last executing test programs: 3m3.624031763s ago: executing program 4 (id=189): r0 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000080)={0x0, 0xec21, 0x80, 0x1, 0x40000333}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002080)={&(0x7f0000000300)='kfree\x00', r4}, 0x10) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x847ba, 0x2000, 0xe, 0x0, 0x0) 3m3.366448706s ago: executing program 4 (id=192): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xf8}], 0x1}, 0x1f00) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) 3m2.506888659s ago: executing program 4 (id=232): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070003070000000000000002000300030000000903000038000000fcffffff0e000000000020000100050000010000000000000300000008000000f30000007f00000004"], 0x58) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xb, 0x7, 0x3, 0x8, 0x5}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 3m2.45844883s ago: executing program 4 (id=234): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000240)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000040)='./file0\x00') 3m2.41008082s ago: executing program 4 (id=237): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x4, 0x8, 0xc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000004b704000000000000850000000300000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000001108000440000000020900010073797a30000000000900020073797a32"], 0x78}}, 0x0) 3m2.192260934s ago: executing program 4 (id=241): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) 3m2.192045634s ago: executing program 32 (id=241): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) 2m26.526729439s ago: executing program 1 (id=1420): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x1, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0) write$selinux_load(r1, &(0x7f0000000000)=ANY=[], 0x44f0) 2m26.356342132s ago: executing program 1 (id=1425): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x300060c1) setsockopt$sock_attach_bpf(r1, 0x6, 0x3, &(0x7f00000000c0), 0x4) sendmsg$inet(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)='j', 0x1}], 0x1}, 0x1) close(r1) 2m25.459834005s ago: executing program 1 (id=1452): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) rt_sigaction(0x1d, &(0x7f0000000180)={&(0x7f00000002c0)="c401cd5c3f262e65643e67660f3a209d04000000f36464f2450faef3c4e11f7c86f598bc9543d044dc54d8308f29c09bd20f106a002ef0809cf4deec140000d119", 0xd0000001, 0x0, {[0x3]}}, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010"], 0x44}}, 0x20008000) 2m25.450313685s ago: executing program 1 (id=1456): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x804, &(0x7f0000000440)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64, @ANYRESOCT], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") open(0x0, 0x0, 0x40) prlimit64(0x0, 0xe, 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) madvise(&(0x7f0000ffe000/0x2000)=nil, 0xffffffffdf001fff, 0x18) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0x1a, r0, 0xc, &(0x7f0000000000)) 2m25.387735636s ago: executing program 1 (id=1459): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0xf9e8, 0x4) setsockopt$inet_int(r0, 0x0, 0xc, &(0x7f0000000040)=0x3, 0x2) recvmmsg(r0, &(0x7f0000005100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/17, 0x11}, 0xa65}], 0x1, 0x45833af92e4b39ff, 0x0) 2m25.268046588s ago: executing program 1 (id=1464): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 2m25.267923098s ago: executing program 33 (id=1464): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10) connect$pppl2tp(r0, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1m54.227490396s ago: executing program 2 (id=2472): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = syz_io_uring_setup(0x2402, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1m54.189870056s ago: executing program 2 (id=2473): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4c001}, 0x4004110) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffc01}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001c80)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x18) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x480d5}, 0x0) dup2(r0, r1) 1m54.157717257s ago: executing program 2 (id=2476): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000004140)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x0, 0x33, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xea, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r2, 0x0, 0x2000}, 0x18) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0180000000000000000001000000000000000b00000000030014"], 0x28}}, 0x40000) 1m54.139186457s ago: executing program 2 (id=2478): arch_prctl$ARCH_SHSTK_STATUS(0x5005, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]}) pwrite64(r0, &(0x7f0000000300)="ec", 0x1, 0x8000c61) 1m53.378889408s ago: executing program 2 (id=2488): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) quotactl_fd$Q_GETINFO(r1, 0xffffffff80000500, r3, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000700)={&(0x7f0000000000)='xen_cpu_write_idt_entry\x00', r1}, 0x18) syz_emit_ethernet(0x7e, &(0x7f0000000340)={@broadcast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x6, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @dest_unreach={0x3, 0x9, 0x0, 0x0, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @dev, @local, {[@generic={0x86, 0x6, "c045d457"}, @ra={0x94, 0x4}, @ssrr={0x89, 0x7, 0x0, [@empty]}, @timestamp_addr={0x44, 0x2c, 0x0, 0x1, 0x0, [{}, {@private=0xa010101}, {@local}, {@local}, {@multicast2}]}]}}}}}}}, 0x0) 1m53.092090273s ago: executing program 2 (id=2492): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014000380100001800800010000000000040003"], 0x44}}, 0x0) 1m53.091614862s ago: executing program 34 (id=2492): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_clone(0x2c9a4080, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014000380100001800800010000000000040003"], 0x44}}, 0x0) 1m19.994637361s ago: executing program 6 (id=3547): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'gre0\x00', 0x10}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000080)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000084000000000100000100000000", @ANYRES32, @ANYRESHEX=0x0], 0x50) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)) 1m19.723863545s ago: executing program 6 (id=3550): socket$nl_netfilter(0x10, 0x3, 0xc) fsopen(&(0x7f0000000000)='pipefs\x00', 0x0) socket$inet(0xa, 0x801, 0x84) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="120000000b0000000800000002"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000280)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000440)={r2, &(0x7f00000001c0), 0x0}, 0x20) 1m19.688384575s ago: executing program 6 (id=3541): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def", 0xe8}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff", 0xa5}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a429", 0xe6}], 0x4}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088", 0x3c}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b4", 0x6a}, {&(0x7f0000000e80)="5be3b011e12323e4ab88c0472f0700000000000000e71ba6231f303d2db97401439932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19545f7a1dcf1449fd59eecae5f52fba1e89d6d34b39297bbbc2580600000000000000d6e36e737691a1c6bd2a64b2a85cbaaf646e72f8fe", 0x75}], 0x3}}], 0x2, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 1m18.764221269s ago: executing program 6 (id=3571): bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x20081e, &(0x7f00000001c0)={[{@grpquota}, {@jqfmt_vfsv1}, {@minixdf}]}, 0x1, 0x518, &(0x7f0000000ac0)="$eJzs3c9vI1cdAPCvZ+PEyaZNWnoARNulLSxotU7ibaOqBygnhFAlRI9FSkPiRFHsOIqd0oQ9pGeuSFTiBEf+AM49IXHkguDGpRyQ+BGBGiQORjOeZL1Zu4k2iR3Fn480mvfmeef7fZud99YviV8AI+tORBxExHhEvB8RM/n1Qn7E250jfd1nhw9Xjg4frhSi3X73n4WsPb0WXX8mdTu/ZykifvjdiB8Xnozb3NvfXK7Vqjt5fa5V355r7u3f36gvr1fXq1uVyuLC4vybD96oXFpfX66P56UXP/3DwTd/mqY1nV/p7sdl6nS9eBInNRYR37+KYENwK+/P+LAT4akkEfF8RLySPf8zcSv7agIAN1m7PRPtme46AHDTJdkaWCEp52sB05Ek5XJnDe+FmEpqjWbr3lpjd2u1s1Y2G8VkbaNWnc/XCmejWEjrC1n5Ub1yqv4gIp6LiJ9PTGb18kqjtjrM//gAwAi7fWr+/89EZ/4/04tLA8gOALgypWEnAAAMnPkfAEaP+R8ARo/5HwBGT2f+nxx2GgDAAHn/DwCjx/wPACPlB++8kx7to/zzr1c/2NvdbHxwf7Xa3CzXd1fKK42d7fJ6o7GefWZP/az71RqN7YXXY/fD2W9tN1tzzb39pXpjd6u1lH2u91K1mL3qYAA9AwD6ee7lT/5cSGfktyazI7r2cigONTPgqiXDTgAYmlvDTgAYGrt9wei6wHt8ywNwQ/TYovcxpV6/INRut9tXlxJwxe5+yfo/jKqu9X8/BQwjxvo/jC7r/zC62u3Ceff8j/O+EAC43qzxA32+//98fv5N/s2BH62efsXHV5kVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXG/H+/+W873ApyNJyuWIZyJiNoqFtY1adT4ino2IP00UJ9L6wpBzBgAuKvlbId//6+7Ma9OPNb10+6Q4HhE/+eW7v/hwudXa+WPEeOFfE8fXWx/n1yuDzx4AONvxPJ2du97If3b4cOX4GGQ+f/9ORJQ68Y8Ox+PoJP5YjGXnUhQjYurfhbzeUehau7iIg48i4ou9+l+I6WwNpLPz6en4aexnBho/eSx+krV1zunfxRcuIRcYNZ+k48/bvZ6/JO5k597PfykboS4uH//SW60cZWPgo/jH49+tPuPfnfPGeP133+uUJp9s+yjiy2MRx7GPusaf4/iFPvFfO2f8v3zlpVf6tbV/FXE3esfvjjXXqm/PNff272/Ul9er69WtSmVxYXH+zQdvVObWNn5fnZ/rPxv84617z/ZrS/s/1Sd+6Yz+f+2c/f/1/95/76s9ro/l8b/xaq/4SbzwOfHTOfHr54y/PPXbUr+2NP5qn/6f9fW/d874n/51/4ltwwGA4Wnu7W8u12rVnYsX3stvmV2J5BLv/LSFUgwzusLlF9J/X9cgjZ6Fbw8q1nj0bvrZq50H8FRTu/1UsfqNGJex6gZcBycPfUT8d9jJAAAAAAAAAAAAAAAAPQ3iN5aG3UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABurv8HAAD//5B9y08=") creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7ffffffffffffffc, 0x80100000400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47d8780820335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffff000000e8f20000000200", "b73267f0fffffffff2ff00", [0x10000000000004]}) openat(0xffffffffffffff9c, &(0x7f0000001740)='.\x00', 0x511881, 0x96) 1m18.464693313s ago: executing program 6 (id=3588): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@noquota}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x2, 0x4e4, &(0x7f0000002d40)="$eJzs3c9PXFsdAPDvHZgCLc/hqYvnS3w2+gxttDNQbEtcVEyMrppY68YVIgyEMDCEGdpCGkPjH2Bi/BVduXJj4tqYmP4JxqSJ7o0xmkbbunChjrnDHYu8AYaUYSjz+SSn95z763tO4R7m3HMzN4C+dTkiZiJiICKuRkQhW5/LUuzspnS/F88fzacpicbQvb8lkWTrWudKsuWl7LDhiPjaVyK+lXwwbm1re2WuUilvZOVSfXW9VNvavra8OrdUXiqvzUxN3py+NX1jeuLE2nr7S3/+4Xd//uXbv/nsgz/O/vXKt9NqjWbb9rajEzsd7rfb9Hzz/6JlMCI2jhPsDBvI2pPvdUUAAOhI+hn/wxHxyYh4+ZNe1wYAAADohsYXRuNfSUQDAAAAOLdyzWdgk1wxexZgNHK5YnH3Gd6PxsVcpVqrf2axurm2sPus7Fjkc4vLlfJE9qzwWOSTtDzZzL8qX99XnoqItyPi+4WRZrk4X60s9PrmBwAAAPSJS/vG//8o7I7/AQAAgHNmrNcVAAAAALrO+B8AAADOvwPH/8ng6VYEAAAA6Iav3rmTpkbr/dcL97c2V6r3ry2UayvF1c354nx1Y724VK0uNb+zb/Wo81Wq1fXPxdrmw1K9XKuXalvbs6vVzbX6bPO93rPlRuFUmgUAAADs8fYnnvwhiYidz480U+pCti1/9OEz3a0d0E254+2edKsewOkb6HUFgJ7xgC/0rw7G+MA5d8TA/gf7yse8bQAAAJwF4x97rfl/84HwBjOQh/5l/h/6l/l/6F/m/6HPDR29y/BBG357wnUBAAC6ZrSZklwxmwscjVyuWIx4q/lagHyyuFwpT0TEhyLi94X8UFqe7HWlAQAAAAAAAAAAAAAAAAAAAAAAAOAN02gk0QAAAADOtYjcX5LsRf7jhfdH998fuJD8s9BcRsSDn9770cO5en1jMl3/9/+tr/84W3+9tSb1jVO+kwEAAAC0tMbprXE8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJykF88fzbfSacZ99sWIGGsXfzCGm8vhXxUi4uLLJAb3HJdExMAJxN95HBHvtIufpNWKsawW++PnImKkx/EvnUB86GdP0v5nJr3+8vuuv1xcbi7bX3+DWXpdzy4f1P/lWv1fs59r1/+9dfiph1uZd5/+snRg/McR7w62739a8ZN28S903sZvfn17+6BtjZ9FjB/x9yeNX6qvrpdqW9vXllfnlspL5bWpqcmb07emb0xPlBaXK+Xs37YxvvfxX//nsPZfbBt/t/89sP0R8X6H7f/304fPP3JI/Cufav/zf+eQ+OnvxKezvwPp9vFWfmc3v9d7v/jde4e1f+GA9h/684+IKx22/+rd7/ypw10BgFNQ29pematUyhtdyYx07cwyaaa6diaqIXN2M3ezC/3Yh/e4YwIAAE7cqw/9+7ccY4IHAAAAAAAAAAAAAAAAAAAAeC1d/xKyof//ZoHh3jUVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ/w0AAP//5w/Stg==") setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x54, 0x10, 0x1, 0x70bdad, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0xc}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0) 1m17.871717972s ago: executing program 6 (id=3585): socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1m17.817782763s ago: executing program 35 (id=3585): socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0xa, 0x300) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2608064c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 14.888687301s ago: executing program 8 (id=5483): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x11f2, &(0x7f0000000300)={0x0, 0x0, 0x1000, 0xfffffffe, 0x201}, &(0x7f00000003c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x1fc, 0x0, 0x1}) io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r5, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x40032043, 0x1}) 14.731584443s ago: executing program 8 (id=5487): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001600)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000006000000180100006020702500000000002020207b1af8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fchmod(r3, 0x148) 14.710538733s ago: executing program 8 (id=5488): newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 14.605046155s ago: executing program 8 (id=5490): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') setns(r1, 0x24020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x8000, &(0x7f0000000200)={0x7, 0x0, 0x80000}, 0x20) 14.591015785s ago: executing program 8 (id=5492): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r4 = fcntl$dupfd(r0, 0x406, r1) getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000000), &(0x7f00000000c0)=0x4) 14.491827267s ago: executing program 8 (id=5493): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 14.491611227s ago: executing program 36 (id=5493): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 1.512602018s ago: executing program 0 (id=5803): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r3, 0x0, r5, 0x0, 0x88000cc, 0x0) write$eventfd(r4, &(0x7f0000000240), 0xffffff14) 1.38808891s ago: executing program 0 (id=5807): syz_mount_image$vfat(&(0x7f00000003c0), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003b40)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRES16=0x0, @ANYRES32, @ANYRES8, @ANYRES64], 0x8, 0x2f6, &(0x7f0000001cc0)="$eJzs3EtPE10YwPGnV9oSaBdv3jevieFEN7qZQHWtNAYSYxMJUuMlMRlgqk3HlnQaTI3xsnJr/BAuCEt2JMoXYONON27csTFxIQtjTedCoQwgbWkR/r+EzMOc88ycc1qa5zS0G3fePC7mLS2vVyUYUxIQEdkUSUlQPAH3GLTjqGz3Ui4Ofv909tbdezcy2ezEtFKTmZlLaaXU8Mj7J8/ibrfVAVlPPdj4lv66/u/6/xu/Zh4VLFWwVKlcVbqaLX+p6rOmoeYLVlFTaso0dMtQhZJlVJz2stOeN8sLCzWll+aHEgsVw7KUXqqpolFT1bKqVmoq9FAvlJSmaWooIThIbml6Ws+0mTzX5cHgiFQqGT0kIvFdLbmlvgwIAAD0VWv9HxTVzfp/+dxadfD2yrBb/69G/er/y5+da+2o/2Mi4lv/e/f3rf/1w9X/uyui06Wj+h/Hw0h016lAM2w0VjJ6wv37tb26vzxqB9T/AAAAAAAAAAAAAAAAAAAAAAD8DTbr9WS9Xk96R+9nQERiIuL97pMaEpGrfRgyuqiDxx8nQPODe+FhEfP1Ym4x5xzdDmsiYooho5KUn/bzwdWIvU8eqYaUfDBfOPkD7suDSCYvBTt/TJIRaeaH3HjyenZiTDma+Y1jRBLb89OSlH9a7+/kp33zo3Lh/LZ8TZLycU7KYsq8fe9m/vMxpa7dzLbkx+1+AAAAAACcBJraktq5/3X275q2V7uTv7W/bn1/INTcX4/67s/Dcibc37kDAAAAAHBaWLWnRd00jco+QVwO7tN+ED6iK3sz/NMs738Zjm6m+wTezXc0xdyTnVw54rcsgUMsyx5BUNrJGmnMRnW6Yt7bRnv1kanx3j+CdvDf23c/ureYV1ZiB8y0/SC0/xMg0rMXIAAAAAA90yz6vTPj/R0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnUC++Ha3fcwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOi98BAAD//xPfAEw=") r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0xf0) pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0) 1.309704071s ago: executing program 0 (id=5810): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 1.206472352s ago: executing program 0 (id=5824): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000010bc0)='kfree\x00', r0}, 0x18) fsmount(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380080005"], 0x3c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) 1.120253834s ago: executing program 3 (id=5817): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) sendto$inet6(r1, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x0, 0x4079}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x7a}, 0x8) 1.110035354s ago: executing program 0 (id=5818): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18) ftruncate(r0, 0x2007ffc) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendfile(r0, r0, 0x0, 0x800000009) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) 1.093428354s ago: executing program 3 (id=5820): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) 1.059943464s ago: executing program 7 (id=5821): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 1.040565915s ago: executing program 3 (id=5823): close(0xffffffffffffffff) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7fef, 0x1082, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x3, 0x202, 0x400, 0x6, 0x0, 0x0, 0x0, 0xa9e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x30044889) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 865.494847ms ago: executing program 7 (id=5828): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) close_range(r2, r3, 0x0) 783.615539ms ago: executing program 7 (id=5829): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newlink={0x20, 0x10, 0x403, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r2, 0xff7f}}, 0x20}}, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x68, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x12}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x401}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x6, 0x2, 0x9}]}}}, @IFLA_MASTER={0x8, 0xa, r5}, @IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8}, @IFLA_XDP_EXPECTED_FD={0x8}]}]}, 0x68}}, 0x0) 689.89546ms ago: executing program 7 (id=5832): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000220000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=@newtfilter={0x44, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {0x3, 0x1}, {}, {0x3, 0xf}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x3e, 0x16, 0x8, 0x8}]}}]}}]}, 0x44}}, 0x200400d4) 618.862551ms ago: executing program 5 (id=5833): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000100000000000000", @ANYRES32=0x1], 0x50) r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0x2, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x64) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x18) setsockopt$sock_attach_bpf(r1, 0x84, 0x1e, &(0x7f0000000000), 0x10) r3 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, &(0x7f0000000000)={r3}) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r3}) 618.226841ms ago: executing program 5 (id=5834): bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x1a3, 0x655c, 0x4, 0x40, 0x7fffffff, 0x7fffffff, 0x80, 0xffffffff, 0x1}}}}]}, 0x58}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x10}, {}, {0x8, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x100}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4080}, 0x4000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 601.837322ms ago: executing program 7 (id=5835): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x34, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@delchain={0x2c, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xe}, {0xffff, 0x3}, {0xffff, 0x1}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 589.280722ms ago: executing program 5 (id=5836): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x1, 0x0, 0x0, 0x41000, 0x37, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x1003, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x32) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) 545.238492ms ago: executing program 0 (id=5838): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000100)=[{0x0, 0x3, {0x1, 0x0, 0x3}, {0x0, 0xff}, 0xff, 0x7f}], 0x20) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r4, {0xfffd, 0x10}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x840) 509.504463ms ago: executing program 3 (id=5840): r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) fcntl$setlease(r0, 0x400, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r3}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) 507.880043ms ago: executing program 5 (id=5841): inotify_init1(0xc0000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40010) 462.041453ms ago: executing program 3 (id=5842): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x1, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000000), &(0x7f0000000080)='%pi6 \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x10020) 437.539864ms ago: executing program 5 (id=5843): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0xe42c}, 0x50) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000b00)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) sendmsg$inet(r2, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4040086) 413.268504ms ago: executing program 7 (id=5845): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000000000000001000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$nl_route(0x10, 0x3, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x54, 0x401, 0x0, {0x0, 0x8}, {0x1, 0xeb3}, @period={0x59, 0xa, 0x1, 0x0, 0x401, {0xffff, 0x1, 0x10, 0xa3bd}, 0x0, 0x0}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4ffe6, 0x0) 399.610425ms ago: executing program 3 (id=5846): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) unshare(0x60600) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) 390.263325ms ago: executing program 5 (id=5847): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r4, 0x0, r3, 0x0, 0x6, 0x0) write$binfmt_script(r3, &(0x7f0000000800)={'#! ', './file0'}, 0xb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18) read$usbmon(r2, &(0x7f0000000340)=""/38, 0x26) 304.521136ms ago: executing program 9 (id=5849): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r3, 0x2, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000280)={r3, 0x2, 0x6, @local}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 303.817916ms ago: executing program 9 (id=5850): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = getpid() r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r5, 0x0, r4, 0x0, 0x46) close(r4) 235.839327ms ago: executing program 9 (id=5851): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000580)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x580, &(0x7f0000000d00)="$eJzs3c+PG1cdAPDvzP5sknYT6AEqIAEKAUXxZp02qnppuYBQVQlRcUAc0mXXWS3rjUPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcjGY863UcO3HXXrtZfz7S7Px4M/N9z96Z9/z84wUwtS5ExH5EzEfEmxGxVGxPiilebU3Zfvfu3lm7f/fOWhLN5hv/TPL0bFt0HJM5XZxzMSK++bWI7yYPx63v7m2tVquV28X6cmP71nJ9d+/y5vbqRmWjcrNcvrZy7cpLV18sj6ys57d/+cFXN1/71m9+/en3f7//5R9m2TpTpHWWY5RaRZ9rx8nMRsRrxxFsAmaK+fyE88HRpBHxsYj4XH79L8VM/t8JAJxkzeZSNJc61wGAky7N+8CStBQRaVo0AkqtPrxn41RardUbl27Udm6ut/rKzsZcemOzWrlybuGP3893nkuy9ZU8LU/P18td61cj4lxE/HjhqXy9tFarrk+myQMAU+90Z/0fEf9ZSNNSaaBDe7yrBwA8MRYnnQEAYOzU/wAwfdT/ADB9Bqj/izf79489LwDAeHj9DwDTR/0PANNH/Q8AU+Ubr7+eTc37xe9fr7+1u7NVe+vyeqW+VdreWSut1W7fKm3Uahv5b/ZsP+581Vrt1soLsfP2cqNSbyzXd/eub9d2bjau57/rfb0yN5ZSAQCPcu78e39IImL/5afyKTrGclBXw8mWjnAv4MkyM8zBGgjwRDPaF0yvgarwvJHwu2PPCzAZPX/Me7Hn4oN++iGC+JwRfKRc/OTg/f/GeIaTRc8+TK+j9f+/MvJ8AON35P7/P482H8D4NZtJ95j/8+0kAOBEGuIjfM13RtUIASbi3lpr/rjBvEfy/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcMGci4nuRpKV8LPA0+5uWShFPR8TZmEtubFYrVyLimTgfEXML2frKpDMNAAwp/XtSjP91cen5M92p88l/F/J5RPzgZ2/85O3VRuP2Srb9X+3tCwfDh5UPjxtiXEEAYHB/HWSnvP4uF/OOF/L37t5ZO5gGipYUAwgfObstH3ylPfjo2v27d/KplTIbrdMv5m2JU/9OYrY4ZjEinouImSFjZ/bfjYhP9Cp/kveNnC1GPu2MH0Xsp8caP30gfpqntebZw/fxEeQFps172f3n1e7rbya/si7ke3Rf/6fbW2dHED+//y1GHNz7Du9/B9f7Yp6b7vtPds1fGDTGC7/9+kMbm0uttHcjnpvtFT9px0/6xH9+wPh/+tRnfvRKn7TmzyMuRu/4nbGWG9u3luu7e5c3t1c3KhuVm+XytZVrV166+mJ5Oe+jXj7oqX7YP16+9Ey/vGXlP9UnfuuZP91V/vn2sV8YsPy/+N+b3/ns4epCd/wvfb738/9sPu/9+Gd14hcHjL966ld9h+/O4q/3Kf/jnv9LA8Z//2976wPuCgCMQX13b2u1Wq3cHmohexX64Y9qNpvvZHl4xD5Z8mAnPGguDlecv0S+cPiwJJHE8I/PgwtZY2yQneeGLs4DCwfdJaMuTo+F2XZbcbRn/vaj/1v6LcwPEzQdeSmOshBni4V74wo6kdsRMEaHF/2kcwIAAAAAAAAAAAAAAPTT92tAWyP6aqBvFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCM/h8AAP//jD3GHw==") creat(&(0x7f0000000000)='./bus\x00', 0x89) open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49) mkdir(&(0x7f0000000200)='./file0\x00', 0x50) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000002c0), 0x88002, 0x0) pwritev(r1, &(0x7f00000000c0)=[{0x0, 0x4f}, {&(0x7f0000000140)="de", 0x1}], 0x2, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x22400049, &(0x7f00000002c0)={[{@nombcache}, {@abort}, {@nomblk_io_submit}, {@noblock_validity}, {@nolazytime}, {@jqfmt_vfsold}, {@jqfmt_vfsv0}, {@barrier_val={'barrier', 0x3d, 0xd95a}}, {@debug}]}, 0x84, 0x480, &(0x7f00000004c0)="$eJzs3M9vFFUcAPDvTH8gP0oXxB8gyioSG9GWFlQOXjSacDEx0YMea6kEWcDQmgghUo3Bo/EvUI8m/gWe9GLUk8ar3o0JMVxED2bN7M7Att2tbbfbBefzSab73vx6782b13kzb2cDKK1q9ieJ2BERv0TEaDO6eIVq8+PG9cszf12/PJNEvf7KH0ljvT+vX54pVt2Rf27P9zmWRqQfJrHQJt25i5fOTNdqsxfy+MT82bcn5i5eevL02elTs6dmz00dP37s6OQzT089tSHlHMnyuu+98/v3nnj9k5dmYuGN77/M8j+QL28tR1Ol6zSrUY16vV5PF80dbvw91PXeby8jLeFksI8ZYU2y8z+rrqFG+x+NgbhVeaPx4gd9zRzQU9n1adeyuc2rYnooaSwH/q+0cSir4oqf3f8W0+b2QPrr2nPNG6Cs3DfyqblkMLL79qTSvGMf6FH6OyLitYW/P82maPscAgBgY32d9X+eaNf/S+PelvV25mNDlYg4HBG7I+LuiNgTEfdENNa9LyLuX2P61SXx5f2fn7auq2CrlPX/ns3Hthb3/26O2lQG8thIo/xDyZuna7NH8mMyFkNbsvjkCml888LPH3daVm3p/2VTln7RF8zz8fvglsXbnJyen+6mzK2uvR+xb7Bd+ZObIwFJROyNiH3r2H92zE4//sX+LLxz+/Ll/13+FWzAOFP984jHmvW/EEvKX0iaKXUan5y4K2qzRyaKs2K5H368+nJrfKgl3FX5N0BW/9vanv95+YtmUIzXzq09jau/ftTxnma95/9w8mojPJzPe3d6fv7CZMRwPmPR/Klb2xbxYv2s/GMH27f/3RH/fJZv90BEZCfxgxHxUEQcyPP+cEQ8EhEHVyj/d88/+tbKR6i/9X+yQ/3nZ0AlaR2vX0dg4My3X3VKf3X1f6wRGsvnrOb/32oz2N3RAwAAgDtD2hiDTtLxm+E0HR9vfod/T2xLa+fn5g9X451zJ5tj1ZUYSosnXaMtz0Mn82fDRXxqSfxoROxqfNNoayM+PnO+NtLvwkPJbe/Q/jO/9epLL8DtY03jaEnv8gFsPu9rQnlp/1Be2j+Ul/YP5dWu/V+JuNGHrACbzPUfykv7h/LS/qG8tH8opeWvxBc/t7KeN/1vBXaf6GrzEgUGutt8IiLaLorWH+3oQSDSPh66+pV6vZv9pP2v9wtzB/LAlohY7VZXelqnS8+fFXk7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCP8GwAA///IPOO2") 102.222589ms ago: executing program 9 (id=5852): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4f, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$kcm(0xa, 0x3, 0x3a) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000170000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000feffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000200)='kmem_cache_free\x00', r4}, 0x10) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xff00000000000000, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 61.618739ms ago: executing program 9 (id=5853): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1}, 0x18) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0xc8, 0x0, 0x2, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0xfdef) 0s ago: executing program 9 (id=5854): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc) splice(r2, 0x0, r4, 0x0, 0x4ffe6, 0x0) kernel console output (not intermixed with test programs): l=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 161.715590][ T29] audit: type=1326 audit(1751848443.690:5482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13448 comm="syz.8.4061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 161.739396][ T29] audit: type=1400 audit(1751848443.690:5483): avc: denied { mount } for pid=13450 comm="syz.7.4062" name="/" dev="loop7" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 161.762390][ T29] audit: type=1326 audit(1751848443.760:5484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13448 comm="syz.8.4061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 161.786159][ T29] audit: type=1326 audit(1751848443.760:5485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13448 comm="syz.8.4061" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 161.913909][T13489] syz_tun: entered allmulticast mode [ 161.924714][T13485] syz_tun: left allmulticast mode [ 161.995654][T13498] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4077'. [ 162.007170][T13498] bridge_slave_1: left allmulticast mode [ 162.013004][T13498] bridge_slave_1: left promiscuous mode [ 162.018775][T13498] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.068549][T13498] bridge_slave_0: left allmulticast mode [ 162.074442][T13498] bridge_slave_0: left promiscuous mode [ 162.080120][T13498] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.094214][T13508] SELinux: syz.0.4090 (13508) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 162.426207][T13541] loop3: detected capacity change from 0 to 2048 [ 162.451567][T13541] EXT4-fs: mb_optimize_scan should be set to 0 or 1. [ 162.461670][T13548] loop8: detected capacity change from 0 to 128 [ 162.495442][T13548] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 162.525284][T13550] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.530226][T13541] SELinux: failed to load policy [ 162.533541][T13550] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.570454][T13550] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.578727][T13550] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.588495][T13550] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.596755][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.604965][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.613137][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.621364][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.629519][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 162.715020][T13563] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4107'. [ 162.724121][T13563] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4107'. [ 162.726200][T13565] loop8: detected capacity change from 0 to 256 [ 162.739681][T13563] loop3: detected capacity change from 0 to 128 [ 162.747391][T13565] vfat: Unknown parameter '1844674407370955161501777777777777777777777' [ 162.761728][T13563] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 162.774140][T13563] ext4 filesystem being mounted at /873/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 162.890512][ T3312] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 162.995194][T13589] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4112'. [ 163.069575][T13597] loop3: detected capacity change from 0 to 1024 [ 163.083178][T13597] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.098629][T13597] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.4117: Allocating blocks 385-513 which overlap fs metadata [ 163.143635][T13593] EXT4-fs (loop3): pa ffff888106a68770: logic 16, phys. 129, len 24 [ 163.151745][T13593] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 163.194858][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.239786][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.247459][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.255019][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.286018][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.293585][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.301053][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.308475][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.315935][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.323373][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.330824][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.338263][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.345725][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.353197][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.360752][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.369208][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.376679][ T23] hid-generic 0006:0000:0000.000B: unknown main item tag 0x0 [ 163.386408][ T23] hid-generic 0006:0000:0000.000B: hidraw0: VIRTUAL HID vffffff.00 Device [syz0] on syz1 [ 163.466389][T13628] netlink: 'syz.8.4130': attribute type 2 has an invalid length. [ 163.474315][T13628] netlink: 'syz.8.4130': attribute type 1 has an invalid length. [ 163.482187][T13628] __nla_validate_parse: 1 callbacks suppressed [ 163.482203][T13628] netlink: 199820 bytes leftover after parsing attributes in process `syz.8.4130'. [ 163.608538][T13642] loop8: detected capacity change from 0 to 512 [ 163.633356][T13642] EXT4-fs (loop8): can't mount with data_err=abort, fs mounted w/o journal [ 163.734180][T13642] loop8: detected capacity change from 0 to 8192 [ 163.746863][T13649] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4147'. [ 163.750307][T13648] loop3: detected capacity change from 0 to 1024 [ 163.764117][T13648] EXT4-fs: Ignoring removed nomblk_io_submit option [ 163.791895][T13642] loop8: p1 < > p2 < p5 > p3 p4 [ 163.802205][T13642] loop8: p3 start 83890176 is beyond EOD, truncated [ 163.803479][T13648] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.808831][T13642] loop8: p4 size 16776960 extends beyond EOD, truncated [ 163.815405][T13642] loop8: p5 size 16776960 extends beyond EOD, truncated [ 163.883485][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 164.163018][T13688] loop3: detected capacity change from 0 to 512 [ 164.174501][T13688] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal [ 164.259441][T13688] loop3: detected capacity change from 0 to 8192 [ 164.282208][T13688] loop3: p1 < > p2 < p5 > p3 p4 [ 164.293448][T13688] loop3: p3 start 83890176 is beyond EOD, truncated [ 164.300159][T13688] loop3: p4 size 16776960 extends beyond EOD, truncated [ 164.321276][T13688] loop3: p5 size 16776960 extends beyond EOD, truncated [ 164.404360][T13708] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4161'. [ 164.413426][T13708] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4161'. [ 164.563197][T13717] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4164'. [ 164.793218][T13732] loop3: detected capacity change from 0 to 1024 [ 164.859817][T13732] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.120911][T13747] loop8: detected capacity change from 0 to 2048 [ 165.133267][T13747] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.159667][T13747] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 165.177449][T13747] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28 [ 165.189933][T13747] EXT4-fs (loop8): This should not happen!! Data will be lost [ 165.189933][T13747] [ 165.199674][T13747] EXT4-fs (loop8): Total free blocks count 0 [ 165.205855][T13747] EXT4-fs (loop8): Free/Dirty block details [ 165.212006][T13747] EXT4-fs (loop8): free_blocks=2415919104 [ 165.217844][T13747] EXT4-fs (loop8): dirty_blocks=32 [ 165.223063][T13747] EXT4-fs (loop8): Block reservation details [ 165.229085][T13747] EXT4-fs (loop8): i_reserved_data_blocks=2 [ 165.428551][T13764] ip6gre1: entered allmulticast mode [ 165.551708][T13747] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 165.696902][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.738854][T13786] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4196'. [ 166.084725][T13823] veth1_to_bond: entered allmulticast mode [ 166.091060][T13823] veth1_to_bond: entered promiscuous mode [ 166.097739][T13823] veth1_to_bond: left promiscuous mode [ 166.103350][T13823] veth1_to_bond: left allmulticast mode [ 166.382351][T13829] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4211'. [ 166.391421][T13829] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4211'. [ 166.607098][T13837] netlink: 52 bytes leftover after parsing attributes in process `syz.5.4215'. [ 166.681893][ T29] kauditd_printk_skb: 219 callbacks suppressed [ 166.681910][ T29] audit: type=1400 audit(1751848448.870:5705): avc: denied { read write } for pid=13842 comm="syz.7.4217" name="ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 166.719174][ T29] audit: type=1400 audit(1751848448.870:5706): avc: denied { open } for pid=13842 comm="syz.7.4217" path="/dev/ptp0" dev="devtmpfs" ino=246 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 166.742827][ T29] audit: type=1326 audit(1751848448.870:5707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13842 comm="syz.7.4217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 166.766696][ T29] audit: type=1326 audit(1751848448.870:5708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13842 comm="syz.7.4217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 166.791865][ T29] audit: type=1326 audit(1751848448.980:5709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13842 comm="syz.7.4217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 166.800874][T13850] loop3: detected capacity change from 0 to 128 [ 166.815518][ T29] audit: type=1326 audit(1751848448.980:5710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13842 comm="syz.7.4217" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 166.851392][T13850] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 166.871356][T13850] ext4 filesystem being mounted at /893/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 166.932449][T13860] loop8: detected capacity change from 0 to 1024 [ 166.975309][T13860] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.990868][T13867] netlink: 'syz.0.4224': attribute type 4 has an invalid length. [ 167.030352][ T3312] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 167.044176][T13867] netlink: 'syz.0.4224': attribute type 4 has an invalid length. [ 167.130466][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.169079][ T29] audit: type=1400 audit(1751848449.350:5711): avc: denied { name_connect } for pid=13873 comm="syz.8.4230" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1 [ 167.499536][ T29] audit: type=1400 audit(1751848449.680:5712): avc: denied { getopt } for pid=13891 comm="syz.5.4238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 167.535278][ T29] audit: type=1400 audit(1751848449.710:5713): avc: denied { read } for pid=13893 comm="syz.0.4239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 167.931425][ T9635] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 167.942474][ T9635] CPU: 1 UID: 0 PID: 9635 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(voluntary) [ 167.942580][ T9635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 167.942596][ T9635] Call Trace: [ 167.942604][ T9635] [ 167.942614][ T9635] __dump_stack+0x1d/0x30 [ 167.942674][ T9635] dump_stack_lvl+0xe8/0x140 [ 167.942698][ T9635] dump_stack+0x15/0x1b [ 167.942717][ T9635] dump_header+0x81/0x220 [ 167.942753][ T9635] oom_kill_process+0x334/0x3f0 [ 167.942813][ T9635] out_of_memory+0x979/0xb80 [ 167.942848][ T9635] try_charge_memcg+0x5e6/0x9e0 [ 167.942897][ T9635] charge_memcg+0x51/0xc0 [ 167.942996][ T9635] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 167.943040][ T9635] __read_swap_cache_async+0x1df/0x350 [ 167.943081][ T9635] swap_cluster_readahead+0x376/0x3e0 [ 167.943131][ T9635] swapin_readahead+0xde/0x6f0 [ 167.943170][ T9635] ? __filemap_get_folio+0x4f7/0x6b0 [ 167.943265][ T9635] ? swap_cache_get_folio+0x77/0x200 [ 167.943302][ T9635] do_swap_page+0x301/0x2430 [ 167.943326][ T9635] ? finish_task_switch+0xad/0x2b0 [ 167.943427][ T9635] ? __pfx_default_wake_function+0x10/0x10 [ 167.943456][ T9635] handle_mm_fault+0x9a5/0x2be0 [ 167.943481][ T9635] ? mas_walk+0xf2/0x120 [ 167.943536][ T9635] do_user_addr_fault+0x636/0x1090 [ 167.943576][ T9635] ? fpregs_restore_userregs+0xe2/0x1d0 [ 167.943615][ T9635] ? switch_fpu_return+0xe/0x20 [ 167.943642][T13896] sg_write: data in/out 969/14 bytes for SCSI command 0x0-- guessing data in; [ 167.943642][T13896] program syz.0.4240 not setting count and/or reply_len properly [ 167.943727][ T9635] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 167.943767][ T9635] exc_page_fault+0x62/0xa0 [ 167.943809][ T9635] asm_exc_page_fault+0x26/0x30 [ 167.943885][ T9635] RIP: 0033:0x7fd9f12911a5 [ 167.943917][ T9635] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 53 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 167.943951][ T9635] RSP: 002b:00007ffd7b7bf808 EFLAGS: 00010246 [ 167.943972][ T9635] RAX: 0000000000000000 RBX: 00000000000002ea RCX: 00007fd9f12911a3 [ 167.944029][ T9635] RDX: 00007ffd7b7bf820 RSI: 0000000000000000 RDI: 0000000000000000 [ 167.944046][ T9635] RBP: 00007ffd7b7bf88c R08: 0000000034b361b3 R09: 0000000000000000 [ 167.944063][ T9635] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388 [ 167.944079][ T9635] R13: 00000000000927c0 R14: 0000000000028fb7 R15: 00007ffd7b7bf8e0 [ 167.944108][ T9635] [ 167.944117][ T9635] memory: usage 307200kB, limit 307200kB, failcnt 160 [ 167.954713][ T29] audit: type=1400 audit(1751848450.130:5714): avc: denied { read write } for pid=13895 comm="syz.0.4240" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 167.964648][ T9635] memory+swap: usage 307388kB, limit 9007199254740988kB, failcnt 0 [ 168.224668][ T9635] kmem: usage 307196kB, limit 9007199254740988kB, failcnt 0 [ 168.232050][ T9635] Memory cgroup stats for /syz7: [ 168.270838][ C0] net_ratelimit: 83 callbacks suppressed [ 168.270855][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.274942][ T9635] cache 0 [ 168.275990][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.281603][ T9635] rss 0 [ 168.289635][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.292510][ T9635] shmem 0 [ 168.300767][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.303413][ T9635] mapped_file 0 [ 168.311567][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.314515][ T9635] dirty 0 [ 168.314525][ T9635] writeback 0 [ 168.322729][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.326057][ T9635] workingset_refault_anon 45 [ 168.326067][ T9635] workingset_refault_file 0 [ 168.326074][ T9635] swap 192512 [ 168.326081][ T9635] swapcached 0 [ 168.334284][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.337092][ T9635] pgpgin 48354 [ 168.340490][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.348482][ T9635] pgpgout 48353 [ 168.353191][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.357590][ T9635] pgfault 70358 [ 168.357601][ T9635] pgmajfault 30 [ 168.360996][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 168.364278][ T9635] inactive_anon 0 [ 168.364289][ T9635] active_anon 0 [ 168.418494][ T9635] inactive_file 0 [ 168.422175][ T9635] active_file 4096 [ 168.425929][ T9635] unevictable 0 [ 168.429410][ T9635] hierarchical_memory_limit 314572800 [ 168.434928][ T9635] hierarchical_memsw_limit 9223372036854771712 [ 168.441195][ T9635] total_cache 0 [ 168.444678][ T9635] total_rss 0 [ 168.448024][ T9635] total_shmem 0 [ 168.451532][ T9635] total_mapped_file 0 [ 168.455596][ T9635] total_dirty 0 [ 168.459083][ T9635] total_writeback 0 [ 168.462982][ T9635] total_workingset_refault_anon 45 [ 168.468107][ T9635] total_workingset_refault_file 0 [ 168.473243][ T9635] total_swap 192512 [ 168.477138][ T9635] total_swapcached 0 [ 168.481166][ T9635] total_pgpgin 48354 [ 168.485085][ T9635] total_pgpgout 48353 [ 168.489094][ T9635] total_pgfault 70360 [ 168.493131][ T9635] total_pgmajfault 30 [ 168.497142][ T9635] total_inactive_anon 0 [ 168.501348][ T9635] total_active_anon 0 [ 168.505347][ T9635] total_inactive_file 0 [ 168.509534][ T9635] total_active_file 4096 [ 168.513850][ T9635] total_unevictable 0 [ 168.517855][ T9635] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.4233,pid=13855,uid=0 [ 168.532553][ T9635] Memory cgroup out of memory: Killed process 13855 (syz.7.4233) total-vm:95672kB, anon-rss:940kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 168.573839][T13914] lo speed is unknown, defaulting to 1000 [ 168.689438][T13920] lo speed is unknown, defaulting to 1000 [ 168.713740][T13859] syz.7.4233 (13859) used greatest stack depth: 6696 bytes left [ 168.886489][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.894035][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.901728][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.909320][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.916782][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.924329][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.931789][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.939312][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x4 [ 168.946897][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.954416][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.961873][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.969460][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x2 [ 168.977009][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.984616][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.992129][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 168.999540][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.006952][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.014399][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.021846][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.029250][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.036798][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.044206][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.051627][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.059032][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.066538][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.073983][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.081417][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.088823][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.096337][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.103758][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.111181][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.118586][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.126009][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.133469][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.140969][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.148370][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.155822][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.163246][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.170768][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.178174][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.185659][ T2959] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 169.196073][ T2959] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz0] on syz1 [ 169.282043][T13956] syz_tun: entered allmulticast mode [ 169.289189][T13955] syz_tun: left allmulticast mode [ 169.511242][T13981] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4275'. [ 169.520197][T13981] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4275'. [ 169.551461][T13985] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4277'. [ 169.753952][T14015] lo speed is unknown, defaulting to 1000 [ 169.853406][T14026] loop7: detected capacity change from 0 to 2048 [ 169.888725][T14026] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.908004][T14026] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 169.923435][T14026] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 1 with error 28 [ 169.932600][T14031] netlink: 'syz.8.4295': attribute type 7 has an invalid length. [ 169.935737][T14026] EXT4-fs (loop7): This should not happen!! Data will be lost [ 169.935737][T14026] [ 169.943529][T14031] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4295'. [ 169.962248][T14026] EXT4-fs (loop7): Total free blocks count 0 [ 169.968258][T14026] EXT4-fs (loop7): Free/Dirty block details [ 169.974206][T14026] EXT4-fs (loop7): free_blocks=2415919104 [ 169.979966][T14026] EXT4-fs (loop7): dirty_blocks=32 [ 169.985170][T14026] EXT4-fs (loop7): Block reservation details [ 169.991216][T14026] EXT4-fs (loop7): i_reserved_data_blocks=2 [ 170.272857][T14032] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 18 with max blocks 2048 with error 28 [ 170.370078][T14046] loop8: detected capacity change from 0 to 256 [ 170.436110][T14052] loop8: detected capacity change from 0 to 128 [ 170.449101][T14052] EXT4-fs: Ignoring removed oldalloc option [ 170.472705][T14052] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 170.485446][T14052] ext4 filesystem being mounted at /150/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.617568][T12284] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 170.793182][T14092] loop8: detected capacity change from 0 to 512 [ 170.795966][T14095] loop3: detected capacity change from 0 to 512 [ 170.806112][T14092] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 170.819473][T14092] EXT4-fs (loop8): 1 truncate cleaned up [ 170.826078][T14092] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.827341][T14095] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.851967][T14095] ext4 filesystem being mounted at /914/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 170.919260][T14104] netlink: 'syz.5.4324': attribute type 10 has an invalid length. [ 170.949156][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.974715][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.009781][T14109] loop3: detected capacity change from 0 to 256 [ 171.020584][T14109] msdos: Unknown parameter '0xffffffffffffffffYLy.\؜1f;L;qYo)8΃d;%Et6 _aB-Z' [ 171.048222][T14115] sch_fq: defrate 0 ignored. [ 171.177315][T14134] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4337'. [ 171.404355][T14139] loop8: detected capacity change from 0 to 512 [ 171.492368][T14139] EXT4-fs (loop8): 1 orphan inode deleted [ 171.505552][T14139] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.518387][ T56] EXT4-fs error (device loop8): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 1 [ 171.530194][T14079] 9pnet_fd: p9_fd_create_tcp (14079): problem connecting socket to 127.0.0.1 [ 171.539159][T14139] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 171.576490][T14139] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 171.600092][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.770235][ T29] kauditd_printk_skb: 128 callbacks suppressed [ 171.770250][ T29] audit: type=1400 audit(1751848453.950:5842): avc: denied { write } for pid=14151 comm="syz.5.4341" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 171.824933][ T29] audit: type=1400 audit(1751848454.010:5843): avc: denied { relabelfrom } for pid=14153 comm="syz.7.4345" name="" dev="pipefs" ino=39261 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 171.875162][T14159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4346'. [ 171.928745][ T29] audit: type=1400 audit(1751848454.110:5844): avc: denied { connect } for pid=14160 comm="syz.5.4349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 171.994558][T14165] netlink: 'syz.0.4350': attribute type 10 has an invalid length. [ 172.002684][T14165] geneve1: entered promiscuous mode [ 172.005447][ T29] audit: type=1400 audit(1751848454.140:5845): avc: denied { write } for pid=14160 comm="syz.5.4349" path="socket:[39275]" dev="sockfs" ino=39275 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 172.009531][T14165] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.040531][T14165] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.049491][T14165] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.055940][T14168] loop7: detected capacity change from 0 to 256 [ 172.058278][T14165] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.100243][T14165] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 172.130765][ T29] audit: type=1326 audit(1751848454.300:5846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14170 comm="syz.5.4354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 172.154518][ T29] audit: type=1326 audit(1751848454.300:5847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14170 comm="syz.5.4354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 172.178130][ T29] audit: type=1326 audit(1751848454.300:5848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14170 comm="syz.5.4354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 172.201777][ T29] audit: type=1326 audit(1751848454.300:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14170 comm="syz.5.4354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 172.225480][ T29] audit: type=1326 audit(1751848454.300:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14170 comm="syz.5.4354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 172.249055][ T29] audit: type=1326 audit(1751848454.300:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14170 comm="syz.5.4354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 172.307407][T14176] netlink: 'syz.7.4353': attribute type 10 has an invalid length. [ 172.427690][T14183] vhci_hcd: invalid port number 96 [ 172.432922][T14183] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 172.447930][T14189] netlink: 256 bytes leftover after parsing attributes in process `syz.7.4361'. [ 172.457210][T14189] netlink: 72 bytes leftover after parsing attributes in process `syz.7.4361'. [ 172.621727][T14200] pim6reg1: entered promiscuous mode [ 172.627084][T14200] pim6reg1: entered allmulticast mode [ 173.209957][T14223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4375'. [ 173.301211][T14227] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 173.340242][T14233] loop8: detected capacity change from 0 to 128 [ 173.350570][T14233] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 173.373234][T14233] ext4 filesystem being mounted at /163/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 173.396240][T14233] sch_fq: defrate 0 ignored. [ 173.402932][T14240] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4382'. [ 173.443156][T12284] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 173.453003][T14246] 0: renamed from hsr_slave_1 [ 173.459599][T14246] 0: entered allmulticast mode [ 173.465128][T14246] net_ratelimit: 102 callbacks suppressed [ 173.465147][T14246] A link change request failed with some changes committed already. Interface c0 may have been left with an inconsistent configuration, please check. [ 173.504869][T14250] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 174.480055][T14343] loop3: detected capacity change from 0 to 1024 [ 174.491275][T14343] EXT4-fs: Ignoring removed orlov option [ 174.508876][T14343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.864158][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 174.929948][T14361] __nla_validate_parse: 4 callbacks suppressed [ 174.929967][T14361] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4435'. [ 174.949779][T14361] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4435'. [ 174.968526][T14361] netlink: 2 bytes leftover after parsing attributes in process `syz.8.4435'. [ 174.978109][T14360] netlink: 9 bytes leftover after parsing attributes in process `syz.5.4436'. [ 174.987192][T14360] 0: renamed from hsr_slave_1 [ 174.998742][T14360] 0: entered allmulticast mode [ 175.007496][T14360] A link change request failed with some changes committed already. Interface c0 may have been left with an inconsistent configuration, please check. [ 175.118735][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.126260][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.133735][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.141231][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.148710][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.156297][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.163749][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.171190][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.178611][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.186047][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.193477][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.200911][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.208401][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.215905][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.223356][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.230848][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.238300][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.242324][T14379] netlink: 'syz.0.4444': attribute type 1 has an invalid length. [ 175.245764][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.260932][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.262635][T14379] 8021q: adding VLAN 0 to HW filter on device bond7 [ 175.268328][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.268354][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.268388][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.268408][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.296598][T14379] bond7: (slave gretap0): making interface the new active one [ 175.297466][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.306637][T14379] bond7: (slave gretap0): Enslaving as an active interface with an up link [ 175.312284][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.335820][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.343249][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.350644][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.358091][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.365514][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.372975][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.380387][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.387806][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.395257][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.402673][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.410082][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.417647][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.425090][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.432575][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.439985][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.447585][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.455065][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.462558][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.469946][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.477467][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.484976][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.492395][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.499782][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.507206][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.514693][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.522119][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.529518][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.536943][ T36] hid-generic 0008:0006:0007.000D: unknown main item tag 0x0 [ 175.546472][T14379] bond7 (unregistering): (slave gretap0): Releasing active interface [ 175.557133][T14379] bond7 (unregistering): Released all slaves [ 175.563333][ T36] hid-generic 0008:0006:0007.000D: hidraw0: HID v0.0b Device [syz1] on syz1 [ 175.571246][T14375] loop3: detected capacity change from 0 to 512 [ 175.587606][T14377] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 175.600582][ T2959] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0 [ 175.608201][ T2959] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0 [ 175.615662][ T2959] hid-generic 0000:0004:0000.000E: unknown main item tag 0x0 [ 175.625545][ T2959] hid-generic 0000:0004:0000.000E: hidraw0: HID v0.00 Device [syz0] on syz1 [ 175.645596][T14375] EXT4-fs (loop3): 1 orphan inode deleted [ 175.661121][ T56] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 1 [ 175.663050][T14375] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.673442][T14389] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4447'. [ 175.705841][T14375] ext4 filesystem being mounted at /938/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.717483][T14385] infiniband syz!: set down [ 175.722168][T14385] infiniband syz!: added team_slave_0 [ 175.735171][T14385] RDS/IB: syz!: added [ 175.739333][T14385] smc: adding ib device syz! with port count 1 [ 175.745632][T14385] smc: ib device syz! port 1 has pnetid [ 175.767231][T14375] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 175.786072][T14394] loop8: detected capacity change from 0 to 736 [ 175.801518][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.811770][T14394] rock: directory entry would overflow storage [ 175.818041][T14394] rock: sig=0x3b10, size=4, remaining=3 [ 175.976260][T14410] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 176.126931][T14430] lo speed is unknown, defaulting to 1000 [ 176.177400][T14438] loop7: detected capacity change from 0 to 128 [ 176.202432][T14438] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 176.225381][T14438] ext4 filesystem being mounted at /363/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 176.277699][ T9635] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 176.411441][T14453] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 176.424415][T14454] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4474'. [ 176.436500][T14454] vlan0: entered promiscuous mode [ 176.441650][T14454] syz_tun: entered promiscuous mode [ 176.575717][T14470] lo speed is unknown, defaulting to 1000 [ 176.621155][T14473] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14473 comm=syz.5.4481 [ 176.633920][T14473] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=14473 comm=syz.5.4481 [ 176.706722][T14477] SELinux: ebitmap: truncated map [ 176.712378][T14477] SELinux: failed to load policy [ 176.900357][ T29] kauditd_printk_skb: 114 callbacks suppressed [ 176.900374][ T29] audit: type=1400 audit(1751848459.080:5965): avc: denied { listen } for pid=14494 comm="syz.7.4493" lport=46584 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 176.942885][ T29] audit: type=1400 audit(1751848459.080:5966): avc: denied { accept } for pid=14494 comm="syz.7.4493" lport=46584 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 176.966123][ T29] audit: type=1400 audit(1751848459.090:5967): avc: denied { setopt } for pid=14494 comm="syz.7.4493" lport=46584 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 177.012419][T14500] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4495'. [ 177.056081][T14500] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4495'. [ 177.138412][T14513] loop8: detected capacity change from 0 to 512 [ 177.158508][T14513] EXT4-fs error (device loop8): ext4_orphan_get:1393: inode #15: comm syz.8.4497: casefold flag without casefold feature [ 177.171566][T14517] netlink: 'syz.5.4502': attribute type 1 has an invalid length. [ 177.180034][T14513] EXT4-fs error (device loop8): ext4_orphan_get:1398: comm syz.8.4497: couldn't read orphan inode 15 (err -117) [ 177.195303][T14517] 8021q: adding VLAN 0 to HW filter on device bond6 [ 177.206600][T14513] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.214964][T14517] bond6: (slave gretap0): making interface the new active one [ 177.227521][T14517] bond6: (slave gretap0): Enslaving as an active interface with an up link [ 177.233123][ T29] audit: type=1326 audit(1751848459.410:5968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.260042][ T29] audit: type=1326 audit(1751848459.410:5969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.283615][ T29] audit: type=1326 audit(1751848459.410:5970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.306958][ T29] audit: type=1326 audit(1751848459.410:5971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.330567][ T29] audit: type=1326 audit(1751848459.410:5972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.354103][ T29] audit: type=1326 audit(1751848459.410:5973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.377511][ T29] audit: type=1326 audit(1751848459.410:5974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14521 comm="syz.7.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 177.424008][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.448311][T14517] bond6 (unregistering): (slave gretap0): Releasing active interface [ 177.463322][T14517] bond6 (unregistering): Released all slaves [ 177.642089][T14543] loop7: detected capacity change from 0 to 1024 [ 177.653701][T14545] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4511'. [ 177.674211][T14543] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.674289][T14543] ext4 filesystem being mounted at /378/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 177.824652][T14553] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4512'. [ 177.865814][T14552] loop3: detected capacity change from 0 to 512 [ 177.866188][T14552] EXT4-fs: Ignoring removed mblk_io_submit option [ 177.866842][T14552] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 177.874381][T14552] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 177.874514][T14552] EXT4-fs (loop3): orphan cleanup on readonly fs [ 177.874885][T14552] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.4513: Failed to acquire dquot type 1 [ 177.875075][T14552] EXT4-fs (loop3): Remounting filesystem read-only [ 177.875113][T14552] EXT4-fs (loop3): 1 orphan inode deleted [ 177.875604][T14552] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 177.891007][T14552] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.075537][T14571] lo speed is unknown, defaulting to 1000 [ 178.157748][T14576] openvswitch: netlink: Message has 6 unknown bytes. [ 178.361485][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.401859][T14589] loop7: detected capacity change from 0 to 256 [ 178.851779][T14612] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.860199][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.880876][T14616] SELinux: ebitmap: truncated map [ 178.887159][T14616] SELinux: failed to load policy [ 179.112521][T14625] loop8: detected capacity change from 0 to 256 [ 179.377295][T14644] loop3: detected capacity change from 0 to 1024 [ 179.407279][T14644] EXT4-fs: Ignoring removed nomblk_io_submit option [ 179.437646][T14644] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.542938][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.643252][T14660] loop3: detected capacity change from 0 to 256 [ 179.652342][T14660] FAT-fs (loop3): bogus number of FAT sectors [ 179.658670][T14660] FAT-fs (loop3): Can't find a valid FAT filesystem [ 179.702789][T14664] loop8: detected capacity change from 0 to 512 [ 179.717711][T14664] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 179.772580][T14664] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.790226][T14664] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 179.829414][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.839343][T14678] sch_tbf: burst 2 is lower than device ip6tnl0 mtu (1452) ! [ 180.046316][T14700] vlan1: entered allmulticast mode [ 180.051564][T14700] bridge_slave_0: entered allmulticast mode [ 180.291792][T14709] __nla_validate_parse: 3 callbacks suppressed [ 180.291813][T14709] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4579'. [ 180.354119][T14719] ip6_vti0: mtu greater than device maximum [ 180.407714][T14724] syzkaller0: entered promiscuous mode [ 180.413292][T14724] syzkaller0: entered allmulticast mode [ 180.426517][ T6608] syzkaller0: tun_net_xmit 48 [ 180.436577][T14724] syzkaller0: create flow: hash 708130075 index 1 [ 180.447695][T14722] syzkaller0: delete flow: hash 708130075 index 1 [ 180.620429][T14758] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4603'. [ 180.674346][T14765] netlink: 5 bytes leftover after parsing attributes in process `syz.5.4606'. [ 180.693821][T14765] 1XD: renamed from 30XD [ 180.696891][T14769] loop8: detected capacity change from 0 to 512 [ 180.707208][T14769] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 180.725654][T14769] EXT4-fs (loop8): 1 truncate cleaned up [ 180.735030][T14769] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.756486][T14765] 1XD: entered allmulticast mode [ 180.775121][T14765] A link change request failed with some changes committed already. Interface 31XD may have been left with an inconsistent configuration, please check. [ 180.797295][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.888895][T14788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4616'. [ 180.897908][T14788] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4616'. [ 180.919202][T14788] bond5: entered promiscuous mode [ 180.924467][T14788] bond5: entered allmulticast mode [ 180.925606][T14791] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4617'. [ 180.930216][T14788] 8021q: adding VLAN 0 to HW filter on device bond5 [ 181.297075][T14851] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.4639'. [ 181.306407][T14851] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4639'. [ 181.415649][T14857] loop3: detected capacity change from 0 to 1024 [ 181.435572][T14857] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.461846][T14857] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt. [ 181.505874][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.753531][T14880] loop3: detected capacity change from 0 to 2048 [ 181.774627][T14880] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.828617][T14888] xt_hashlimit: max too large, truncated to 1048576 [ 181.834547][T14890] loop7: detected capacity change from 0 to 512 [ 181.843181][T14890] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 181.857623][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.866091][T14890] EXT4-fs (loop7): 1 truncate cleaned up [ 181.875561][T14890] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.911886][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.006416][T14911] loop3: detected capacity change from 0 to 1024 [ 182.018690][T14911] EXT4-fs: Ignoring removed nobh option [ 182.031048][T14911] EXT4-fs: Ignoring removed bh option [ 182.048405][T14913] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.054394][T14911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.060063][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.073832][T14911] EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 182.082186][T14913] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.100003][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.108862][T14913] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.120101][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.170484][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.207164][ T29] kauditd_printk_skb: 169 callbacks suppressed [ 182.207180][ T29] audit: type=1400 audit(1751848917.384:6142): avc: denied { unmount } for pid=3313 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 182.207533][T14920] 9pnet_fd: Insufficient options for proto=fd [ 182.273889][ T29] audit: type=1400 audit(1751848917.454:6143): avc: denied { bind } for pid=14925 comm="syz.0.4672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 182.334769][T14932] pim6reg1: entered promiscuous mode [ 182.340154][T14932] pim6reg1: entered allmulticast mode [ 182.496038][ T29] audit: type=1400 audit(1751848917.674:6144): avc: denied { execute } for pid=14958 comm="syz.8.4686" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=42412 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 182.546060][ T29] audit: type=1326 audit(1751848917.724:6145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14960 comm="syz.8.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 182.569664][ T29] audit: type=1326 audit(1751848917.724:6146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14960 comm="syz.8.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 182.593448][ T29] audit: type=1326 audit(1751848917.724:6147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14960 comm="syz.8.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 182.616969][ T29] audit: type=1326 audit(1751848917.724:6148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14960 comm="syz.8.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 182.640487][ T29] audit: type=1326 audit(1751848917.724:6149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14960 comm="syz.8.4687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 182.729354][ T29] audit: type=1326 audit(1751848917.904:6150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14968 comm="syz.7.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 182.753131][ T29] audit: type=1326 audit(1751848917.904:6151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14968 comm="syz.7.4691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 182.937786][T14998] af_packet: tpacket_rcv: packet too big, clamped from 4300 to 3942. macoff=106 [ 183.192101][T15040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 183.201661][T15040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 183.263175][T15050] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4725'. [ 183.409801][T15071] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4734'. [ 183.424583][T15073] loop8: detected capacity change from 0 to 512 [ 183.436950][T15073] EXT4-fs (loop8): orphan cleanup on readonly fs [ 183.455808][T15073] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.4735: bg 0: block 248: padding at end of block bitmap is not set [ 183.478509][T15073] EXT4-fs error (device loop8): ext4_acquire_dquot:6933: comm syz.8.4735: Failed to acquire dquot type 1 [ 183.514451][T15073] EXT4-fs (loop8): 1 truncate cleaned up [ 183.523044][T15073] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 183.659877][T15099] hub 9-0:1.0: USB hub found [ 183.671624][T15099] hub 9-0:1.0: 8 ports detected [ 183.719715][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.745403][T15110] netlink: 'syz.0.4752': attribute type 2 has an invalid length. [ 183.753465][T15110] netlink: 'syz.0.4752': attribute type 1 has an invalid length. [ 183.860151][T15125] tipc: Enabled bearer , priority 0 [ 183.869536][T15125] tipc: Disabling bearer [ 183.917316][T15119] loop7: detected capacity change from 0 to 512 [ 183.925639][T15119] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 183.937468][T15119] EXT4-fs warning (device loop7): dx_probe:849: Enable large directory feature to access it [ 183.947618][T15119] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.4756: Corrupt directory, running e2fsck is recommended [ 183.961374][T15119] EXT4-fs (loop7): Cannot turn on journaled quota: type 1: error -117 [ 183.969727][T15119] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.4756: corrupted in-inode xattr: invalid ea_ino [ 183.991000][T15119] EXT4-fs (loop7): Remounting filesystem read-only [ 183.998146][T15119] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.014084][T15119] EXT4-fs warning (device loop7): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 184.025677][T15119] EXT4-fs warning (device loop7): dx_probe:849: Enable large directory feature to access it [ 184.036059][T15119] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.4756: Corrupt directory, running e2fsck is recommended [ 184.100108][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.164258][T15147] loop7: detected capacity change from 0 to 512 [ 184.181958][T15147] EXT4-fs (loop7): revision level too high, forcing read-only mode [ 184.190295][T15147] EXT4-fs (loop7): orphan cleanup on readonly fs [ 184.198527][T15147] EXT4-fs error (device loop7): ext4_do_update_inode:5568: inode #16: comm syz.7.4767: corrupted inode contents [ 184.211641][T15147] EXT4-fs error (device loop7): ext4_dirty_inode:6459: inode #16: comm syz.7.4767: mark_inode_dirty error [ 184.223331][T15147] EXT4-fs error (device loop7): ext4_do_update_inode:5568: inode #16: comm syz.7.4767: corrupted inode contents [ 184.236488][T15147] EXT4-fs error (device loop7): __ext4_ext_dirty:206: inode #16: comm syz.7.4767: mark_inode_dirty error [ 184.248096][T15147] EXT4-fs error (device loop7): ext4_do_update_inode:5568: inode #16: comm syz.7.4767: corrupted inode contents [ 184.261236][T15147] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem [ 184.270127][T15147] EXT4-fs error (device loop7): ext4_do_update_inode:5568: inode #16: comm syz.7.4767: corrupted inode contents [ 184.283335][T15147] EXT4-fs error (device loop7): ext4_truncate:4597: inode #16: comm syz.7.4767: mark_inode_dirty error [ 184.294759][T15147] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem [ 184.304986][T15147] EXT4-fs (loop7): 1 truncate cleaned up [ 184.311311][ T6591] EXT4-fs error (device loop7): ext4_release_dquot:6969: comm kworker/u8:40: Failed to release dquot type 1 [ 184.323622][T15147] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 184.350233][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.685959][T15199] SELinux: syz.0.4790 (15199) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 184.812529][T15211] infiniband syz1: set down [ 184.817117][T15211] infiniband syz1: added veth0_to_bridge [ 184.842681][T15211] RDS/IB: syz1: added [ 184.851175][T15211] smc: adding ib device syz1 with port count 1 [ 184.864204][T15211] smc: ib device syz1 port 1 has pnetid [ 184.912890][T15226] netlink: 'syz.8.4803': attribute type 4 has an invalid length. [ 185.012065][T15234] syzkaller0: entered promiscuous mode [ 185.017838][T15234] syzkaller0: entered allmulticast mode [ 185.583133][T15263] loop8: detected capacity change from 0 to 1024 [ 185.787442][T15268] tipc: New replicast peer: 255.255.255.255 [ 185.793707][T15268] tipc: Enabled bearer , priority 10 [ 185.860447][T15273] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 185.920660][T15278] loop3: detected capacity change from 0 to 164 [ 186.351401][T15292] syz_tun: entered allmulticast mode [ 186.367185][T15294] rdma_rxe: rxe_newlink: failed to add veth0_to_bridge [ 186.374381][T15292] SELinux: failure in sel_netif_sid_slow(), invalid network interface (0) [ 186.382989][T15292] net_ratelimit: 54 callbacks suppressed [ 186.383004][T15292] mroute: pending queue full, dropping entries [ 186.410003][T15291] syz_tun: left allmulticast mode [ 186.439276][T15296] loop7: detected capacity change from 0 to 512 [ 186.444832][T15298] serio: Serial port ptm0 [ 186.451287][T15296] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 186.462463][T15300] __nla_validate_parse: 5 callbacks suppressed [ 186.462481][T15300] netlink: 168 bytes leftover after parsing attributes in process `syz.0.4838'. [ 186.479545][T15296] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.498356][T15296] ext4 filesystem being mounted at /430/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.553523][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.571936][T15310] lo speed is unknown, defaulting to 1000 [ 186.604202][T15314] netlink: 4 bytes leftover after parsing attributes in process `syz.8.4844'. [ 186.621091][T15319] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=15319 comm=syz.0.4840 [ 186.631579][T15314] netlink: 12 bytes leftover after parsing attributes in process `syz.8.4844'. [ 186.633738][T15319] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=15319 comm=syz.0.4840 [ 186.687741][T15316] tipc: Enabled bearer , priority 0 [ 186.706095][T15316] tipc: Disabling bearer [ 186.751137][T15323] netlink: 8 bytes leftover after parsing attributes in process `syz.8.4847'. [ 187.052859][T15276] syz.5.4827 (15276) used greatest stack depth: 6040 bytes left [ 187.211642][T15351] tipc: Enabling of bearer rejected, failed to enable media [ 187.211648][T15352] netlink: 'syz.7.4869': attribute type 1 has an invalid length. [ 187.234991][T15352] 8021q: adding VLAN 0 to HW filter on device bond3 [ 187.256305][T15352] bond3: (slave gretap1): making interface the new active one [ 187.264651][T15352] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 187.278167][ T29] kauditd_printk_skb: 182 callbacks suppressed [ 187.278181][ T29] audit: type=1326 audit(1751848922.464:6331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.5.4861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.313545][ T29] audit: type=1326 audit(1751848922.464:6332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.5.4861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.337225][ T29] audit: type=1326 audit(1751848922.464:6333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.5.4861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.360952][ T29] audit: type=1326 audit(1751848922.464:6334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15356 comm="syz.5.4861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.384687][ T29] audit: type=1326 audit(1751848922.524:6335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15358 comm="syz.5.4862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.385428][T15352] bond3 (unregistering): (slave gretap1): Releasing active interface [ 187.408206][ T29] audit: type=1326 audit(1751848922.524:6336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15358 comm="syz.5.4862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.439924][ T29] audit: type=1326 audit(1751848922.524:6337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15358 comm="syz.5.4862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fd76cdfe929 code=0x7ffc0000 [ 187.463419][ T29] audit: type=1326 audit(1751848922.524:6338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15358 comm="syz.5.4862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd76cdfe963 code=0x7ffc0000 [ 187.486825][ T29] audit: type=1326 audit(1751848922.524:6339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15358 comm="syz.5.4862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fd76cdfd3df code=0x7ffc0000 [ 187.510252][ T29] audit: type=1326 audit(1751848922.524:6340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15358 comm="syz.5.4862" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fd76cdfe9b7 code=0x7ffc0000 [ 187.537184][T15352] bond3 (unregistering): Released all slaves [ 187.562947][T15363] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4863'. [ 187.573119][T15363] bond0: (slave bond_slave_1): Releasing backup interface [ 187.607130][T15367] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4865'. [ 187.653224][T15372] netlink: 96 bytes leftover after parsing attributes in process `syz.7.4867'. [ 187.772230][T15382] tipc: Enabled bearer , priority 0 [ 187.784295][T15382] tipc: Disabling bearer [ 187.899208][T15395] netlink: 'syz.3.4879': attribute type 1 has an invalid length. [ 187.949775][T15395] 8021q: adding VLAN 0 to HW filter on device bond6 [ 187.979285][T15398] bond6: (slave gretap1): making interface the new active one [ 187.998581][T15398] bond6: (slave gretap1): Enslaving as an active interface with an up link [ 188.045331][T15395] bond6 (unregistering): (slave gretap1): Releasing active interface [ 188.072106][T15395] bond6 (unregistering): Released all slaves [ 188.109745][T15404] loop8: detected capacity change from 0 to 164 [ 188.304274][T15426] lo speed is unknown, defaulting to 1000 [ 188.339165][T15431] loop8: detected capacity change from 0 to 512 [ 188.401699][T15431] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 188.421689][T15441] netlink: 5 bytes leftover after parsing attributes in process `syz.0.4897'. [ 188.431213][T15431] EXT4-fs (loop8): orphan cleanup on readonly fs [ 188.454553][T15431] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #16: comm syz.8.4905: corrupted inode contents [ 188.462917][T15441] 1XD: renamed from 30XD (while UP) [ 188.487574][T15431] EXT4-fs error (device loop8): ext4_dirty_inode:6459: inode #16: comm syz.8.4905: mark_inode_dirty error [ 188.503224][T15431] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #16: comm syz.8.4905: corrupted inode contents [ 188.515757][T15431] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #16: comm syz.8.4905: mark_inode_dirty error [ 188.532123][T15431] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #16: comm syz.8.4905: corrupted inode contents [ 188.562533][T15441] 1XD: entered allmulticast mode [ 188.567394][T15431] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem [ 188.585797][T15441] A link change request failed with some changes committed already. Interface 31XD may have been left with an inconsistent configuration, please check. [ 188.589045][T15431] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #16: comm syz.8.4905: corrupted inode contents [ 188.636689][T15431] EXT4-fs error (device loop8): ext4_truncate:4597: inode #16: comm syz.8.4905: mark_inode_dirty error [ 188.666558][T15431] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem [ 188.686433][T15431] EXT4-fs (loop8): 1 truncate cleaned up [ 188.696360][ T6608] EXT4-fs error (device loop8): ext4_release_dquot:6969: comm kworker/u8:53: Failed to release dquot type 1 [ 188.703514][T15449] vlan0: entered allmulticast mode [ 188.709930][T15431] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 188.752769][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.760280][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.769468][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.779924][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.787480][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.794952][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.802403][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.809895][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.817525][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.825216][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.832804][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.840314][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.847975][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.855477][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.862974][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.870452][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.877999][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.885621][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.893132][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.900544][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.908150][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.915699][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.923133][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.930548][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.938066][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.945488][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.953158][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.960622][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.968061][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.975539][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.983094][ T10] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 188.991184][ T10] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz0] on syz1 [ 189.051051][T15462] netlink: 24 bytes leftover after parsing attributes in process `syz.8.4901'. [ 189.165412][T15478] netlink: 'syz.8.4908': attribute type 1 has an invalid length. [ 189.191451][T15478] 8021q: adding VLAN 0 to HW filter on device bond1 [ 189.209879][T15483] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4915'. [ 189.225833][T15478] bond1: (slave gretap1): making interface the new active one [ 189.256443][T15478] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 189.281019][T15491] bond1 (unregistering): (slave gretap1): Releasing active interface [ 189.294631][T15491] bond1 (unregistering): Released all slaves [ 189.419852][T15512] netlink: 'syz.3.4927': attribute type 1 has an invalid length. [ 189.439705][T15515] pim6reg1: entered promiscuous mode [ 189.445433][T15515] pim6reg1: entered allmulticast mode [ 189.500085][T15519] lo speed is unknown, defaulting to 1000 [ 189.652385][T15542] vlan2: entered allmulticast mode [ 189.911550][T15578] tipc: Enabled bearer , priority 0 [ 189.934709][T15578] tipc: Disabling bearer [ 190.016008][T15587] loop8: detected capacity change from 0 to 1024 [ 190.035737][T15588] vlan2: entered allmulticast mode [ 190.041123][T15588] bridge_slave_0: entered allmulticast mode [ 190.049527][T15587] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.072343][T15590] lo speed is unknown, defaulting to 1000 [ 190.095418][T15587] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.4961: Allocating blocks 497-513 which overlap fs metadata [ 190.163228][T15586] EXT4-fs (loop8): pa ffff888106a687e0: logic 128, phys. 273, len 15 [ 190.171455][T15586] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 190.250326][T12284] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.442898][T15636] hub 9-0:1.0: USB hub found [ 191.452216][T15636] hub 9-0:1.0: 8 ports detected [ 191.552138][T15646] __nla_validate_parse: 2 callbacks suppressed [ 191.552159][T15646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4985'. [ 191.793258][T15664] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4994'. [ 192.007317][T15686] loop7: detected capacity change from 0 to 512 [ 192.036541][T15686] EXT4-fs warning (device loop7): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 192.063694][T15686] EXT4-fs (loop7): mount failed [ 192.125143][T15697] loop8: detected capacity change from 0 to 8192 [ 192.183445][T12284] FAT-fs (loop8): error, invalid access to FAT (entry 0x0000e1b1) [ 192.191394][T12284] FAT-fs (loop8): Filesystem has been set read-only [ 192.295776][T15722] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5008'. [ 192.316366][T15722] hsr_slave_0: left promiscuous mode [ 192.328504][T15722] hsr_slave_1: left promiscuous mode [ 192.388468][T15733] loop3: detected capacity change from 0 to 512 [ 192.421794][T15733] EXT4-fs (loop3): orphan cleanup on readonly fs [ 192.438492][T15733] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.5010: bg 0: block 248: padding at end of block bitmap is not set [ 192.477644][T15733] __quota_error: 179 callbacks suppressed [ 192.477662][T15733] Quota error (device loop3): write_blk: dquota write failed [ 192.491032][T15733] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 192.501008][T15733] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.5010: Failed to acquire dquot type 1 [ 192.501187][T15740] loop7: detected capacity change from 0 to 128 [ 192.530650][T15740] bio_check_eod: 14667 callbacks suppressed [ 192.536822][T15740] syz.7.5012: attempt to access beyond end of device [ 192.536822][T15740] loop7: rw=0, sector=61, nr_sectors = 96 limit=128 [ 192.552252][T15733] EXT4-fs (loop3): 1 truncate cleaned up [ 192.564946][T15733] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 192.581300][T15733] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 192.590908][T15733] Quota error (device loop3): do_check_range: Getting block 1536 out of range 0-5 [ 192.797922][T15764] netlink: 'syz.8.5021': attribute type 12 has an invalid length. [ 192.859471][ T29] audit: type=1326 audit(1751848928.034:6519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 192.887277][T15770] loop7: detected capacity change from 0 to 8192 [ 192.920162][ T29] audit: type=1326 audit(1751848928.074:6520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 192.943804][ T29] audit: type=1326 audit(1751848928.074:6521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 192.967512][ T29] audit: type=1326 audit(1751848928.074:6522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 192.991091][ T29] audit: type=1326 audit(1751848928.084:6523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 193.014638][ T29] audit: type=1326 audit(1751848928.084:6524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 193.038185][ T29] audit: type=1326 audit(1751848928.084:6525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15773 comm="syz.8.5027" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 193.069297][ T9635] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 193.077330][ T9635] FAT-fs (loop7): Filesystem has been set read-only [ 193.132858][T15786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5035'. [ 193.141843][T15786] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5035'. [ 193.194912][T15786] wireguard0: entered promiscuous mode [ 193.200463][T15786] wireguard0: entered allmulticast mode [ 193.288472][T15806] program syz.7.5042 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 193.297927][T15806] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 193.984038][T15848] netlink: 1276 bytes leftover after parsing attributes in process `syz.5.5058'. [ 194.224450][T15857] netlink: 'syz.0.5062': attribute type 1 has an invalid length. [ 194.239637][T15857] 8021q: adding VLAN 0 to HW filter on device bond7 [ 194.258606][T15857] macvlan2: entered promiscuous mode [ 194.264005][T15857] macvlan2: entered allmulticast mode [ 194.271876][T15857] bond7: entered promiscuous mode [ 194.277495][T15857] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 194.289124][T15857] bond7: left promiscuous mode [ 194.468230][T15875] loop3: detected capacity change from 0 to 512 [ 194.483619][T15875] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix. [ 194.498389][T15875] EXT4-fs (loop3): mount failed [ 194.596911][T15888] smc: net device bond0 applied user defined pnetid SYZ2 [ 194.604607][T15888] smc: net device bond0 erased user defined pnetid SYZ2 [ 194.729221][T15908] loop7: detected capacity change from 0 to 1024 [ 194.742444][T15908] EXT4-fs mount: 2 callbacks suppressed [ 194.742458][T15908] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.781777][T15908] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4113: comm syz.7.5076: Allocating blocks 497-513 which overlap fs metadata [ 194.818501][T15907] EXT4-fs (loop7): pa ffff888106a687e0: logic 304, phys. 449, len 4 [ 194.826675][T15907] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 1 [ 194.849666][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.283591][T15965] netlink: 277 bytes leftover after parsing attributes in process `syz.5.5100'. [ 195.529451][T16000] loop3: detected capacity change from 0 to 512 [ 195.545538][T16000] EXT4-fs: Ignoring removed nomblk_io_submit option [ 195.561588][T16000] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 195.569575][T16000] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c01d, mo2=0102] [ 195.590388][T16000] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80) [ 195.600109][T16000] EXT4-fs (loop3): Skipping orphan cleanup due to unknown ROCOMPAT features [ 195.610123][T16000] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 195.625385][T16000] EXT4-fs (loop3): couldn't mount RDWR because of unsupported optional features (80) [ 195.653307][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.670058][T16018] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5115'. [ 196.256168][T16069] pim6reg1: entered promiscuous mode [ 196.261635][T16069] pim6reg1: entered allmulticast mode [ 196.455109][T16072] loop3: detected capacity change from 0 to 4096 [ 196.474101][T16094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5144'. [ 196.476508][T16072] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.496829][T16092] netlink: 'syz.8.5143': attribute type 4 has an invalid length. [ 196.506445][ T23] lo speed is unknown, defaulting to 1000 [ 196.512326][ T23] syz0: Port: 1 Link DOWN [ 196.710214][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.129724][ T36] Process accounting resumed [ 197.133348][T16108] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5149'. [ 197.143491][T16108] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5149'. [ 197.188229][T16106] loop8: detected capacity change from 0 to 8192 [ 197.362959][T16135] netlink: 'syz.0.5161': attribute type 6 has an invalid length. [ 197.433714][T16139] pim6reg1: entered promiscuous mode [ 197.439093][T16139] pim6reg1: entered allmulticast mode [ 197.645048][ T29] kauditd_printk_skb: 106 callbacks suppressed [ 197.645067][ T29] audit: type=1326 audit(1751848932.824:6632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16159 comm="syz.0.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 197.689247][ T29] audit: type=1326 audit(1751848932.824:6633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16159 comm="syz.0.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 197.712913][ T29] audit: type=1326 audit(1751848932.824:6634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16159 comm="syz.0.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 197.736663][ T29] audit: type=1326 audit(1751848932.824:6635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16159 comm="syz.0.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 197.760406][ T29] audit: type=1326 audit(1751848932.834:6636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16159 comm="syz.0.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 198.120797][ T29] audit: type=1326 audit(1751848933.284:6637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16190 comm="syz.7.5185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 198.144446][ T29] audit: type=1326 audit(1751848933.284:6638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16190 comm="syz.7.5185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 198.167972][ T29] audit: type=1326 audit(1751848933.284:6639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16190 comm="syz.7.5185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 198.191807][ T29] audit: type=1326 audit(1751848933.284:6640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16190 comm="syz.7.5185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 198.215354][ T29] audit: type=1326 audit(1751848933.284:6641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16190 comm="syz.7.5185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9f125e929 code=0x7ffc0000 [ 198.349716][T16209] loop7: detected capacity change from 0 to 512 [ 198.357757][T16209] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 198.378292][T16209] EXT4-fs (loop7): 1 truncate cleaned up [ 198.385326][T16209] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.511601][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.661966][T16248] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=16248 comm=syz.0.5207 [ 198.711231][T16245] loop7: detected capacity change from 0 to 8192 [ 199.024085][T16296] netlink: 'syz.3.5227': attribute type 1 has an invalid length. [ 199.046122][T16296] 8021q: adding VLAN 0 to HW filter on device bond6 [ 199.076713][T16296] bond6: (slave bridge6): making interface the new active one [ 199.097695][T16296] bond6: (slave bridge6): Enslaving as an active interface with an up link [ 199.391254][T16334] netlink: 'syz.7.5244': attribute type 4 has an invalid length. [ 199.581207][T16351] netlink: 'syz.3.5251': attribute type 12 has an invalid length. [ 199.723309][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5252'. [ 199.734451][T16358] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5252'. [ 199.802900][T16374] netlink: 'syz.3.5260': attribute type 4 has an invalid length. [ 200.078304][T16392] SELinux: failed to load policy [ 201.147294][T16418] netlink: 'syz.5.5275': attribute type 4 has an invalid length. [ 201.269120][T16444] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5288'. [ 201.288772][T16444] netlink: 108 bytes leftover after parsing attributes in process `syz.5.5288'. [ 202.256342][T16527] loop7: detected capacity change from 0 to 256 [ 202.271499][T16527] FAT-fs (loop7): bogus number of FAT sectors [ 202.277754][T16527] FAT-fs (loop7): Can't find a valid FAT filesystem [ 202.454719][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.462276][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.469691][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.497529][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.505713][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.513209][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.520620][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.528134][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.535596][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.543816][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.551488][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.558937][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.566399][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.574518][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.582074][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.608021][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.615584][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.623070][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.630494][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.638689][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.646147][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.653937][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.662141][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.669577][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.677188][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.684656][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.692821][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.700252][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.707757][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.715247][ T36] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 202.763234][ T36] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz1 [ 202.822317][T16585] lo speed is unknown, defaulting to 1000 [ 202.866010][T16592] netlink: 'syz.5.5324': attribute type 16 has an invalid length. [ 202.873930][T16592] netlink: 'syz.5.5324': attribute type 17 has an invalid length. [ 202.904250][T16592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.913790][T16592] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.922693][T16597] netlink: 'syz.8.5328': attribute type 39 has an invalid length. [ 202.932306][T16592] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 203.113231][T16622] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5332'. [ 203.136062][T16622] netlink: 108 bytes leftover after parsing attributes in process `syz.3.5332'. [ 203.168089][ T29] kauditd_printk_skb: 84 callbacks suppressed [ 203.168105][ T29] audit: type=1400 audit(1751848938.344:6726): avc: denied { execute } for pid=16628 comm="syz.5.5335" path="/blkio.bfq.io_wait_time" dev="ramfs" ino=46034 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 203.208364][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.215919][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.223385][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.257013][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.264549][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.272020][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.279514][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.287163][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.294622][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.302088][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.309505][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.316966][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.324410][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.331968][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.339453][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.354996][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.362574][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.370010][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.377460][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.384954][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.392537][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.400047][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.407531][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.414978][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.422422][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.429852][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.437335][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.443127][T16644] netlink: 'syz.7.5338': attribute type 1 has an invalid length. [ 203.444854][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.460042][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.467513][ T10] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 203.495281][T16652] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5338'. [ 203.504627][ T10] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz0] on syz1 [ 203.536736][T16644] 8021q: adding VLAN 0 to HW filter on device bond3 [ 203.588519][T16652] bond3 (unregistering): Released all slaves [ 203.642118][T16659] tipc: Enabled bearer , priority 0 [ 203.652474][T16659] tipc: Disabling bearer [ 203.693166][T16668] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5344'. [ 203.717848][T16668] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5344'. [ 203.773765][T16677] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5347'. [ 203.811755][T16677] netlink: 108 bytes leftover after parsing attributes in process `syz.7.5347'. [ 203.930764][T16700] netlink: 44 bytes leftover after parsing attributes in process `syz.8.5355'. [ 203.948934][T16703] netlink: 'syz.5.5357': attribute type 10 has an invalid length. [ 204.127460][ T29] audit: type=1326 audit(1751848939.304:6727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.151906][ T29] audit: type=1326 audit(1751848939.304:6728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.175523][ T29] audit: type=1326 audit(1751848939.304:6729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.199949][ T29] audit: type=1326 audit(1751848939.304:6730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.224266][ T29] audit: type=1326 audit(1751848939.304:6731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.328348][ T29] audit: type=1326 audit(1751848939.434:6732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.352781][ T29] audit: type=1326 audit(1751848939.434:6733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.376431][ T29] audit: type=1326 audit(1751848939.434:6734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.382013][T16761] netlink: 'syz.8.5369': attribute type 10 has an invalid length. [ 204.400817][ T29] audit: type=1326 audit(1751848939.454:6735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16730 comm="syz.8.5365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f089abfe929 code=0x7ffc0000 [ 204.755849][T16804] tipc: Enabled bearer , priority 0 [ 204.765523][T16804] tipc: Disabling bearer [ 204.788599][T16809] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 205.180526][T16841] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5394'. [ 205.564634][T16873] openvswitch: netlink: Message has 6 unknown bytes. [ 205.565427][T16869] syzkaller0: entered promiscuous mode [ 205.577165][T16869] syzkaller0: entered allmulticast mode [ 205.621820][T16875] SELinux: failed to load policy [ 205.664901][T16877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5403'. [ 205.733519][T16887] loop3: detected capacity change from 0 to 512 [ 205.754037][T16887] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.777836][T16887] ext4 filesystem being mounted at /1134/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 206.004676][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.261189][T16927] netlink: 'syz.7.5424': attribute type 4 has an invalid length. [ 206.426375][T16944] pim6reg1: entered promiscuous mode [ 206.431888][T16944] pim6reg1: entered allmulticast mode [ 206.487052][T16954] loop7: detected capacity change from 0 to 512 [ 206.494854][T16954] EXT4-fs (loop7): orphan cleanup on readonly fs [ 206.502638][T16954] EXT4-fs error (device loop7): ext4_validate_block_bitmap:441: comm syz.7.5437: bg 0: block 248: padding at end of block bitmap is not set [ 206.518480][T16954] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.5437: Failed to acquire dquot type 1 [ 206.531400][T16954] EXT4-fs (loop7): 1 truncate cleaned up [ 206.545110][T16954] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 206.604921][T16954] EXT4-fs (loop7): warning: mounting fs with errors, running e2fsck is recommended [ 206.621560][T16954] EXT4-fs (loop7): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 206.672673][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.716616][T16973] openvswitch: netlink: Message has 6 unknown bytes. [ 206.850791][T16988] loop9: detected capacity change from 0 to 7 [ 206.858217][T16988] buffer_io_error: 2 callbacks suppressed [ 206.858234][T16988] Buffer I/O error on dev loop9, logical block 0, async page read [ 206.873770][T16988] Buffer I/O error on dev loop9, logical block 0, async page read [ 206.881728][T16988] loop9: unable to read partition table [ 206.887599][T16988] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 206.887599][T16988] ) failed (rc=-5) [ 206.949419][T16994] Set syz1 is full, maxelem 65536 reached [ 207.129735][T17012] SET target dimension over the limit! [ 207.277198][T17033] pim6reg1: entered promiscuous mode [ 207.282779][T17033] pim6reg1: entered allmulticast mode [ 208.027620][T17082] lo speed is unknown, defaulting to 1000 [ 208.055978][T11107] bridge_slave_1: left allmulticast mode [ 208.061733][T11107] bridge_slave_1: left promiscuous mode [ 208.067470][T11107] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.095636][T11107] bridge_slave_0: left promiscuous mode [ 208.101469][T11107] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.150806][ T2959] SELinux: failure in sel_netif_sid_slow(), invalid network interface (13) [ 208.199391][T17092] loop3: detected capacity change from 0 to 4096 [ 208.212304][T17092] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.393876][T11107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.411443][T11107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.424975][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.442000][T11107] bond0 (unregistering): Released all slaves [ 208.503364][ T29] kauditd_printk_skb: 86 callbacks suppressed [ 208.503396][ T29] audit: type=1400 audit(1751848943.684:6819): avc: denied { module_load } for pid=17099 comm="syz.3.5497" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=48590 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=system permissive=1 [ 208.504328][T11107] tipc: Left network mode [ 208.708694][ T29] audit: type=1400 audit(1751848943.884:6820): avc: denied { mount } for pid=17104 comm="syz.7.5508" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 208.755471][T11107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.781837][T11107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.790715][T17115] netlink: 'syz.7.5502': attribute type 1 has an invalid length. [ 208.844906][T11107] team0 (unregistering): Port device team_slave_1 removed [ 208.863888][T11107] team0 (unregistering): Port device team_slave_0 removed [ 208.910427][T17120] __nla_validate_parse: 17 callbacks suppressed [ 208.910445][T17120] netlink: 92 bytes leftover after parsing attributes in process `syz.3.5500'. [ 208.917011][T17115] 8021q: adding VLAN 0 to HW filter on device bond3 [ 208.937326][T17118] 8021q: adding VLAN 0 to HW filter on device bond3 [ 208.952425][T17118] bond3: (slave vti0): The slave device specified does not support setting the MAC address [ 208.972737][T17118] bond3: (slave vti0): Error -95 calling set_mac_address [ 208.994020][T17082] chnl_net:caif_netlink_parms(): no params data found [ 209.094236][T17082] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.101443][T17082] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.109049][T17082] bridge_slave_0: entered allmulticast mode [ 209.116792][T17082] bridge_slave_0: entered promiscuous mode [ 209.124495][T17082] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.131640][T17082] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.139518][T17082] bridge_slave_1: entered allmulticast mode [ 209.146449][T17082] bridge_slave_1: entered promiscuous mode [ 209.167004][T17082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.167850][T17133] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5506'. [ 209.178271][T17082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.198158][T17131] loop3: detected capacity change from 0 to 2048 [ 209.215619][T17131] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 209.239063][T17082] team0: Port device team_slave_0 added [ 209.256018][T17082] team0: Port device team_slave_1 added [ 209.275707][T17140] pim6reg1: entered promiscuous mode [ 209.281144][T17140] pim6reg1: entered allmulticast mode [ 209.295237][T17082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.302266][T17082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.328327][T17082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.343970][T17082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.351018][T17082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.377028][T17082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.394219][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.412981][T17082] hsr_slave_0: entered promiscuous mode [ 209.419191][T17082] hsr_slave_1: entered promiscuous mode [ 209.425709][T17082] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.433338][T17082] Cannot create hsr debugfs directory [ 209.564884][T17082] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 209.581158][T17082] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 209.607730][T17082] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 209.622759][T17082] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 209.710279][T17082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.739057][T17082] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.760028][T11107] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.767165][T11107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.796901][T11107] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.804037][T11107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.813010][ T29] audit: type=1400 audit(1751848944.994:6821): avc: denied { egress } for pid=2959 comm="kworker/0:2" daddr=ff02::16 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1 [ 209.835669][ T29] audit: type=1400 audit(1751848944.994:6822): avc: denied { sendto } for pid=2959 comm="kworker/0:2" daddr=ff02::16 netif=gretap0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1 [ 209.844705][T17082] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 209.868463][T17082] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.962729][T17082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.154962][ T29] audit: type=1400 audit(1751848945.334:6823): avc: denied { watch watch_reads } for pid=17194 comm="syz.3.5527" path="/1159/file0" dev="tmpfs" ino=6035 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 210.189407][T17191] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5525'. [ 210.315665][T17082] veth0_vlan: entered promiscuous mode [ 210.325557][T17082] veth1_vlan: entered promiscuous mode [ 210.344760][T17082] veth0_macvtap: entered promiscuous mode [ 210.352711][T17082] veth1_macvtap: entered promiscuous mode [ 210.368072][T17082] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.379358][T17082] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.395197][T17082] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.404104][T17082] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.412898][T17082] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.421815][T17082] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.447241][ T29] audit: type=1400 audit(1751848945.624:6824): avc: denied { map } for pid=17225 comm="syz.7.5537" path="socket:[47771]" dev="sockfs" ino=47771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 210.470604][ T29] audit: type=1400 audit(1751848945.624:6825): avc: denied { read } for pid=17225 comm="syz.7.5537" path="socket:[47771]" dev="sockfs" ino=47771 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 210.516012][ T29] audit: type=1400 audit(1751848945.694:6826): avc: denied { mounton } for pid=17082 comm="syz-executor" path="/root/syzkaller.YIc7n1/syz-tmp" dev="sda1" ino=2055 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 210.553691][ T29] audit: type=1400 audit(1751848945.724:6827): avc: denied { mounton } for pid=17082 comm="syz-executor" path="/root/syzkaller.YIc7n1/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 210.554238][T17233] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5540'. [ 210.580705][ T29] audit: type=1400 audit(1751848945.734:6828): avc: denied { mounton } for pid=17082 comm="syz-executor" path="/root/syzkaller.YIc7n1/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=47796 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 210.667923][T17238] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5542'. [ 210.679723][T17238] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5542'. [ 210.782552][T17259] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5550'. [ 210.862850][T17272] loop7: detected capacity change from 0 to 2048 [ 210.872981][T17272] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.003432][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.130932][T17296] loop7: detected capacity change from 0 to 8192 [ 211.138390][T17296] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 211.297081][T17313] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 211.297081][T17313] The task syz.7.5569 (17313) triggered the difference, watch for misbehavior. [ 211.357401][T17317] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5575'. [ 211.402431][T17321] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5577'. [ 211.418848][T17321] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5577'. [ 212.408709][T17358] vlan2: entered allmulticast mode [ 212.422527][T17363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.431179][T17363] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.478680][T17371] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=17371 comm=syz.0.5595 [ 212.491351][T17371] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=17371 comm=syz.0.5595 [ 212.607999][T17387] bridge_slave_0: entered promiscuous mode [ 212.613929][T17387] bridge_slave_0: entered allmulticast mode [ 212.794388][T17379] loop7: detected capacity change from 0 to 4096 [ 212.814046][T17379] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.866451][T17409] 8021q: adding VLAN 0 to HW filter on device bond7 [ 212.890289][T17409] macvlan0: entered promiscuous mode [ 212.896460][T17409] macvlan0: entered allmulticast mode [ 212.904077][T17409] bond7: entered promiscuous mode [ 212.909467][T17409] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 212.917277][T17409] bond7: left promiscuous mode [ 213.025694][T17420] usb usb1: usbfs: process 17420 (syz.9.5618) did not claim interface 0 before use [ 213.150160][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.918761][T17458] loop9: detected capacity change from 0 to 2048 [ 213.932838][T17458] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 214.050503][ T29] kauditd_printk_skb: 75 callbacks suppressed [ 214.050522][ T29] audit: type=1326 audit(1751848949.224:6904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm="syz.3.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.083165][ T29] audit: type=1326 audit(1751848949.224:6905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm="syz.3.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.106749][ T29] audit: type=1326 audit(1751848949.224:6906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm="syz.3.5640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.120099][T17472] vlan0: entered allmulticast mode [ 214.131172][ T29] audit: type=1326 audit(1751848949.224:6907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.159192][ T29] audit: type=1326 audit(1751848949.224:6908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.183352][ T29] audit: type=1326 audit(1751848949.224:6909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.207028][ T29] audit: type=1326 audit(1751848949.264:6910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.231427][ T29] audit: type=1326 audit(1751848949.264:6911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.257266][ T29] audit: type=1326 audit(1751848949.294:6912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.281597][ T29] audit: type=1326 audit(1751848949.294:6913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17471 comm=77DEA305FF07 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f5a9de929 code=0x7ffc0000 [ 214.328122][T17082] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.703661][T17502] syzkaller0: entered promiscuous mode [ 214.709209][T17502] syzkaller0: entered allmulticast mode [ 214.765594][T17511] __nla_validate_parse: 1 callbacks suppressed [ 214.765611][T17511] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5656'. [ 214.819998][T17511] 8021q: adding VLAN 0 to HW filter on device bond4 [ 214.845770][T17516] macvlan2: entered promiscuous mode [ 214.851179][T17516] macvlan2: entered allmulticast mode [ 214.896081][T17516] bond4: entered promiscuous mode [ 214.931262][T17516] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 214.965668][T17516] bond4: left promiscuous mode [ 215.185682][T17539] serio: Serial port ptm0 [ 215.188937][T17542] can0: slcan on ttyS3. [ 215.221902][T17542] can0 (unregistered): slcan off ttyS3. [ 215.227659][T17542] Falling back ldisc for ttyS3. [ 215.300048][ T10] IPVS: starting estimator thread 0... [ 215.330064][T17556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5674'. [ 215.340476][T17551] loop7: detected capacity change from 0 to 8192 [ 215.356379][T17556] 8021q: adding VLAN 0 to HW filter on device bond8 [ 215.374048][T17556] macvlan2: entered promiscuous mode [ 215.379410][T17556] macvlan2: entered allmulticast mode [ 215.386100][T17556] bond8: entered promiscuous mode [ 215.393306][T17556] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 215.400882][T17554] IPVS: using max 2064 ests per chain, 103200 per kthread [ 215.411747][T17556] bond8: left promiscuous mode [ 215.419893][T17561] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17561 comm=syz.5.5676 [ 215.487475][T17573] loop3: detected capacity change from 0 to 256 [ 215.609841][T17588] vlan1: entered allmulticast mode [ 217.091192][T17648] syzkaller0: entered allmulticast mode [ 217.103086][T17648] syzkaller0: entered promiscuous mode [ 217.124693][T17648] syzkaller0 (unregistering): left allmulticast mode [ 217.131557][T17648] syzkaller0 (unregistering): left promiscuous mode [ 217.368356][T17677] netlink: 52 bytes leftover after parsing attributes in process `syz.7.5726'. [ 217.689003][T17687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5730'. [ 217.700288][T17688] loop7: detected capacity change from 0 to 512 [ 217.708182][T17688] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 217.720497][T17688] EXT4-fs (loop7): 1 truncate cleaned up [ 217.726736][T17688] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.752446][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.886726][T17699] loop7: detected capacity change from 0 to 512 [ 217.893753][T17699] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 217.905332][T17699] EXT4-fs (loop7): 1 truncate cleaned up [ 217.911568][T17699] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.028580][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.251352][T17730] vhci_hcd: invalid port number 96 [ 218.253394][T17737] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5753'. [ 218.256519][T17730] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 219.208625][ T29] kauditd_printk_skb: 140 callbacks suppressed [ 219.208641][ T29] audit: type=1326 audit(1751848954.384:7054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.263458][ T29] audit: type=1326 audit(1751848954.424:7055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.287088][ T29] audit: type=1326 audit(1751848954.424:7056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.310772][ T29] audit: type=1326 audit(1751848954.424:7057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.334774][ T29] audit: type=1326 audit(1751848954.424:7058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.358379][ T29] audit: type=1326 audit(1751848954.424:7059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.381908][ T29] audit: type=1326 audit(1751848954.424:7060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.405567][ T29] audit: type=1326 audit(1751848954.424:7061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.423283][T17863] tipc: New replicast peer: 0.0.255.255 [ 219.429307][ T29] audit: type=1326 audit(1751848954.424:7062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.435600][T17863] tipc: Enabled bearer , priority 10 [ 219.458536][ T29] audit: type=1326 audit(1751848954.424:7063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17854 comm="syz.0.5769" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f134c34e929 code=0x7ffc0000 [ 219.577488][T17872] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5772'. [ 220.071970][T17918] pim6reg1: entered promiscuous mode [ 220.077425][T17918] pim6reg1: entered allmulticast mode [ 220.197904][T17921] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5781'. [ 220.214005][T17921] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5781'. [ 220.279070][T17924] loop7: detected capacity change from 0 to 512 [ 220.308516][T17924] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.325637][T17924] ext4 filesystem being mounted at /633/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 220.389186][T17937] loop3: detected capacity change from 0 to 1024 [ 220.397024][T17937] EXT4-fs: Ignoring removed oldalloc option [ 220.403505][T17937] EXT4-fs: Ignoring removed orlov option [ 220.413530][T17937] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 220.435947][T17937] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.457448][T17937] EXT4-fs: Ignoring removed orlov option [ 220.459226][ T9635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.472562][T17937] EXT4-fs (loop3): can't enable nombcache during remount [ 220.495895][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.632279][T17955] netlink: 172796 bytes leftover after parsing attributes in process `syz.7.5794'. [ 221.012952][T17947] SELinux: failed to load policy [ 221.022365][T17984] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5806'. [ 221.043465][T17986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5807'. [ 221.056013][T17986] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5807'. [ 221.124383][T17994] syzkaller0: entered allmulticast mode [ 221.138366][T17994] syzkaller0: entered promiscuous mode [ 221.149229][T17994] syzkaller0 (unregistering): left allmulticast mode [ 221.156385][T17994] syzkaller0 (unregistering): left promiscuous mode [ 221.216618][T17998] IPVS: Error connecting to the multicast addr [ 221.223642][T18007] tipc: Enabling of bearer rejected, failed to enable media [ 221.255707][T18009] syzkaller0: entered allmulticast mode [ 221.264422][T18009] syzkaller0: entered promiscuous mode [ 221.289317][T18009] syzkaller0 (unregistering): left allmulticast mode [ 221.296753][T18009] syzkaller0 (unregistering): left promiscuous mode [ 221.373172][T18019] pim6reg1: entered promiscuous mode [ 221.378639][T18019] pim6reg1: entered allmulticast mode [ 221.378814][T18021] loop9: detected capacity change from 0 to 512 [ 221.396740][T18021] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 221.422836][T18021] EXT4-fs (loop9): 1 truncate cleaned up [ 221.440113][T18021] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 221.486717][T17082] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.572543][T18035] x_tables: ip6_tables: policy.0 match: invalid size 312 (kernel) != (user) 16 [ 221.600508][T18038] netlink: 'syz.7.5829': attribute type 1 has an invalid length. [ 221.634908][T18038] bond5: entered promiscuous mode [ 221.640019][T18038] bond5: entered allmulticast mode [ 221.645491][T18038] 8021q: adding VLAN 0 to HW filter on device bond5 [ 221.660602][T18038] ip6gretap1: entered promiscuous mode [ 221.666253][T18038] ip6gretap1: entered allmulticast mode [ 221.672890][T18038] bond5: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 221.750980][T11107] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 221.812924][T18051] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5835'. [ 221.853794][T18051] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5835'. [ 221.884116][T11107] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 221.908348][T18057] netlink: 96 bytes leftover after parsing attributes in process `syz.9.5839'. [ 222.027528][T18075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5838'. [ 222.051453][T18079] veth1_to_bond: entered allmulticast mode [ 222.057760][T18081] netlink: 'syz.7.5845': attribute type 10 has an invalid length. [ 222.066911][T18079] veth1_to_bond: left allmulticast mode [ 222.127624][T18087] loop9: detected capacity change from 0 to 512 [ 222.153436][T18087] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 222.166759][T18087] ext4 filesystem being mounted at /49/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 222.183885][T18087] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #2: comm syz.9.5851: corrupted inode contents [ 222.197878][T18087] EXT4-fs error (device loop9): ext4_dirty_inode:6459: inode #2: comm syz.9.5851: mark_inode_dirty error [ 222.210118][T18087] EXT4-fs error (device loop9): ext4_do_update_inode:5568: inode #2: comm syz.9.5851: corrupted inode contents [ 222.224135][T18087] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #2: comm syz.9.5851: mark_inode_dirty error [ 222.289104][T17082] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.488612][T18085] ================================================================== [ 222.496748][T18085] BUG: KCSAN: data-race in __ep_eventpoll_poll / wakeup_source_report_event [ 222.505452][T18085] [ 222.507799][T18085] write to 0xffff88811a9796b8 of 1 bytes by task 18080 on cpu 0: [ 222.515578][T18085] wakeup_source_report_event+0xd6/0x280 [ 222.521323][T18085] __pm_stay_awake+0x34/0x70 [ 222.525944][T18085] ep_poll_callback+0x1f6/0x550 [ 222.530823][T18085] __wake_up+0x63/0xb0 [ 222.534928][T18085] unix_dgram_peer_wake_relay+0xd3/0xf0 [ 222.540505][T18085] __wake_up_sync_key+0x4f/0x80 [ 222.545379][T18085] __unix_dgram_recvmsg+0x3b2/0x840 [ 222.550607][T18085] unix_dgram_recvmsg+0x81/0x90 [ 222.555487][T18085] sock_recvmsg_nosec+0x104/0x130 [ 222.560548][T18085] ____sys_recvmsg+0x26f/0x280 [ 222.565372][T18085] ___sys_recvmsg+0x11f/0x370 [ 222.570091][T18085] do_recvmmsg+0x1ef/0x540 [ 222.574523][T18085] __x64_sys_recvmmsg+0xe5/0x170 [ 222.579485][T18085] x64_sys_call+0x1c6a/0x2fb0 [ 222.584280][T18085] do_syscall_64+0xd2/0x200 [ 222.589288][T18085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.595262][T18085] [ 222.597599][T18085] read to 0xffff88811a9796b8 of 1 bytes by task 18085 on cpu 1: [ 222.605255][T18085] __ep_eventpoll_poll+0x1de/0x4e0 [ 222.610422][T18085] __ep_eventpoll_poll+0x2d7/0x4e0 [ 222.615557][T18085] ep_eventpoll_poll+0x1f/0x30 [ 222.620338][T18085] do_sys_poll+0x65e/0xbd0 [ 222.624771][T18085] __se_sys_ppoll+0x1b9/0x200 [ 222.629490][T18085] __x64_sys_ppoll+0x67/0x80 [ 222.634115][T18085] x64_sys_call+0x2de5/0x2fb0 [ 222.638823][T18085] do_syscall_64+0xd2/0x200 [ 222.643372][T18085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.649291][T18085] [ 222.651626][T18085] value changed: 0x00 -> 0x01 [ 222.656345][T18085] [ 222.658677][T18085] Reported by Kernel Concurrency Sanitizer on: [ 222.664927][T18085] CPU: 1 UID: 0 PID: 18085 Comm: syz.3.5846 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(voluntary) [ 222.675704][T18085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.685778][T18085] ==================================================================