld9pZe99nR3fXjo7vrhUiS9/9VyOrTc9H1mtQL+XuWIuLH34/4WeHxuM2Dw+21Wq261y7OLrXqu0vNg8ObW/W1zepmdadSWV1ZXX771luVc+vra/Xp9sFE2sBv/yJt1nxe192Pc/T/JDP1IE5qMiJ+eAHBRmEi78/0qBvCMylGxCsR8Xp2/y/ERPa3CQBcZUmyEMlCdxkAuOqKWQ6sUCznuYD5KBbL5XYO79WYK9YazdaNO439nY12rmwxpop3tmrV5TxXuBhThbS8kh0/LFdOlG9FxMsR8cuZ2axcXm/UNkb5wQcAxtgLJ+b//860538A4IorjboBAMDQmf8BYPyY/wFg/Jj/AWD8mP8BYPyY/wFg/Jj/AWCs/Oi999ItOc6//3rjw4P97caHNzeqze1yfX+9vN7Y2y1vNhqb2Xf21E97v1qjsbvyZux/tPid3WZrqXlweLve2N9p3c6+1/t2dWoovQIAnuTl1z79cyEi7r0zm23RtZaDuRqutuJZXjx7fu0Ahm9i1A0ARsZqXzC+zvCMLz0AV0SPJXofUXrkcT+/OkmS5GKbBVyg61+S/4dx1ZX/91PAMGbk/2F8DZr/Py0/ADx/kqQw6Jr/MeiFAMDlJscP9Hm+fyXf/y7/z4Gfbpy84pOLbBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcbp31f8v5WuDzUSyWyxEvRsRiTBXubNWqyxHxUkT8aWZqJi2vjLjNAMBZFf9eyNf/ur7wxvzJ2unC/ZlsHxE///X7v/pordXa+2N6/t8Pzrc+yc9XRtF+AOA0nXk623c9yH92dHe9sw2zPf/4XkSU2vGPj6bj+EH8yZjM9qWYioi5/xTycluhK3dxFvc+jogv9up/IeazHEh75dOT8dPYLw41fvGR+MWsrr1P/yy+8NSRk4VzaD481z5Nx593e91/xbiW7Xvf/6VshDq7fPxL32r9OBsDH8bvjH8Tfca/a4PGePMPP2gfzT5e93HElycjOrGPu8afTvxCn/hvDBj/L1/56uv96pLfRFyP3vG7Yy216rtLzYPDm1v1tc3qZnWnUlldWV1++9ZblaUsR73Ufzb45zs3XupXl/Z/rk/80in9/8aA/f/t/z74ydeeEP9bX+8VvxivPiF+Oid+c8D4a3O/L/WrS+Nv9Ox/R//+3xgw/l//dvjYsuEAwOg0Dw6312q16t4wDzofJIYa1MEVOEj/1VyCZvQ8+O6wYk3HU70qSZ4pVr8R4zyybsBl0L7Xk+peRNwfdWMAAAAAAAAAAAAAAICehvEbS6PuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfX5wEAAP//90HVog==") mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000180)='kfree\x00', 0xffffffffffffffff, 0x0, 0xf1c38fa000000000}, 0x18) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000001f40)={0x0, 0x2904c, 0x29, 0x10003, '\x00', [{0x0, 0x5, 0x2000, 0xffffffffffffffff}, {0xffffffff, 0x0, 0x9, 0xa}]}) 1.278894245s ago: executing program 5 (id=460): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="09000000040000000800000010"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800002d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8) 1.140341361s ago: executing program 5 (id=462): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="700000001000ffff25bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1720000021200000340012800c0001006d6163766c616e002400028008000300030000000800010010000000100005800a000400aaaaaaaaaaaa000008000500", @ANYRES32=r1, @ANYBLOB="140003"], 0x70}, 0x1, 0x0, 0x0, 0x1}, 0x8000002) 1.076146883s ago: executing program 3 (id=463): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000001ac0)={0x0, 0x500, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r1], 0x20}}, 0x0) 953.578169ms ago: executing program 4 (id=464): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000840)=@newqdisc={0x58, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0xd, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xffff, 0x7fffffff, 0x40, 0xb6, 0x4, 0x0, 0x0, 0x400, 0x6}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x8004001}, 0x0) 877.662362ms ago: executing program 2 (id=465): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) r1 = fcntl$dupfd(r0, 0x406, r0) write$cgroup_pid(r1, &(0x7f0000000240), 0xfdef) 761.843367ms ago: executing program 3 (id=466): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0x3}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 735.367218ms ago: executing program 5 (id=467): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) r2 = syz_io_uring_setup(0x7246, &(0x7f00000000c0)={0x0, 0x3236, 0x10000, 0x2, 0x19d}, &(0x7f00000001c0)=0x0, &(0x7f00000004c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000180)={0xfffffffffffffffd, r2, 0x20, {0x4, 0x20b}, 0xcc}, 0x1) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r1, 0x5, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000018110000a78fac42a97600b73e4300000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fgetxattr(r6, &(0x7f0000000740)=@known='user.incfs.id\x00', &(0x7f00000007c0)=""/47, 0x2f) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYRES64=r3, @ANYBLOB="000225bd7000fddbdf251800000058e11433b2b1ba648d32cf5fdfa2da1268f91bfe0b91eca05412067df87c97b7283316985776e66140776dbb583db779f5953f72cd426a0beb63c5ed4fcac322570da7cf437e36c3600425aca77d36ee62e71220529618bcd76ed39b2d639698a251edc5367c7c3d78"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000180)={0xfffffffd, 0x0, 0x0, 'queue0\x00'}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x18) r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18) ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0}) r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r11, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) semget$private(0x0, 0x4, 0x503) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), r1) sendmsg$IPVS_CMD_SET_CONFIG(r11, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r12, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0xa}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x89}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x4) setsockopt$WPAN_WANTACK(r11, 0x0, 0x0, &(0x7f0000000000), 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x80000}, 0x100}) 714.455379ms ago: executing program 4 (id=468): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) r2 = syz_io_uring_setup(0x7246, &(0x7f00000000c0)={0x0, 0x3236, 0x10000, 0x2, 0x19d}, &(0x7f00000001c0)=0x0, &(0x7f00000004c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000180)={0xfffffffffffffffd, r2, 0x20, {0x4, 0x20b}, 0xcc}, 0x1) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r1, 0x5, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000018110000a78fac42a97600b73e4300000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="1400", @ANYRES64=r3, @ANYBLOB="000225bd7000fddbdf251800000058e11433b2b1ba648d32cf5fdfa2da1268f91bfe0b91eca05412067df87c97b7283316985776e66140776dbb583db779f5953f72cd426a0beb63c5ed4fcac322570da7cf437e36c3600425aca77d36ee62e71220529618bcd76ed39b2d639698a251edc5367c7c3d78"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000180)={0xfffffffd, 0x0, 0x0, 'queue0\x00'}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x18) r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18) ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0}) r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r11, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) semget$private(0x0, 0x4, 0x503) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), r1) sendmsg$IPVS_CMD_SET_CONFIG(r11, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r12, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0xa}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x89}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x4) setsockopt$WPAN_WANTACK(r11, 0x0, 0x0, &(0x7f0000000000), 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x80000}, 0x100}) 680.881631ms ago: executing program 2 (id=469): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x7}, 0x18) syz_read_part_table(0x5a1, &(0x7f00000005c0)="$eJzs0r9Lc1cYB/CTCy+h0JfIywsOdhAMTlFBBx2SQSSGLEbEioOz4KCD4OAgkejsj39A8ReIizh1ySimIApxkoziXFBcMqW03g61kxQV289nuZzzPPc+9/A9gU8tCr+1Wq1ECKGVfP3bP5/kR4ud48MTkyEkwkwIIf/Tj39WEnHHX189i9eleF1M/lDfuxx5PGm76rqppQ+iuF6NQlgNIczfHab+7dn47zvNXaTW1hcLG8u5udvCyv3AbE++YzO/sD24ny1PtWen44tVjd5nfro+dHTdKj3sfO39Uqs3+3+N+zKJt5nPx3qZ/+73SqPSHOs+XurLfGucl7fi3J/+mf8b3UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/6jR3kVpbXyxsLOfmbgsr9wOzPfmOzfzC9uB+tjzVnp2Onvuq0fvMT9eHjq5bpYedr71favVm/y9xXybxNvP5WC/z3/1eaVSaY93HS32Zb43z8lac+9Pf809+zN8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ9BfrTYOT48MRlCIsyEEEaitsM/9lvJ53oi7juLn6V4v5jsr+9djjyetF113dTSB+PxfjUKYTWEMH93mHr3w/BqvwcAAP//X3yHGg==") ppoll(&(0x7f0000000d40)=[{0xffffffffffffffff, 0x8000}], 0x20000000000000e0, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) 624.130243ms ago: executing program 3 (id=470): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x50bb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x3, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000080)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x2aad, 0x14, 0x8009, 0x3, 0xf}) 390.155283ms ago: executing program 2 (id=471): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) r2 = syz_io_uring_setup(0x7246, &(0x7f00000000c0)={0x0, 0x3236, 0x10000, 0x2, 0x19d}, &(0x7f00000001c0)=0x0, &(0x7f00000004c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000180)={0xfffffffffffffffd, r2, 0x20, {0x4, 0x20b}, 0xcc}, 0x1) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r1, 0x5, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000018110000a78fac42a97600b73e4300000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x0, 0x0}, 0x94) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fgetxattr(r5, &(0x7f0000000740)=@known='user.incfs.id\x00', &(0x7f00000007c0)=""/47, 0x2f) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r6, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES64=r3, @ANYBLOB="000225bd7000fddbdf251800000058e11433b2b1ba648d32cf5fdfa2da1268f91bfe0b91eca05412067df87c97b7283316985776e66140776dbb583db779f5953f72cd426a0beb63c5ed4fcac322570da7cf437e36c3600425aca77d36ee62e71220529618bcd76ed39b2d639698a251edc5367c7c3d78"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000180)={0xfffffffd, 0x0, 0x0, 'queue0\x00'}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x18) r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18) ioctl$USBDEVFS_CONTROL(r9, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0}) r10 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r10, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) semget$private(0x0, 0x4, 0x503) r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), r1) sendmsg$IPVS_CMD_SET_CONFIG(r10, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r11, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0xa}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x89}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x4) setsockopt$WPAN_WANTACK(r10, 0x0, 0x0, &(0x7f0000000000), 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x80000}, 0x100}) 389.914903ms ago: executing program 3 (id=472): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r1 = socket$netlink(0x10, 0x3, 0x0) preadv(r0, &(0x7f0000000300)=[{0x0, 0x60}, {&(0x7f0000000380)=""/183, 0xb7}], 0x2, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 389.522883ms ago: executing program 0 (id=473): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$can_j1939(r0, &(0x7f0000001240)={&(0x7f0000001000)={0x1d, r1, 0x0, {0x2, 0xff, 0x2}, 0xff}, 0x18, &(0x7f00000010c0)={0x0}, 0x1, 0x0, 0x0, 0x42000}, 0x2004c080) 349.661805ms ago: executing program 0 (id=474): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x2041, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000280)={0x0, 0x4000000, 0x0, 0x401, 0xfe, "0062ba7d82000000160000000000f738096304"}) r1 = syz_open_pts(r0, 0x80) r2 = dup3(r1, r0, 0x80000) ioctl$sock_SIOCINQ(r2, 0x541b, 0x0) 305.404536ms ago: executing program 0 (id=475): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000dd0000000000003b810000850000006d000000a50000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) sendmsg$NFC_CMD_DEP_LINK_UP(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf250400000005000a0000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x26040041}, 0x40) 248.29854ms ago: executing program 0 (id=476): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000580)='kmem_cache_free\x00', r1, 0x0, 0x7fff}, 0x18) syz_emit_ethernet(0x66, &(0x7f00000003c0)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x30, 0x3a, 0x0, @private1, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "4aa198", 0x0, 0x3c, 0x0, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}}}}}}}}, 0x0) 202.424221ms ago: executing program 0 (id=477): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x804}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="54000000000801010000ffffe00000000a000000050003002f0000000600024000000000240004800800024000000000080001400000fcff07000140800000010800014080000001090001"], 0x54}, 0x1, 0x0, 0x0, 0x4004}, 0x28040000) 196.797091ms ago: executing program 5 (id=478): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xff}, 0x18) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_DISALLOCATE(r2, 0x5608) 186.604292ms ago: executing program 3 (id=479): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000001c0)=0x3) close(r1) 152.894393ms ago: executing program 4 (id=480): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x1a00404, &(0x7f0000000080)={[{@grpquota}, {@nomblk_io_submit}]}, 0x1, 0xbac, &(0x7f00000017c0)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5nGdGaOSX8/eHPe97wn8zxPTmfOe2BOA3hqTWc/0ohDEXE2iZis708jYqjaG4nYrB13/+7l+awlUam8/VsSSUTcu3t5vvFaSX07Xh+MRMTN15L490etcVfXN5bnyuXSSn18dO38paOr6xuvLJ2fO1c6V7pwYvbVE7MnZ2e7WOvtS+998cwPbzx/9frHM29+fuC7JE7HRH2uuY5umY7prb9Js0JEzHU7WE4G6vU015kUckwIAICO0qY13H9jMgbi4eJtMr79MdfkAAAAgK6oDERUAAAAgH0ucf8PAAAA+1zjewD37l6eb7R8v5HQX3fORMRUrf7G8821mUJsVrcjMRgRY78n0fxYa1L7tSc2nUX6+vtS1qJHzyF3snklIv6/3flPqvVPVZ/ibq0/jYiZLsSffmS8l+o/3YX4edcPwNPpxpnahaz1+pdurX9im+tfYZtr127kff1rrP/ut6z/HtY/0Gb999YOYxx+8NLNdnPN6793P/l5IYufbZ+oqL/hzpWIw4Xt6k+26k/a1H92hzHG529fazeX1Z/V22j9rr9yPeJIdTXXWn9D0un/Jzq6uFQuzdR+bvP66yc7x28+/1nL4jfuBfohO/9jsbvzf2mHMab+9+uhdnOPrz/9ZSh5p9obqu/5cG5tbeVYxFDyeuv+451zaRzTeI2s/hef6/z+367+7DNhs/53yP71XKlvs/HVR2KOHzn+1e7r762s/oVdnv9Pdxjjy2+uvd9uLu/6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgb0oiYiCQtbvXTtFiMGI+I/8RYWr64uvby4sUPLixkcxFTMZguLpVLMxExWRsn2fhYtf9wfPyR8WxEHIyIzyZHq+Pi/MXyQt7FAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsGU8IiYiSYsRkUbEH5NpWizmnRUAAADQdVN5JwAAAAD0nPt/AAAA2P9a7v8LfxmN9DMXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9qWDz964lUTE5qnRassM1ecGc80M6LV0Z4eN9ToPoP8G8k4AyE2hqV+pVCo5pgL0mXt8IHnM/EjbmeGu5wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP9cLh27cSiJi89RotWWG6nODuWYG9FqadwJAbgY6TSaP3QHsYYW8EwBy4x4fqK3sH1RqWudH2v7m8BNHBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDvmKi2JC1GRFrtp2mxGPGviJiKwWRxqVyaiYgDEfHT5OBwNj6Wd9IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB03er6xvJcuVxa0dHR6WJnNPoWa7T+Zm5zzHD7qQ6dnD+YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIxer6xvJcuVxaWc07EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBvq+sby3Plcmmlh528awQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID9/BgAA///GyAmy") r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) r2 = syz_io_uring_setup(0x7246, &(0x7f00000000c0)={0x0, 0x3236, 0x10000, 0x2, 0x19d}, &(0x7f00000001c0)=0x0, &(0x7f00000004c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4}) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000180)={0xfffffffffffffffd, r2, 0x20, {0x4, 0x20b}, 0xcc}, 0x1) pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) lseek(r1, 0x5, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000018110000a78fac42a97600b73e4300000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbd, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) fgetxattr(r6, &(0x7f0000000740)=@known='user.incfs.id\x00', &(0x7f00000007c0)=""/47, 0x2f) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r7, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000400)={&(0x7f0000000880)=ANY=[@ANYBLOB="14000000", @ANYRES64=r3, @ANYBLOB="000225bd7000fddbdf251800000058e11433b2b1ba648d32cf5fdfa2da1268f91bfe0b91eca05412067df87c97b7283316985776e66140776dbb583db779f5953f72cd426a0beb63c5ed4fcac322570da7cf437e36c3600425aca77d36ee62e71220529618bcd76ed39b2d639698a251"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000180)={0xfffffffd, 0x0, 0x0, 'queue0\x00'}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="07000000040000008000000004"], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r9}, 0x18) r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000340)=@generic={&(0x7f0000000300)='./file0\x00'}, 0x18) ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0}) r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r11, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x5603d}], 0x1) semget$private(0x0, 0x4, 0x503) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540), r1) sendmsg$IPVS_CMD_SET_CONFIG(r11, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x6c, r12, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2d, 0xa}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x89}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6a}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0x4) setsockopt$WPAN_WANTACK(r11, 0x0, 0x0, &(0x7f0000000000), 0x4) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x40605346, &(0x7f0000000100)={0x0, 0x0, {0x1, 0x0, 0x0, 0x0, 0x80000}, 0x100}) 47.767618ms ago: executing program 0 (id=481): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000380)='/sys/kernel/notes', 0x800, 0x0) io_setup(0x3, &(0x7f0000000400)=0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000d00)='kfree\x00', r2}, 0x18) io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000040)={0xf000000, 0x0, 0x0, 0x0, 0xe11, r0, 0x0, 0xf, 0x4, 0x0, 0x0, r0}]) 0s ago: executing program 3 (id=482): syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x2804, 0x10100}, &(0x7f0000000540)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff56}) io_uring_enter(r0, 0x7a98, 0xb816, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.241' (ED25519) to the list of known hosts. [ 33.197927][ T29] audit: type=1400 audit(1764341112.914:62): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 33.221094][ T29] audit: type=1400 audit(1764341112.934:63): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 33.222113][ T3303] cgroup: Unknown subsys name 'net' [ 33.248860][ T29] audit: type=1400 audit(1764341112.964:64): avc: denied { unmount } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 33.397795][ T3303] cgroup: Unknown subsys name 'cpuset' [ 33.404130][ T3303] cgroup: Unknown subsys name 'rlimit' [ 33.535469][ T29] audit: type=1400 audit(1764341113.244:65): avc: denied { setattr } for pid=3303 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.560038][ T29] audit: type=1400 audit(1764341113.244:66): avc: denied { create } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.580541][ T29] audit: type=1400 audit(1764341113.244:67): avc: denied { write } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.601157][ T29] audit: type=1400 audit(1764341113.244:68): avc: denied { read } for pid=3303 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 33.621507][ T29] audit: type=1400 audit(1764341113.244:69): avc: denied { mounton } for pid=3303 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 33.630140][ T3305] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 33.646403][ T29] audit: type=1400 audit(1764341113.244:70): avc: denied { mount } for pid=3303 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 33.679173][ T29] audit: type=1400 audit(1764341113.374:71): avc: denied { relabelto } for pid=3305 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 33.717005][ T3303] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 35.664288][ T3316] chnl_net:caif_netlink_parms(): no params data found [ 35.730785][ T3323] chnl_net:caif_netlink_parms(): no params data found [ 35.771347][ T3312] chnl_net:caif_netlink_parms(): no params data found [ 35.823698][ T3319] chnl_net:caif_netlink_parms(): no params data found [ 35.835781][ T3316] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.843013][ T3316] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.850377][ T3316] bridge_slave_0: entered allmulticast mode [ 35.857005][ T3316] bridge_slave_0: entered promiscuous mode [ 35.877387][ T3316] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.884456][ T3316] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.891599][ T3316] bridge_slave_1: entered allmulticast mode [ 35.897955][ T3316] bridge_slave_1: entered promiscuous mode [ 35.927344][ T3313] chnl_net:caif_netlink_parms(): no params data found [ 35.945614][ T3323] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.952711][ T3323] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.959902][ T3323] bridge_slave_0: entered allmulticast mode [ 35.966503][ T3323] bridge_slave_0: entered promiscuous mode [ 35.987063][ T3323] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.994136][ T3323] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.001502][ T3323] bridge_slave_1: entered allmulticast mode [ 36.007966][ T3323] bridge_slave_1: entered promiscuous mode [ 36.015345][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.044091][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.062889][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.069991][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.077308][ T3312] bridge_slave_0: entered allmulticast mode [ 36.083789][ T3312] bridge_slave_0: entered promiscuous mode [ 36.100944][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.117711][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.124788][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.132078][ T3312] bridge_slave_1: entered allmulticast mode [ 36.138519][ T3312] bridge_slave_1: entered promiscuous mode [ 36.149866][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.156930][ T3319] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.164132][ T3319] bridge_slave_0: entered allmulticast mode [ 36.170684][ T3319] bridge_slave_0: entered promiscuous mode [ 36.178184][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.187439][ T3319] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.194510][ T3319] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.201801][ T3319] bridge_slave_1: entered allmulticast mode [ 36.208402][ T3319] bridge_slave_1: entered promiscuous mode [ 36.215520][ T3316] team0: Port device team_slave_0 added [ 36.239834][ T3316] team0: Port device team_slave_1 added [ 36.258333][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.281967][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.296904][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.306156][ T3313] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.313295][ T3313] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.320552][ T3313] bridge_slave_0: entered allmulticast mode [ 36.326921][ T3313] bridge_slave_0: entered promiscuous mode [ 36.334073][ T3323] team0: Port device team_slave_0 added [ 36.341064][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.350678][ T3323] team0: Port device team_slave_1 added [ 36.356684][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.363707][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.389675][ T3316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.410171][ T3313] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.417278][ T3313] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.424457][ T3313] bridge_slave_1: entered allmulticast mode [ 36.430942][ T3313] bridge_slave_1: entered promiscuous mode [ 36.447251][ T3316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.454231][ T3316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.480195][ T3316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.491730][ T3312] team0: Port device team_slave_0 added [ 36.515726][ T3319] team0: Port device team_slave_0 added [ 36.522246][ T3312] team0: Port device team_slave_1 added [ 36.532780][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.539797][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.565981][ T3323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.578104][ T3323] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.585060][ T3323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.611130][ T3323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.622631][ T3319] team0: Port device team_slave_1 added [ 36.639456][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 36.650138][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 36.667860][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.674817][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.700808][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.737748][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.744727][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.770748][ T3319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 36.788924][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.795896][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.822035][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.835084][ T3316] hsr_slave_0: entered promiscuous mode [ 36.841304][ T3316] hsr_slave_1: entered promiscuous mode [ 36.853958][ T3313] team0: Port device team_slave_0 added [ 36.860133][ T3319] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 36.867108][ T3319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.893113][ T3319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 36.920648][ T3323] hsr_slave_0: entered promiscuous mode [ 36.926739][ T3323] hsr_slave_1: entered promiscuous mode [ 36.932730][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 36.938495][ T3323] Cannot create hsr debugfs directory [ 36.944756][ T3313] team0: Port device team_slave_1 added [ 36.964933][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 36.971938][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 36.998146][ T3313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 37.021459][ T3313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 37.028469][ T3313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 37.054525][ T3313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 37.094992][ T3312] hsr_slave_0: entered promiscuous mode [ 37.101057][ T3312] hsr_slave_1: entered promiscuous mode [ 37.106956][ T3312] debugfs: 'hsr0' already exists in 'hsr' [ 37.112826][ T3312] Cannot create hsr debugfs directory [ 37.128003][ T3319] hsr_slave_0: entered promiscuous mode [ 37.134069][ T3319] hsr_slave_1: entered promiscuous mode [ 37.140157][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 37.145894][ T3319] Cannot create hsr debugfs directory [ 37.166314][ T3313] hsr_slave_0: entered promiscuous mode [ 37.172517][ T3313] hsr_slave_1: entered promiscuous mode [ 37.178453][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 37.184187][ T3313] Cannot create hsr debugfs directory [ 37.368761][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 37.378188][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 37.386859][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 37.398023][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 37.427467][ T3323] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 37.437238][ T3323] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 37.446017][ T3323] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 37.456123][ T3323] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 37.501166][ T3312] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 37.519336][ T3312] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 37.528296][ T3312] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 37.539127][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.550417][ T3312] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 37.564588][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.577541][ T3316] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.601253][ T3323] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.609575][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.616707][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.628182][ T3313] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 37.650066][ T3313] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 37.659131][ T3313] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 37.669040][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.676114][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.684810][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.691906][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.701116][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.708197][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.732763][ T3313] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 37.763432][ T3319] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 37.785951][ T3319] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 37.805592][ T3319] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 37.825756][ T3319] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 37.874466][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.889778][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 37.898288][ T3316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.919181][ T3313] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.929463][ T3312] 8021q: adding VLAN 0 to HW filter on device team0 [ 37.944899][ T3323] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 37.954203][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.961612][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.972109][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.979223][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.992966][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.000160][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.032597][ T3313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 38.050890][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.058064][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.102258][ T3316] veth0_vlan: entered promiscuous mode [ 38.126611][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 38.151197][ T3319] 8021q: adding VLAN 0 to HW filter on device team0 [ 38.159748][ T3316] veth1_vlan: entered promiscuous mode [ 38.176792][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.183944][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.211611][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.218844][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.237177][ T3313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.258391][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.275972][ T3323] veth0_vlan: entered promiscuous mode [ 38.293404][ T3316] veth0_macvtap: entered promiscuous mode [ 38.301631][ T3323] veth1_vlan: entered promiscuous mode [ 38.318945][ T3316] veth1_macvtap: entered promiscuous mode [ 38.362235][ T3323] veth0_macvtap: entered promiscuous mode [ 38.372432][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.382517][ T3319] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 38.393546][ T3323] veth1_macvtap: entered promiscuous mode [ 38.403764][ T3316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.415367][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.439192][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.450551][ T3323] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.461698][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.473416][ T3313] veth0_vlan: entered promiscuous mode [ 38.495139][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.517675][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.530754][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.531447][ T29] kauditd_printk_skb: 9 callbacks suppressed [ 38.531464][ T29] audit: type=1400 audit(1764341118.244:81): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.3SZWZJ/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 38.547725][ T3313] veth1_vlan: entered promiscuous mode [ 38.580696][ T29] audit: type=1400 audit(1764341118.294:82): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 38.602839][ T29] audit: type=1400 audit(1764341118.294:83): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.3SZWZJ/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 38.608592][ T3313] veth0_macvtap: entered promiscuous mode [ 38.628120][ T29] audit: type=1400 audit(1764341118.294:84): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 38.638557][ T3313] veth1_macvtap: entered promiscuous mode [ 38.655512][ T29] audit: type=1400 audit(1764341118.294:85): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.3SZWZJ/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 38.668159][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 38.688131][ T29] audit: type=1400 audit(1764341118.294:86): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/root/syzkaller.3SZWZJ/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=3655 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 38.698310][ T3313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 38.722989][ T29] audit: type=1400 audit(1764341118.294:87): avc: denied { unmount } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 38.751229][ T29] audit: type=1400 audit(1764341118.474:88): avc: denied { mounton } for pid=3316 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 38.774241][ T29] audit: type=1400 audit(1764341118.474:89): avc: denied { mount } for pid=3316 comm="syz-executor" name="/" dev="gadgetfs" ino=4854 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 38.799549][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 38.800991][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.842811][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.852056][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.862058][ T37] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.878621][ T29] audit: type=1400 audit(1764341118.584:90): avc: denied { read write } for pid=3316 comm="syz-executor" name="loop0" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 38.907833][ T37] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.931633][ T3319] veth0_vlan: entered promiscuous mode [ 38.938322][ T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.954570][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 38.972234][ T3319] veth1_vlan: entered promiscuous mode [ 38.982164][ T3312] veth0_vlan: entered promiscuous mode [ 39.029409][ T3319] veth0_macvtap: entered promiscuous mode [ 39.038993][ T3312] veth1_vlan: entered promiscuous mode [ 39.049680][ T3319] veth1_macvtap: entered promiscuous mode [ 39.062191][ T3312] veth0_macvtap: entered promiscuous mode [ 39.084062][ T3312] veth1_macvtap: entered promiscuous mode [ 39.116790][ T3418] IPVS: starting estimator thread 0... [ 39.123857][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.132369][ T3498] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3498 comm=syz.2.9 [ 39.132802][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 39.174196][ T3319] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.185526][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 39.217270][ T58] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.227092][ T3497] IPVS: using max 2256 ests per chain, 112800 per kthread [ 39.278990][ T58] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.303698][ T58] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.340989][ T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.368826][ T58] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.396881][ T58] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.405940][ T3521] loop4: detected capacity change from 0 to 256 [ 39.406220][ T58] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.423579][ T3518] loop1: detected capacity change from 0 to 1024 [ 39.434498][ T3518] ======================================================= [ 39.434498][ T3518] WARNING: The mand mount option has been deprecated and [ 39.434498][ T3518] and is ignored by this kernel. Remove the mand [ 39.434498][ T3518] option from the mount to silence this warning. [ 39.434498][ T3518] ======================================================= [ 39.473455][ T58] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 39.479814][ T3518] EXT4-fs: Ignoring removed bh option [ 39.504998][ T3521] FAT-fs (loop4): error, clusters badly computed (0 != 128) [ 39.512581][ T3521] FAT-fs (loop4): Filesystem has been set read-only [ 39.521231][ T3525] loop3: detected capacity change from 0 to 128 [ 39.535388][ T3521] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 39.557688][ T3518] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 39.571516][ T3525] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 39.603668][ T3525] ext4 filesystem being mounted at /0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 39.654655][ T3518] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4193: comm syz.1.18: Allocating blocks 385-513 which overlap fs metadata [ 39.679736][ T3517] EXT4-fs (loop1): pa ffff88810726a070: logic 16, phys. 129, len 24 [ 39.687809][ T3517] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 8 [ 39.735993][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 39.753233][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.765609][ T3319] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 39.921549][ T3570] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 40.084300][ T3589] Illegal XDP return value 123 on prog (id 16) dev syz_tun, expect packet loss! [ 40.160029][ T3593] netlink: 8 bytes leftover after parsing attributes in process `syz.3.41'. [ 40.309613][ T3610] loop3: detected capacity change from 0 to 512 [ 40.335448][ T3611] loop4: detected capacity change from 0 to 4096 [ 40.404420][ T3611] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.434591][ T3611] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.485071][ T3622] loop3: detected capacity change from 0 to 4096 [ 40.495390][ T3622] EXT4-fs: Ignoring removed nomblk_io_submit option [ 40.613404][ T3622] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 40.767661][ T3627] ALSA: seq fatal error: cannot create timer (-19) [ 41.001543][ T3633] ALSA: seq fatal error: cannot create timer (-19) [ 41.213105][ T3639] loop1: detected capacity change from 0 to 4096 [ 41.232910][ T3639] EXT4-fs: Ignoring removed nomblk_io_submit option [ 41.289835][ T3639] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 41.374473][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.403910][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.503525][ T3650] loop0: detected capacity change from 0 to 1024 [ 41.525972][ T3650] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=842c018, mo2=0002] [ 41.547785][ T3650] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 41.571250][ T3650] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.62: bg 0: block 88: padding at end of block bitmap is not set [ 41.603624][ T3650] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 41.630533][ T3646] ALSA: seq fatal error: cannot create timer (-19) [ 41.668771][ T3662] netlink: 80 bytes leftover after parsing attributes in process `syz.4.66'. [ 41.681948][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.716918][ T3664] loop3: detected capacity change from 0 to 512 [ 41.736891][ T3668] loop0: detected capacity change from 0 to 1024 [ 41.743530][ T3515] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 41.747346][ T3545] Bluetooth: hci0: command 0x1003 tx timeout [ 41.763372][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 41.875312][ T3668] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 41.888571][ T3664] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 41.908230][ T3668] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.922644][ T3664] EXT4-fs (loop3): mount failed [ 42.124329][ T3668] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm syz.0.68: lblock 0 mapped to illegal pblock 0 (length 1) [ 42.144713][ T3668] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 42.157123][ T3668] EXT4-fs (loop0): This should not happen!! Data will be lost [ 42.157123][ T3668] [ 43.006014][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 43.042586][ T3700] random: crng reseeded on system resumption [ 43.148444][ T3702] loop2: detected capacity change from 0 to 4096 [ 43.160406][ T3702] EXT4-fs: Ignoring removed nomblk_io_submit option [ 43.166174][ T3710] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 43.182720][ T3702] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.236282][ T3715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.79'. [ 43.242149][ T3717] syz.4.86 uses obsolete (PF_INET,SOCK_PACKET) [ 43.322425][ T3720] loop1: detected capacity change from 0 to 4096 [ 43.348832][ T3720] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 43.392289][ T3721] ALSA: seq fatal error: cannot create timer (-19) [ 43.426427][ T3725] netlink: 'syz.0.88': attribute type 6 has an invalid length. [ 43.437549][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.534751][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.547640][ T3731] loop4: detected capacity change from 0 to 256 [ 43.565187][ T3731] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 43.612396][ T3731] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 43.998800][ T3742] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.006179][ T3742] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.027944][ T3746] program syz.1.97 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 44.064000][ T3746] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 44.126663][ T3742] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 44.138112][ T3742] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 44.173826][ T3759] netlink: 8 bytes leftover after parsing attributes in process `syz.3.98'. [ 44.197213][ T31] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.206524][ T31] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.218986][ T31] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.240221][ T31] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 44.250444][ T3761] loop4: detected capacity change from 0 to 4096 [ 44.295398][ T3761] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.309229][ T3765] hub 9-0:1.0: USB hub found [ 44.320583][ T3765] hub 9-0:1.0: 8 ports detected [ 44.414974][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.441893][ T29] kauditd_printk_skb: 127 callbacks suppressed [ 44.441911][ T29] audit: type=1400 audit(1764341124.154:217): avc: denied { ioctl } for pid=3775 comm="syz.2.106" path="socket:[6217]" dev="sockfs" ino=6217 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 44.475518][ T29] audit: type=1400 audit(1764341124.184:218): avc: denied { read write } for pid=3777 comm="syz.0.109" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 44.499117][ T29] audit: type=1400 audit(1764341124.184:219): avc: denied { open } for pid=3777 comm="syz.0.109" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 44.523182][ T3774] loop3: detected capacity change from 0 to 4096 [ 44.533808][ T3774] EXT4-fs: Ignoring removed nomblk_io_submit option [ 44.552421][ T3781] ALSA: seq fatal error: cannot create timer (-19) [ 44.613653][ T3774] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 44.628150][ T29] audit: type=1400 audit(1764341124.344:220): avc: denied { write } for pid=3789 comm="syz.4.108" name="tcp" dev="proc" ino=4026532835 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 44.653016][ T29] audit: type=1400 audit(1764341124.364:221): avc: denied { add_name } for pid=3773 comm="syz.3.107" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.673974][ T29] audit: type=1400 audit(1764341124.364:222): avc: denied { create } for pid=3773 comm="syz.3.107" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 44.694617][ T29] audit: type=1400 audit(1764341124.374:223): avc: denied { map_create } for pid=3793 comm="syz.1.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 44.713876][ T29] audit: type=1400 audit(1764341124.374:224): avc: denied { map_read map_write } for pid=3793 comm="syz.1.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 44.733687][ T29] audit: type=1400 audit(1764341124.394:225): avc: denied { prog_load } for pid=3793 comm="syz.1.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 44.752651][ T29] audit: type=1400 audit(1764341124.394:226): avc: denied { bpf } for pid=3793 comm="syz.1.115" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 44.853919][ T3802] loop0: detected capacity change from 0 to 128 [ 44.869311][ T3803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.114'. [ 45.260636][ T3822] ALSA: seq fatal error: cannot create timer (-19) [ 45.271698][ T3819] loop0: detected capacity change from 0 to 4096 [ 45.318587][ T3819] EXT4-fs: Ignoring removed nomblk_io_submit option [ 45.420097][ T3819] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 45.579114][ T3831] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 45.761594][ T3833] ALSA: seq fatal error: cannot create timer (-19) [ 45.781879][ T3836] vhci_hcd: default hub control req: 8001 v0301 i0000 l0 [ 45.825602][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.950185][ T3843] loop1: detected capacity change from 0 to 4096 [ 45.958246][ T3846] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 45.967506][ T3843] EXT4-fs: Ignoring removed nomblk_io_submit option [ 45.983377][ T3847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.131'. [ 45.996309][ T3843] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.034408][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.085204][ T3853] netlink: 24 bytes leftover after parsing attributes in process `syz.4.136'. [ 46.086781][ T3854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.094912][ T3853] IPVS: Error connecting to the multicast addr [ 46.125743][ T3854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 46.188731][ T3860] loop4: detected capacity change from 0 to 1024 [ 46.195740][ T3860] ext4: Unknown parameter 'uid<00000000000000000000' [ 46.291499][ T3861] ALSA: seq fatal error: cannot create timer (-19) [ 46.476918][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.587936][ T3870] ALSA: seq fatal error: cannot create timer (-19) [ 46.739351][ T3873] loop2: detected capacity change from 0 to 512 [ 46.767512][ T3873] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 46.860773][ T3873] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.906806][ T3873] ext4 filesystem being mounted at /25/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.094399][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.201215][ T3892] capability: warning: `syz.2.145' uses deprecated v2 capabilities in a way that may be insecure [ 47.256336][ T3894] loop4: detected capacity change from 0 to 512 [ 47.284849][ T3898] loop1: detected capacity change from 0 to 512 [ 47.333472][ T3898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.348094][ T3898] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 47.389983][ T3908] loop0: detected capacity change from 0 to 256 [ 47.409093][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.537117][ T3919] loop3: detected capacity change from 0 to 4096 [ 47.549196][ T3919] EXT4-fs: Ignoring removed nomblk_io_submit option [ 47.559253][ T3922] SELinux: failed to load policy [ 47.597672][ T3919] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.646010][ T3929] loop1: detected capacity change from 0 to 1024 [ 47.767910][ T3929] EXT4-fs: inline encryption not supported [ 47.794484][ T3926] loop0: detected capacity change from 0 to 4096 [ 47.843157][ T3929] EXT4-fs: Ignoring removed nobh option [ 47.862632][ T3926] EXT4-fs: Ignoring removed nomblk_io_submit option [ 47.911235][ T3929] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84fc018, mo2=0002] [ 47.936083][ T3926] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.987862][ T3929] System zones: 1-12 [ 48.024444][ T3929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.060041][ T3935] ALSA: seq fatal error: cannot create timer (-19) [ 48.207684][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.253658][ T3941] ALSA: seq fatal error: cannot create timer (-19) [ 48.264742][ T3947] loop2: detected capacity change from 0 to 256 [ 48.347811][ T3947] FAT-fs (loop2): Directory bread(block 1285) failed [ 48.403314][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.477672][ T3954] loop3: detected capacity change from 0 to 128 [ 48.504299][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.522840][ T3954] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 48.536446][ T3956] netlink: 32 bytes leftover after parsing attributes in process `syz.2.173'. [ 48.601792][ T3961] xt_hashlimit: size too large, truncated to 1048576 [ 48.836863][ T3974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.181'. [ 48.862076][ T3976] vhci_hcd: invalid port number 96 [ 48.867265][ T3976] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 48.882573][ T3977] loop0: detected capacity change from 0 to 4096 [ 48.901606][ T3977] EXT4-fs: Ignoring removed nomblk_io_submit option [ 48.990249][ T3977] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.166876][ T3990] loop4: detected capacity change from 0 to 4096 [ 49.305961][ C1] hrtimer: interrupt took 28667 ns [ 49.412459][ T3998] ALSA: seq fatal error: cannot create timer (-19) [ 49.439292][ T3990] EXT4-fs: Ignoring removed nomblk_io_submit option [ 49.559446][ T3990] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.609845][ T4002] loop2: detected capacity change from 0 to 512 [ 49.677908][ T4002] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 49.685907][ T4002] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 49.853686][ T4002] EXT4-fs (loop2): orphan cleanup on readonly fs [ 49.880696][ T4002] __quota_error: 84 callbacks suppressed [ 49.880714][ T4002] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 49.913982][ T29] audit: type=1400 audit(1764341129.624:311): avc: denied { create } for pid=4008 comm="syz.1.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 49.951096][ T4002] EXT4-fs warning (device loop2): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 49.965709][ T4002] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 50.001451][ T29] audit: type=1400 audit(1764341129.644:312): avc: denied { setopt } for pid=4008 comm="syz.1.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 50.020966][ T29] audit: type=1400 audit(1764341129.644:313): avc: denied { connect } for pid=4008 comm="syz.1.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 50.053740][ T4010] ALSA: seq fatal error: cannot create timer (-19) [ 50.069572][ T29] audit: type=1400 audit(1764341129.754:314): avc: denied { read } for pid=4012 comm="syz.1.192" name="event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.092629][ T29] audit: type=1400 audit(1764341129.754:315): avc: denied { open } for pid=4012 comm="syz.1.192" path="/dev/input/event0" dev="devtmpfs" ino=242 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 50.120193][ T4002] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.189: bg 0: block 40: padding at end of block bitmap is not set [ 50.128632][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.143445][ T4002] EXT4-fs (loop2): Remounting filesystem read-only [ 50.150362][ T4002] EXT4-fs (loop2): 1 truncate cleaned up [ 50.156478][ T4002] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 50.200762][ T4002] EXT4-fs (loop2): shut down requested (2) [ 50.212937][ T29] audit: type=1400 audit(1764341129.924:316): avc: denied { read } for pid=2985 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 50.234974][ T29] audit: type=1400 audit(1764341129.924:317): avc: denied { search } for pid=2985 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 50.256737][ T29] audit: type=1400 audit(1764341129.924:318): avc: denied { search } for pid=2985 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 50.257168][ T4013] ------------[ cut here ]------------ [ 50.278321][ T29] audit: type=1400 audit(1764341129.924:319): avc: denied { add_name } for pid=2985 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 50.285130][ T4013] WARNING: CPU: 1 PID: 4013 at mm/page_alloc.c:5154 __alloc_frozen_pages_noprof+0x218/0x360 [ 50.307096][ T4002] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=16 [ 50.316701][ T4013] Modules linked in: [ 50.329237][ T4013] CPU: 1 UID: 0 PID: 4013 Comm: syz.1.192 Not tainted syzkaller #0 PREEMPT(voluntary) [ 50.329349][ T4002] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=16 [ 50.338935][ T4013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 50.357896][ T4013] RIP: 0010:__alloc_frozen_pages_noprof+0x218/0x360 [ 50.364602][ T4013] Code: 83 3d 03 f5 4f 05 02 72 0e 48 83 b8 e0 fb ff ff 00 0f 84 48 ff ff ff 81 ca 00 01 00 00 e9 3d ff ff ff c6 05 cf f2 4b 05 01 90 <0f> 0b 90 31 c0 eb 84 a9 00 00 08 00 75 52 44 89 f1 81 e1 7f ff ff [ 50.384307][ T4013] RSP: 0018:ffffc900115d3b90 EFLAGS: 00010246 [ 50.390520][ T4013] RAX: aad0e03a903bbd00 RBX: 0000000000000014 RCX: 0000000000000000 [ 50.398570][ T4013] RDX: 0000000000000000 RSI: 0000000000000014 RDI: 0000000000040cc0 [ 50.406568][ T4013] RBP: 0000000000000000 R08: 0001ffff88ea9ff5 R09: 0000000000000000 [ 50.414668][ T4013] R10: 0000000000000006 R11: 0000000000000002 R12: ffffffff88ea9ff4 [ 50.422715][ T4013] R13: 0000000000000001 R14: 0000000000040cc0 R15: 0000000000000000 [ 50.426630][ T4020] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=16 [ 50.430810][ T4013] FS: 00007fda9b7a76c0(0000) GS:ffff8882aef10000(0000) knlGS:0000000000000000 [ 50.430834][ T4013] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 50.430851][ T4013] CR2: 00007fda9b7a5fe0 CR3: 000000011abc2000 CR4: 00000000003506f0 [ 50.463220][ T4013] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 50.471237][ T4013] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 50.479298][ T4013] Call Trace: [ 50.482622][ T4013] [ 50.485580][ T4013] alloc_pages_mpol+0xb3/0x260 [ 50.490422][ T4013] ? __rcu_read_unlock+0x4f/0x70 [ 50.495491][ T4013] alloc_frozen_pages_noprof+0x90/0x110 [ 50.501231][ T4013] ___kmalloc_large_node+0x52/0x100 [ 50.506506][ T4013] __kmalloc_large_node_noprof+0x16/0xa0 [ 50.512244][ T4013] __kmalloc_noprof+0x348/0x570 [ 50.517204][ T4013] ? raw_ioctl+0x1014/0x1d00 [ 50.521867][ T4013] raw_ioctl+0x1014/0x1d00 [ 50.526309][ T4013] ? ioctl_has_perm+0x257/0x2a0 [ 50.531274][ T4013] ? do_vfs_ioctl+0x866/0xe10 [ 50.536058][ T4013] ? selinux_file_ioctl+0x308/0x3a0 [ 50.541307][ T4013] ? __fget_files+0x184/0x1c0 [ 50.546041][ T4013] ? __pfx_raw_ioctl+0x10/0x10 [ 50.550848][ T4013] __se_sys_ioctl+0xce/0x140 [ 50.555507][ T4013] __x64_sys_ioctl+0x43/0x50 [ 50.560208][ T4013] x64_sys_call+0x1816/0x3000 [ 50.565005][ T4013] do_syscall_64+0xd2/0x200 [ 50.569559][ T4013] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 50.575727][ T4013] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 50.581591][ T4013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.587576][ T4013] RIP: 0033:0x7fda9cd3f749 [ 50.592057][ T4013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.611804][ T4013] RSP: 002b:00007fda9b7a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 50.620290][ T4013] RAX: ffffffffffffffda RBX: 00007fda9cf95fa0 RCX: 00007fda9cd3f749 [ 50.628310][ T4013] RDX: 0000200000000000 RSI: 00000000c0085504 RDI: 0000000000000003 [ 50.636318][ T4013] RBP: 00007fda9cdc3f91 R08: 0000000000000000 R09: 0000000000000000 [ 50.644364][ T4013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.652392][ T4013] R13: 00007fda9cf96038 R14: 00007fda9cf95fa0 R15: 00007ffe96506bf8 [ 50.660437][ T4013] [ 50.663505][ T4013] ---[ end trace 0000000000000000 ]--- [ 50.671544][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.683595][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.787581][ T4026] loop2: detected capacity change from 0 to 8192 [ 50.808779][ T4037] loop4: detected capacity change from 0 to 128 [ 50.827763][ T4037] FAT-fs (loop4): Directory bread(block 32) failed [ 50.834358][ T4037] FAT-fs (loop4): Directory bread(block 33) failed [ 50.850794][ T4037] FAT-fs (loop4): Directory bread(block 34) failed [ 50.857968][ T4037] FAT-fs (loop4): Directory bread(block 35) failed [ 50.864562][ T4037] FAT-fs (loop4): Directory bread(block 36) failed [ 50.871159][ T4037] FAT-fs (loop4): Directory bread(block 37) failed [ 50.879187][ T4037] FAT-fs (loop4): Directory bread(block 38) failed [ 50.885717][ T4037] FAT-fs (loop4): Directory bread(block 39) failed [ 50.895613][ T4037] FAT-fs (loop4): Directory bread(block 40) failed [ 50.902258][ T4037] FAT-fs (loop4): Directory bread(block 41) failed [ 50.973331][ T4037] syz.4.203: attempt to access beyond end of device [ 50.973331][ T4037] loop4: rw=0, sector=4108, nr_sectors = 4 limit=128 [ 51.057359][ T4037] FAT-fs (loop4): Filesystem has been set read-only [ 51.065529][ T4037] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 51.288843][ T4050] loop2: detected capacity change from 0 to 2048 [ 51.340224][ T4051] loop4: detected capacity change from 0 to 4096 [ 51.354858][ T4050] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 51.403293][ T4051] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.404594][ T4050] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 51.436226][ T4051] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 51.510554][ T4065] mmap: syz.3.214 (4065) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 51.527172][ T4062] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.209: bg 0: block 345: padding at end of block bitmap is not set [ 51.544222][ T4062] EXT4-fs (loop2): Remounting filesystem read-only [ 51.583975][ T4069] sd 0:0:1:0: device reset [ 51.607723][ T4072] loop3: detected capacity change from 0 to 512 [ 51.633030][ T4072] ------------[ cut here ]------------ [ 51.638615][ T4072] EA inode 11 i_nlink=2 [ 51.638867][ T4072] WARNING: CPU: 0 PID: 4072 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x36a/0x380 [ 51.641690][ T4062] syz.2.209 (4062) used greatest stack depth: 10360 bytes left [ 51.643135][ T4072] Modules linked in: [ 51.664783][ T4072] CPU: 0 UID: 0 PID: 4072 Comm: syz.3.216 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 51.676054][ T4072] Tainted: [W]=WARN [ 51.679929][ T4072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 51.690051][ T4072] RIP: 0010:ext4_xattr_inode_update_ref+0x36a/0x380 [ 51.696737][ T4072] Code: 90 49 8d 7e 40 e8 16 f7 b8 ff 4d 8b 6e 40 4c 89 e7 e8 2a f2 b8 ff 41 8b 56 48 48 c7 c7 55 d7 55 86 4c 89 ee e8 e7 f2 67 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 68 01 b6 03 0f 1f 84 00 00 00 00 00 [ 51.716457][ T4072] RSP: 0018:ffffc90011907778 EFLAGS: 00010246 [ 51.722682][ T4072] RAX: 1465d17029e90100 RBX: ffff8881072a6468 RCX: 0000000000080000 [ 51.730716][ T4072] RDX: ffffc9000434a000 RSI: 00000000000033b0 RDI: 00000000000033b1 [ 51.738754][ T4072] RBP: 0000000000000002 R08: 0001c900119075f7 R09: 0000000000000000 [ 51.746833][ T4072] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff8881072a6418 [ 51.754872][ T4072] R13: 000000000000000b R14: ffff8881072a63d0 R15: 0000000000000001 [ 51.762939][ T4072] FS: 00007f5ea734f6c0(0000) GS:ffff8882aee10000(0000) knlGS:0000000000000000 [ 51.771988][ T4072] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.778672][ T4072] CR2: 00007ffe96506e78 CR3: 000000011abc0000 CR4: 00000000003506f0 [ 51.786665][ T4072] Call Trace: [ 51.790099][ T4072] [ 51.793099][ T4072] ext4_xattr_inode_dec_ref_all+0x579/0x830 [ 51.799082][ T4072] ? errseq_check+0x2c/0x50 [ 51.803825][ T4072] ext4_xattr_delete_inode+0x6b7/0x790 [ 51.809486][ T4072] ext4_evict_inode+0xa6a/0xd90 [ 51.814470][ T4072] ? __pfx_ext4_evict_inode+0x10/0x10 [ 51.820007][ T4072] evict+0x2e3/0x550 [ 51.823955][ T4072] ? __dquot_initialize+0x146/0x7c0 [ 51.829285][ T4072] iput+0x4ed/0x650 [ 51.833389][ T4072] ext4_process_orphan+0x1a9/0x1c0 [ 51.838594][ T4072] ext4_orphan_cleanup+0x6a8/0xa00 [ 51.844107][ T4072] ext4_fill_super+0x3483/0x3810 [ 51.849163][ T4072] ? snprintf+0x86/0xb0 [ 51.853355][ T4072] ? set_blocksize+0x1a8/0x310 [ 51.858226][ T4072] ? sb_set_blocksize+0xe3/0x100 [ 51.863187][ T4072] ? setup_bdev_super+0x30e/0x370 [ 51.868328][ T4072] ? __pfx_ext4_fill_super+0x10/0x10 [ 51.873637][ T4072] get_tree_bdev_flags+0x291/0x300 [ 51.878807][ T4072] ? __pfx_ext4_fill_super+0x10/0x10 [ 51.884222][ T4072] get_tree_bdev+0x1f/0x30 [ 51.888698][ T4072] ext4_get_tree+0x1c/0x30 [ 51.893128][ T4072] vfs_get_tree+0x57/0x1d0 [ 51.897651][ T4072] do_new_mount+0x24d/0x660 [ 51.902216][ T4072] path_mount+0x4a5/0xb70 [ 51.906683][ T4072] ? user_path_at+0x109/0x130 [ 51.911469][ T4072] __se_sys_mount+0x28c/0x2e0 [ 51.916247][ T4072] __x64_sys_mount+0x67/0x80 [ 51.920921][ T4072] x64_sys_call+0x2b51/0x3000 [ 51.925642][ T4072] do_syscall_64+0xd2/0x200 [ 51.930234][ T4072] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 51.931355][ T4071] ALSA: seq fatal error: cannot create timer (-19) [ 51.936353][ T4072] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 51.948677][ T4072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 51.954588][ T4072] RIP: 0033:0x7f5ea88f0eea [ 51.959045][ T4072] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 51.978728][ T4072] RSP: 002b:00007f5ea734ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 51.987227][ T4072] RAX: ffffffffffffffda RBX: 00007f5ea734eef0 RCX: 00007f5ea88f0eea [ 51.995220][ T4072] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f5ea734eeb0 [ 52.003299][ T4072] RBP: 0000200000000180 R08: 00007f5ea734eef0 R09: 0000000000800700 [ 52.011336][ T4072] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 52.019392][ T4072] R13: 00007f5ea734eeb0 R14: 000000000000046c R15: 0000200000000740 [ 52.027409][ T4072] [ 52.030474][ T4072] ---[ end trace 0000000000000000 ]--- [ 52.036748][ T4072] EXT4-fs (loop3): 1 orphan inode deleted [ 52.055266][ T4072] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 52.068213][ T3323] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.150804][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.153791][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.243714][ T4086] loop3: detected capacity change from 0 to 4096 [ 52.256520][ T4087] loop1: detected capacity change from 0 to 4096 [ 52.278005][ T4086] EXT4-fs: Ignoring removed nomblk_io_submit option [ 52.286828][ T4091] loop0: detected capacity change from 0 to 4096 [ 52.303096][ T4086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.316036][ T4087] EXT4-fs: Ignoring removed nomblk_io_submit option [ 52.327337][ T4091] EXT4-fs: Ignoring removed nomblk_io_submit option [ 52.352032][ T4087] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.377238][ T4091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 52.566094][ T4109] loop4: detected capacity change from 0 to 512 [ 52.581602][ T4106] loop2: detected capacity change from 0 to 1024 [ 52.591680][ T4109] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 52.599736][ T4109] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c000e128, mo2=0002] [ 52.618965][ T4106] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 52.628979][ T4106] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (49802!=20869) [ 52.657108][ T4109] EXT4-fs (loop4): orphan cleanup on readonly fs [ 52.663582][ T4109] EXT4-fs warning (device loop4): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 52.678242][ T4109] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 52.747177][ T4102] ALSA: seq fatal error: cannot create timer (-19) [ 52.756006][ T4106] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 52.803058][ T4106] EXT4-fs error (device loop2): ext4_get_journal_inode:5808: inode #5: comm syz.2.237: unexpected bad inode w/o EXT4_IGET_BAD [ 52.818241][ T4109] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.227: bg 0: block 40: padding at end of block bitmap is not set [ 52.835406][ T4111] ALSA: seq fatal error: cannot create timer (-19) [ 52.842255][ T4109] EXT4-fs (loop4): Remounting filesystem read-only [ 52.857325][ T4112] ALSA: seq fatal error: cannot create timer (-19) [ 52.877148][ T4106] EXT4-fs (loop2): no journal found [ 52.882426][ T4106] EXT4-fs (loop2): can't get journal size [ 52.900913][ T4109] EXT4-fs (loop4): 1 truncate cleaned up [ 52.922952][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.936436][ T4109] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.949681][ T4106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 52.957381][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.967716][ T4106] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.976196][ T3319] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.980408][ T4109] EXT4-fs (loop4): shut down requested (2) [ 53.001776][ T4109] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=16 [ 53.024223][ T4109] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=16 [ 53.048974][ T4109] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop4 ino=16 [ 53.075829][ T3312] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.100932][ T4123] loop1: detected capacity change from 0 to 512 [ 53.108736][ T4121] loop0: detected capacity change from 0 to 512 [ 53.115312][ T4121] EXT4-fs: Ignoring removed bh option [ 53.151000][ T4121] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 53.164110][ T4121] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 53.173196][ T4121] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 53.212330][ T4123] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.236069][ T4121] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 53.237619][ T4123] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 53.262721][ T4121] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 53.275288][ T4121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.447495][ T4136] loop2: detected capacity change from 0 to 164 [ 54.132024][ T4140] loop3: detected capacity change from 0 to 164 [ 54.142021][ T3313] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.211970][ T4121] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 54.222955][ T4136] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 54.246552][ T4140] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 54.254861][ T4141] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 54.267608][ T4136] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 54.286249][ T4141] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 54.294592][ T4136] Symlink component flag not implemented [ 54.300260][ T4136] Symlink component flag not implemented [ 54.308397][ T4141] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 54.317248][ T4136] Symlink component flag not implemented (7) [ 54.323899][ T4136] Symlink component flag not implemented (116) [ 54.356666][ T3316] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.368051][ T4146] netlink: 12 bytes leftover after parsing attributes in process `gtp'. [ 54.376554][ T4146] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 54.408448][ T4148] loop0: detected capacity change from 0 to 764 [ 54.449495][ T4155] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 54.468762][ T4148] rock: directory entry would overflow storage [ 54.474947][ T4148] rock: sig=0x4f50, size=4, remaining=3 [ 54.477804][ T4156] loop1: detected capacity change from 0 to 1024 [ 54.480644][ T4148] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 54.489013][ T4159] loop2: detected capacity change from 0 to 256 [ 54.501953][ T4156] EXT4-fs: Ignoring removed orlov option [ 54.525761][ T4159] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 54.547557][ T4156] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 54.577276][ T4159] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 54.676235][ T4170] loop3: detected capacity change from 0 to 8192 [ 54.686876][ T3313] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 54.692434][ T4178] loop2: detected capacity change from 0 to 512 [ 54.705773][ T3313] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled [ 54.757297][ T3299] loop3: p2 p3 p4 [ 54.761290][ T3299] loop3: p2 start 4293394690 is beyond EOD, truncated [ 54.768153][ T3299] loop3: p3 size 100663552 extends beyond EOD, truncated [ 54.777090][ T4178] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #18: comm syz.2.249: iget: bad extra_isize 90 (inode size 256) [ 54.790606][ T3299] loop3: p4 size 50331648 extends beyond EOD, truncated [ 54.792047][ T4178] EXT4-fs (loop2): Remounting filesystem read-only [ 54.804631][ T4178] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -30) [ 54.817217][ T4170] loop3: p2 p3 p4 [ 54.821446][ T4170] loop3: p2 start 4293394690 is beyond EOD, truncated [ 54.823039][ T4178] EXT4-fs (loop2): 1 orphan inode deleted [ 54.828336][ T4170] loop3: p3 size 100663552 extends beyond EOD, truncated [ 54.834703][ T4178] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 54.853390][ T4187] loop0: detected capacity change from 0 to 4096 [ 54.864098][ T4187] EXT4-fs: Ignoring removed nomblk_io_submit option [ 54.871588][ T4170] loop3: p4 size 50331648 extends beyond EOD, truncated [ 54.910722][ T37] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.026477][ T29] kauditd_printk_skb: 93 callbacks suppressed [ 55.026495][ T29] audit: type=1400 audit(1764341134.734:412): avc: denied { open } for pid=4203 comm="syz.2.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 55.068679][ T37] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.127480][ T29] audit: type=1400 audit(1764341134.734:413): avc: denied { kernel } for pid=4203 comm="syz.2.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 55.146801][ T29] audit: type=1400 audit(1764341134.804:414): avc: denied { tracepoint } for pid=4203 comm="syz.2.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 55.152751][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 55.166564][ T29] audit: type=1400 audit(1764341134.804:415): avc: denied { write } for pid=4203 comm="syz.2.253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 55.177359][ T4207] ALSA: seq fatal error: cannot create timer (-19) [ 55.210218][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.226553][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 55.268641][ T3299] udevd[3299]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 55.336230][ T37] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.357690][ T29] audit: type=1400 audit(1764341134.864:416): avc: denied { mounton } for pid=4214 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 55.379300][ T29] audit: type=1400 audit(1764341135.064:417): avc: denied { sys_module } for pid=4214 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.519375][ T37] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 55.575449][ T4277] loop2: detected capacity change from 0 to 1024 [ 55.598015][ T4278] IPv6: Can't replace route, no match found [ 55.609706][ T4277] EXT4-fs: inline encryption not supported [ 55.615608][ T4277] EXT4-fs: Ignoring removed nobh option [ 55.621308][ T4277] EXT4-fs: Ignoring removed bh option [ 55.654313][ T29] audit: type=1400 audit(1764341135.364:418): avc: denied { read } for pid=3042 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 55.712340][ T29] audit: type=1400 audit(1764341135.404:419): avc: denied { append } for pid=4275 comm="syz.2.263" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 55.747226][ T37] bridge_slave_1: left allmulticast mode [ 55.752911][ T37] bridge_slave_1: left promiscuous mode [ 55.758709][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.789770][ T4290] loop0: detected capacity change from 0 to 128 [ 55.797657][ T37] bridge_slave_0: left allmulticast mode [ 55.803371][ T37] bridge_slave_0: left promiscuous mode [ 55.809146][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 55.862549][ T29] audit: type=1400 audit(1764341135.574:420): avc: denied { name_bind } for pid=4291 comm="syz.4.268" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 55.925064][ T29] audit: type=1400 audit(1764341135.604:421): avc: denied { validate_trans } for pid=4293 comm="syz.0.269" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 55.959524][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 55.974490][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 55.985105][ T37] bond0 (unregistering): Released all slaves [ 56.003957][ T4307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.270'. [ 56.049053][ T37] hsr_slave_0: left promiscuous mode [ 56.060216][ T37] hsr_slave_1: left promiscuous mode [ 56.073600][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 56.081245][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 56.107409][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 56.114843][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 56.138846][ T37] veth1_macvtap: left promiscuous mode [ 56.149979][ T37] veth0_macvtap: left promiscuous mode [ 56.155640][ T37] veth1_vlan: left promiscuous mode [ 56.177847][ T37] veth0_vlan: left promiscuous mode [ 56.281049][ T4339] loop3: detected capacity change from 0 to 512 [ 56.289943][ T4339] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 56.299140][ T4339] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 56.307609][ T37] team0 (unregistering): Port device team_slave_1 removed [ 56.317177][ T4339] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 56.326575][ T37] team0 (unregistering): Port device team_slave_0 removed [ 56.326603][ T4339] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 56.344248][ T4339] System zones: 0-2, 18-18, 34-35 [ 56.354323][ T4339] EXT4-fs warning (device loop3): ext4_lookup:1799: Inconsistent encryption contexts: 12/14 [ 56.369531][ T4324] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) ! [ 56.468850][ T4214] chnl_net:caif_netlink_parms(): no params data found [ 56.498195][ T4353] 9pnet: Could not find request transport: ¼ [ 56.558485][ T4369] loop0: detected capacity change from 0 to 1024 [ 56.565569][ T4369] EXT4-fs: inline encryption not supported [ 56.594329][ T4369] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 56.603232][ T4369] System zones: 0-1, 3-12 [ 56.626384][ T4214] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.633544][ T4214] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.642480][ T4214] bridge_slave_0: entered allmulticast mode [ 56.651525][ T4381] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'. [ 56.657918][ T4214] bridge_slave_0: entered promiscuous mode [ 56.667877][ T4214] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.675030][ T4214] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.696257][ T4214] bridge_slave_1: entered allmulticast mode [ 56.702949][ T4214] bridge_slave_1: entered promiscuous mode [ 56.734964][ T4387] netlink: 16 bytes leftover after parsing attributes in process `syz.2.293'. [ 56.744316][ T4384] loop0: detected capacity change from 0 to 4096 [ 56.752783][ T4214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.773938][ T4384] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.782331][ T4214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.864582][ T4214] team0: Port device team_slave_0 added [ 56.881348][ T4214] team0: Port device team_slave_1 added [ 56.940231][ T4401] ALSA: seq fatal error: cannot create timer (-19) [ 56.953628][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.960741][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 56.986699][ T4214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.044727][ T4214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.051946][ T4214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 57.077965][ T4214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.124317][ T4414] loop2: detected capacity change from 0 to 1024 [ 57.144170][ T4414] EXT4-fs: inline encryption not supported [ 57.157147][ T4417] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 57.157147][ T4417] program syz.3.301 not setting count and/or reply_len properly [ 57.160038][ T4214] hsr_slave_0: entered promiscuous mode [ 57.217607][ T4414] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 57.220050][ T4214] hsr_slave_1: entered promiscuous mode [ 57.237433][ T4214] debugfs: 'hsr0' already exists in 'hsr' [ 57.242192][ T4414] System zones: [ 57.243203][ T4214] Cannot create hsr debugfs directory [ 57.243202][ T4414] 0-1, 3-12 [ 57.359905][ T4434] loop3: detected capacity change from 0 to 512 [ 57.373399][ T4434] EXT4-fs (loop3): 1 orphan inode deleted [ 57.472510][ T4214] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 57.483681][ T4214] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 57.490829][ T4442] netlink: 24 bytes leftover after parsing attributes in process `syz.0.309'. [ 57.526925][ T4214] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 57.552083][ T4450] loop2: detected capacity change from 0 to 512 [ 57.555139][ T4214] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 57.569111][ T4452] SELinux: Context Ü is not valid (left unmapped). [ 57.590028][ T4450] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 57.692447][ T4467] loop0: detected capacity change from 0 to 4096 [ 57.706758][ T4214] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.714011][ T4467] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.722199][ T4450] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 57.737696][ T4450] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.310: bg 0: block 248: padding at end of block bitmap is not set [ 57.752713][ T4450] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.310: Failed to acquire dquot type 1 [ 57.755772][ T4214] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.773221][ T4450] EXT4-fs (loop2): 1 truncate cleaned up [ 57.797306][ T4469] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 57.803923][ T4469] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 57.811389][ T4469] vhci_hcd vhci_hcd.0: Device attached [ 57.819502][ T4450] syz.2.310 (4450) used greatest stack depth: 9248 bytes left [ 57.841770][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.847679][ T4479] vhci_hcd: connection closed [ 57.848882][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.849011][ T52] vhci_hcd: stop threads [ 57.865094][ T52] vhci_hcd: release socket [ 57.869632][ T52] vhci_hcd: disconnect device [ 57.877063][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.884163][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.919984][ T4483] netlink: 44 bytes leftover after parsing attributes in process `syz.2.316'. [ 57.935555][ T4214] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.947149][ T4483] Zero length message leads to an empty skb [ 58.030788][ T4494] random: crng reseeded on system resumption [ 58.049365][ T4488] ALSA: seq fatal error: cannot create timer (-19) [ 58.061265][ T4490] loop4: detected capacity change from 0 to 1024 [ 58.086591][ T4490] EXT4-fs: inline encryption not supported [ 58.094951][ T4214] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.171073][ T4490] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a80ec018, mo2=0002] [ 58.179580][ T4490] System zones: 0-1, 3-12 [ 58.269845][ T4519] netlink: 12 bytes leftover after parsing attributes in process `gtp'. [ 58.284460][ T4519] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 58.321109][ T4524] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.351761][ T4529] loop0: detected capacity change from 0 to 512 [ 58.369465][ T4529] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 58.401402][ T4214] veth0_vlan: entered promiscuous mode [ 58.434799][ T4214] veth1_vlan: entered promiscuous mode [ 58.454432][ T4538] SELinux: policydb version 17152 does not match my version range 15-35 [ 58.469539][ T4540] loop0: detected capacity change from 0 to 256 [ 58.476052][ T4538] SELinux: failed to load policy [ 58.502112][ T4214] veth0_macvtap: entered promiscuous mode [ 58.533038][ T4214] veth1_macvtap: entered promiscuous mode [ 58.589940][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.607703][ T4214] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.619709][ T37] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.689625][ T4262] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.720111][ T4262] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.754305][ T4262] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.782664][ T4559] loop0: detected capacity change from 0 to 4096 [ 58.794796][ T4565] loop3: detected capacity change from 0 to 4096 [ 58.807683][ T4565] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.827576][ T4559] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.838756][ T4575] netlink: 28 bytes leftover after parsing attributes in process `syz.4.346'. [ 58.847736][ T4575] netlink: 28 bytes leftover after parsing attributes in process `syz.4.346'. [ 58.969381][ T4579] ALSA: seq fatal error: cannot create timer (-19) [ 59.098251][ T4593] netlink: 'syz.4.352': attribute type 12 has an invalid length. [ 59.106048][ T4593] netlink: 'syz.4.352': attribute type 29 has an invalid length. [ 59.113896][ T4593] netlink: 148 bytes leftover after parsing attributes in process `syz.4.352'. [ 59.195288][ T4595] ALSA: seq fatal error: cannot create timer (-19) [ 59.247354][ T4605] syzkaller1: entered promiscuous mode [ 59.252906][ T4605] syzkaller1: entered allmulticast mode [ 59.368123][ T4618] loop3: detected capacity change from 0 to 512 [ 59.454449][ T4626] loop2: detected capacity change from 0 to 2048 [ 59.468913][ T4618] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 59.507573][ T4624] loop5: detected capacity change from 0 to 4096 [ 59.517491][ T4618] EXT4-fs (loop3): mount failed [ 59.531412][ T4624] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.561331][ T4626] loop2: p1 < > p4 [ 59.574195][ T4626] loop2: p4 size 8388608 extends beyond EOD, truncated [ 59.603841][ T4639] netlink: 27 bytes leftover after parsing attributes in process `syz.3.369'. [ 59.615584][ T4636] SELinux: ebitmap start bit (527362) is not a multiple of the map unit size (64) [ 59.650484][ T4636] SELinux: failed to load policy [ 59.755711][ T4645] ALSA: seq fatal error: cannot create timer (-19) [ 59.770481][ T3306] udevd[3306]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 59.800817][ T4657] batadv_slave_1: entered promiscuous mode [ 59.807611][ T4656] batadv_slave_1: left promiscuous mode [ 59.919427][ T4662] loop0: detected capacity change from 0 to 4096 [ 59.924881][ T4664] loop3: detected capacity change from 0 to 4096 [ 59.933182][ T4664] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.936761][ T4662] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.148976][ T4674] ALSA: seq fatal error: cannot create timer (-19) [ 60.208669][ T4678] ALSA: seq fatal error: cannot create timer (-19) [ 60.220792][ T4680] loop2: detected capacity change from 0 to 4096 [ 60.231653][ T4681] loop5: detected capacity change from 0 to 4096 [ 60.237719][ T4680] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.287563][ T4681] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.448734][ T4686] ALSA: seq fatal error: cannot create timer (-19) [ 60.527469][ T4691] ALSA: seq fatal error: cannot create timer (-19) [ 60.626474][ T4696] ALSA: seq fatal error: cannot create timer (-19) [ 60.861936][ T4715] binfmt_misc: register: failed to install interpreter file ./file0 [ 60.922081][ T29] kauditd_printk_skb: 75 callbacks suppressed [ 60.922099][ T29] audit: type=1400 audit(1764341140.634:494): avc: denied { read append } for pid=4720 comm="syz.3.399" name="virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.922208][ T29] audit: type=1400 audit(1764341140.634:495): avc: denied { open } for pid=4720 comm="syz.3.399" path="/dev/virtual_nci" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 60.970341][ T4726] loop0: detected capacity change from 0 to 512 [ 60.987078][ T4727] 9pnet_fd: Insufficient options for proto=fd [ 61.039370][ T4726] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 61.074078][ T4726] EXT4-fs (loop0): 1 truncate cleaned up [ 61.081529][ T4736] netlink: 'syz.2.395': attribute type 10 has an invalid length. [ 61.089414][ T4736] netlink: 40 bytes leftover after parsing attributes in process `syz.2.395'. [ 61.102118][ T4733] xt_connbytes: Forcing CT accounting to be enabled [ 61.105342][ T4735] random: crng reseeded on system resumption [ 61.109188][ T4726] EXT4-fs (loop0): shut down requested (2) [ 61.121341][ T4733] set match dimension is over the limit! [ 61.141673][ T4736] team0: Port device geneve1 added [ 61.147431][ T52] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.163318][ T4719] netlink: 8 bytes leftover after parsing attributes in process `syz.2.395'. [ 61.172838][ T29] audit: type=1400 audit(1764341140.894:496): avc: denied { read } for pid=4737 comm="syz.3.405" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 61.173098][ T52] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.195732][ T29] audit: type=1400 audit(1764341140.894:497): avc: denied { open } for pid=4737 comm="syz.3.405" path="/dev/ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 61.231019][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.264825][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.312106][ T4743] loop5: detected capacity change from 0 to 4096 [ 61.323489][ T4747] SELinux: failed to load policy [ 61.327318][ T4743] EXT4-fs: Ignoring removed nomblk_io_submit option [ 61.342820][ T4745] loop4: detected capacity change from 0 to 4096 [ 61.351629][ T4745] EXT4-fs: Ignoring removed nomblk_io_submit option [ 61.523313][ T4757] loop2: detected capacity change from 0 to 4096 [ 61.530426][ T4757] EXT4-fs: Ignoring removed nomblk_io_submit option [ 61.949271][ T4770] netlink: 20 bytes leftover after parsing attributes in process `syz.0.414'. [ 61.980314][ T4760] ALSA: seq fatal error: cannot create timer (-19) [ 62.094309][ T4768] ALSA: seq fatal error: cannot create timer (-19) [ 62.219633][ T4774] ALSA: seq fatal error: cannot create timer (-19) [ 62.595325][ T29] audit: type=1400 audit(1764341142.294:498): avc: denied { unmount } for pid=3316 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 62.652295][ T4787] SELinux: ebitmap start bit (527362) is not a multiple of the map unit size (64) [ 62.663346][ T4787] SELinux: failed to load policy [ 62.701121][ T4791] loop0: detected capacity change from 0 to 4096 [ 62.707917][ T4791] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.734384][ T29] audit: type=1400 audit(1764341142.424:499): avc: denied { ioctl } for pid=4792 comm="syz.4.424" path="socket:[8005]" dev="sockfs" ino=8005 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 62.757415][ T4801] loop2: detected capacity change from 0 to 4096 [ 62.766532][ T4801] EXT4-fs: Ignoring removed nomblk_io_submit option [ 62.786079][ T29] audit: type=1326 audit(1764341142.494:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4799 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc56d40f749 code=0x7ffc0000 [ 62.809489][ T29] audit: type=1326 audit(1764341142.494:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4799 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc56d40f749 code=0x7ffc0000 [ 62.833032][ T29] audit: type=1326 audit(1764341142.514:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4799 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc56d40f749 code=0x7ffc0000 [ 62.856289][ T29] audit: type=1326 audit(1764341142.514:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4799 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc56d40f749 code=0x7ffc0000 [ 62.908098][ T4803] loop3: detected capacity change from 0 to 4096 [ 62.925688][ T4803] EXT4-fs: Ignoring removed nomblk_io_submit option [ 63.002749][ T4808] ALSA: seq fatal error: cannot create timer (-19) [ 63.012499][ T4814] netlink: 'syz.5.419': attribute type 10 has an invalid length. [ 63.020471][ T4814] netlink: 40 bytes leftover after parsing attributes in process `syz.5.419'. [ 63.051720][ T4813] loop4: detected capacity change from 0 to 764 [ 63.068424][ T4805] netlink: 8 bytes leftover after parsing attributes in process `syz.5.419'. [ 63.195408][ T4813] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 63.197814][ T4815] ALSA: seq fatal error: cannot create timer (-19) [ 63.223952][ T4813] Symlink component flag not implemented [ 63.225066][ T4814] team0: Port device geneve1 added [ 63.233079][ T4813] Symlink component flag not implemented (7) [ 63.283831][ T4816] ALSA: seq fatal error: cannot create timer (-19) [ 63.747482][ T4830] netlink: 8 bytes leftover after parsing attributes in process `syz.2.431'. [ 63.862168][ T4831] loop5: detected capacity change from 0 to 4096 [ 63.907531][ T4831] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.045391][ T4844] loop3: detected capacity change from 0 to 4096 [ 64.054116][ T4844] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.236587][ T4849] ALSA: seq fatal error: cannot create timer (-19) [ 64.259491][ T4861] loop0: detected capacity change from 0 to 512 [ 64.270923][ T4861] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 64.327533][ T4861] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.344513][ T4869] SELinux: policydb version 0 does not match my version range 15-35 [ 64.362623][ T4868] loop2: detected capacity change from 0 to 512 [ 64.372252][ T4869] SELinux: failed to load policy [ 64.381284][ T4866] ALSA: seq fatal error: cannot create timer (-19) [ 64.467172][ T4868] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.490055][ T4868] EXT4-fs (loop2): shut down requested (1) [ 64.513699][ T4878] loop0: detected capacity change from 0 to 4096 [ 64.524309][ T4878] EXT4-fs: Ignoring removed nomblk_io_submit option [ 64.627441][ T4881] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop2 ino=12 [ 64.700548][ T4887] ALSA: seq fatal error: cannot create timer (-19) [ 64.731817][ T4890] netlink: 'syz.4.450': attribute type 10 has an invalid length. [ 64.739751][ T4890] netlink: 40 bytes leftover after parsing attributes in process `syz.4.450'. [ 64.774038][ T4896] loop5: detected capacity change from 0 to 512 [ 64.809564][ T4896] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.824525][ T4902] loop3: detected capacity change from 0 to 512 [ 64.843043][ T4883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.450'. [ 64.868578][ T4904] loop2: detected capacity change from 0 to 512 [ 64.881893][ T4902] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.909129][ T4890] team0: Port device geneve1 added [ 64.950319][ T4904] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 65.032355][ T4904] ext4 filesystem being mounted at /101/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.120788][ T4917] team_slave_0: entered promiscuous mode [ 65.126495][ T4917] team_slave_1: entered promiscuous mode [ 65.132195][ T4917] geneve1: entered promiscuous mode [ 65.253201][ T4917] 8021q: adding VLAN 0 to HW filter on device · [ 65.309375][ T4922] netlink: 28 bytes leftover after parsing attributes in process `syz.4.464'. [ 65.334158][ T4922] netlink: 9 bytes leftover after parsing attributes in process `syz.4.464'. [ 65.507362][ T4929] netlink: 'syz.3.466': attribute type 1 has an invalid length. [ 65.532620][ T4930] loop4: detected capacity change from 0 to 4096 [ 65.540669][ T4930] EXT4-fs: Ignoring removed nomblk_io_submit option [ 65.550080][ T4926] loop5: detected capacity change from 0 to 4096 [ 65.557653][ T4926] EXT4-fs: Ignoring removed nomblk_io_submit option [ 65.567415][ T4932] loop2: detected capacity change from 0 to 2048 [ 65.827511][ T4939] ALSA: seq fatal error: cannot create timer (-19) [ 65.855187][ T4941] ALSA: seq fatal error: cannot create timer (-19) [ 65.879024][ T4945] loop2: detected capacity change from 0 to 4096 [ 65.881038][ T4952] netlink: 24 bytes leftover after parsing attributes in process `syz.0.475'. [ 65.907896][ T4945] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.036650][ T4960] netlink: 'syz.0.477': attribute type 1 has an invalid length. [ 66.086196][ T3684] ================================================================== [ 66.086237][ T3684] BUG: KCSAN: data-race in fill_mg_cmtime / shmem_mknod [ 66.086286][ T3684] [ 66.086293][ T3684] write to 0xffff888103607b14 of 4 bytes by task 3306 on cpu 0: [ 66.086313][ T3684] shmem_mknod+0x137/0x180 [ 66.086337][ T3684] shmem_create+0x34/0x50 [ 66.086359][ T3684] path_openat+0x1105/0x2170 [ 66.086378][ T3684] do_filp_open+0x109/0x230 [ 66.086398][ T3684] do_sys_openat2+0xa6/0x110 [ 66.086418][ T3684] __x64_sys_openat+0xf2/0x120 [ 66.086441][ T3684] x64_sys_call+0x2eab/0x3000 [ 66.086469][ T3684] do_syscall_64+0xd2/0x200 [ 66.086496][ T3684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.086522][ T3684] [ 66.086528][ T3684] read to 0xffff888103607b14 of 4 bytes by task 3684 on cpu 1: [ 66.086547][ T3684] fill_mg_cmtime+0x5b/0x260 [ 66.086579][ T3684] generic_fillattr+0x24a/0x340 [ 66.086616][ T3684] shmem_getattr+0x181/0x200 [ 66.086643][ T3684] vfs_getattr_nosec+0x146/0x1e0 [ 66.086684][ T3684] vfs_statx+0x113/0x390 [ 66.086718][ T3684] vfs_fstatat+0x115/0x170 [ 66.086752][ T3684] __se_sys_newfstatat+0x55/0x260 [ 66.086786][ T3684] __x64_sys_newfstatat+0x55/0x70 [ 66.086824][ T3684] x64_sys_call+0x135a/0x3000 [ 66.086850][ T3684] do_syscall_64+0xd2/0x200 [ 66.086869][ T3684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 66.086892][ T3684] [ 66.086897][ T3684] value changed: 0x3056fd8c -> 0x30720a5b [ 66.086909][ T3684] [ 66.086914][ T3684] Reported by Kernel Concurrency Sanitizer on: [ 66.086931][ T3684] CPU: 1 UID: 0 PID: 3684 Comm: udevd Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 66.086965][ T3684] Tainted: [W]=WARN [ 66.086973][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 66.086988][ T3684] ================================================================== [ 66.165781][ T4964] ALSA: seq fatal error: cannot create timer (-19) [ 66.190749][ T4966] loop4: detected capacity change from 0 to 4096 [ 66.191289][ T4966] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.327215][ T4974] ALSA: seq fatal error: cannot create timer (-19)