last executing test programs: 1m31.203022964s ago: executing program 4 (id=187): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) close(r1) 1m30.941887948s ago: executing program 4 (id=198): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000020000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x80000}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x300, 0x0, 0x30141}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0xba01}, 0x810) 1m30.729010151s ago: executing program 4 (id=206): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000500)='kfree\x00', r1}, 0x18) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x20008844) 1m30.699316382s ago: executing program 4 (id=208): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f00000000c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x7a7, 0x0, 0x4, 0x7}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0xffff}}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1m30.591815373s ago: executing program 4 (id=211): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x4c) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@empty, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x68, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}}}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) 1m30.156741859s ago: executing program 4 (id=212): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x83a, &(0x7f0000000180)={0x0, 0x2b9a, 0x1000, 0x0, 0x3cf}, &(0x7f0000000300)=0x0, &(0x7f00000005c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x1a, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, 0x1000}) io_uring_enter(r1, 0x3516, 0x8000000, 0x0, 0x0, 0x0) 1m30.15640609s ago: executing program 32 (id=212): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x83a, &(0x7f0000000180)={0x0, 0x2b9a, 0x1000, 0x0, 0x3cf}, &(0x7f0000000300)=0x0, &(0x7f00000005c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x1a, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffffff, 0x1000}) io_uring_enter(r1, 0x3516, 0x8000000, 0x0, 0x0, 0x0) 1m14.281984487s ago: executing program 5 (id=775): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff3d1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000400)={r1, &(0x7f0000001380)="df"}, 0x20) 1m14.242397098s ago: executing program 5 (id=776): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001007f007ea770aa11756dd600000c00028005000100010000000c0019"], 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x0) 1m14.163629949s ago: executing program 5 (id=779): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d00)=ANY=[@ANYBLOB="0b00000005000000050000000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="120000000800000004000000b47c000000000000", @ANYRES32, @ANYBLOB="0800efffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000300000200"], 0x48) 1m14.016611581s ago: executing program 5 (id=784): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[], 0x1, 0x120b, &(0x7f0000002300)="$eJzs3M9rXFUUB/CTNv1hajJRa7UF6UE3unk2WbhyEyQF6YDSNoVWEF7NRIeZzIS8ITBFbHdu/TvEpTtB/AeyceNacJeNyy7EJ84LtglxEcFOWz6fzRzm3i9zH28YeJd7Zu/9bzZ7G1WxUY7ixMxMzG5F5MOMjBNxMhoP4p1bv/z6xo3bd66ttNur1zOvrtxcei8zFy7/+MmX37350+jcre8XfjgTu4uf7v2+/Nvuhd2Le3/e/KJbZbfKwXCUZd4dDkfl3X4n17tVr8j8uN8pq052B1Vn+8D4Rn+4tTXOcrA+P7e13amqLAfj7HXGORrmaHuc5edld5BFUeT8XPDfnY61bx/WdR1R16fidNR1Xb8Qc3EuXoz5WIhWLMZL8XK8Eufj1bgQr8XrcXEya9orBwAAAAAAAAAAAAAAAAAAgOeL/n8AAAAAAAAAAAAAAAAAAACYPv3/AAAAAAAAAAAAAAAAAAAAMH36/wEAAAAAAAAAAAAAAAAAAGD6bty+c22l3V69nnk2YvPrnbWdtea1GV/ZiG70oxNXohV/xKT7v9HUVz9sr17JicV4d/P+fv7+ztrJg/mlyd8JHJlfavJ5MH8m5h7PL0crzh+dXz4yfzbefuuxfBGt+PmzGEY/1uPv7KP8V0uZH3zUPpS/NJkHAAAAz4Mi/3Hk83tR5MxMM/XQePPmv+8P1K1D+wOHnq9n49LsFC+ciWp8r1f2+53tZ6vY/0rGvV55+WlYj+IYxf69e/C0rOcZLU5FxP/4EVP8UeKJeXTTp70SAAAAAAAAAAAAjuMYBwNnm/O2xz9OOO1rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5iB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcFAAD//78558w=") mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x24, 0xffffffffffffffff, {0x2}}, './file0\x00'}) 1m13.827662674s ago: executing program 5 (id=789): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f815108f6091475aeec600831aa9d3944e60bc2ad06a619c5", 0x27}], 0x1}, 0x0) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0) 1m13.508834549s ago: executing program 5 (id=801): r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x100}) openat$tun(0xffffffffffffff9c, 0x0, 0x189081, 0x0) socket$nl_audit(0x10, 0x3, 0x9) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36) sendmsg$AUDIT_TRIM(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f6, 0x200, 0x70bd29, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x1f6b98c7c6571e0e}, 0x4000000) 1m13.46583363s ago: executing program 33 (id=801): r0 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x100}) openat$tun(0xffffffffffffff9c, 0x0, 0x189081, 0x0) socket$nl_audit(0x10, 0x3, 0x9) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x36) sendmsg$AUDIT_TRIM(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f6, 0x200, 0x70bd29, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x1f6b98c7c6571e0e}, 0x4000000) 1m12.293659287s ago: executing program 3 (id=849): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r0}, 0x10) r1 = memfd_secret(0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r2, r1, 0x2e, 0x4608, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r3, 0x4) 1m12.234486178s ago: executing program 3 (id=851): r0 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x6d89, 0x400, 0x40000, 0x115}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x1d, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x8aa, 0x0, 0x41, 0x0, 0x0) r3 = syz_io_uring_setup(0x13ad, &(0x7f0000000180)={0x0, 0x1937, 0x80, 0x1, 0x1ec, 0x0, r0}, &(0x7f0000000200), &(0x7f0000000280)) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0xffffffff7fffffff, r0, 0x8, {0x8000000000000001, 0x8}, 0x4}, 0x1) 1m12.1079813s ago: executing program 3 (id=853): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @lirc_mode2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) fdatasync(r2) 1m11.980979842s ago: executing program 3 (id=855): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f00000001c0)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) 1m11.939525532s ago: executing program 3 (id=857): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000003800)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x5c, 0x160, 0xd0, 0x3e0, 0x1e0, 0x228, 0x25a, 0x1e0, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [0x0, 0x1fe], 'veth0_to_batadv\x00', 'batadv_slave_0\x00', {}, {0xff}}, 0x5002, 0xa8, 0xd0, 0x52020000, {0x0, 0x6802000000000000}}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@dev, @mcast1, [], [], 'virt_wifi0\x00', 'lo\x00', {}, {}, 0x89}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x7, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) recvmmsg(r2, &(0x7f0000001140), 0x700, 0x2, 0x0) 1m11.313398882s ago: executing program 3 (id=866): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000200400001"], 0x48) 1m11.313034232s ago: executing program 34 (id=866): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000200400001"], 0x48) 1m8.79375492s ago: executing program 6 (id=931): bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x3, r2}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540), 0x395}, 0x24048000) 1m8.696786591s ago: executing program 6 (id=934): mkdir(&(0x7f0000000580)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) lsetxattr$security_selinux(&(0x7f0000000400)='./file0\x00', &(0x7f0000000000), &(0x7f0000000280)='system_u:object_r:fsadm_exec_t:s0\x00', 0x22, 0x2) 1m8.623616572s ago: executing program 6 (id=937): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) 1m8.542310393s ago: executing program 6 (id=941): syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 1m8.451356545s ago: executing program 6 (id=944): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) truncate(&(0x7f0000000500)='./file0\x00', 0xbc) 1m7.237009333s ago: executing program 6 (id=997): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) recvmmsg(r2, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) 1m7.183220144s ago: executing program 35 (id=997): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0xfffffffc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2, 0x4}, 0x10) sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x3514}], 0x1}}], 0x400000000000181, 0x9200000000000000) r2 = dup3(r1, r0, 0x0) recvmmsg(r2, &(0x7f0000008840)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0) 26.532313882s ago: executing program 0 (id=2337): getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x100004c, &(0x7f0000000100), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x58) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) setreuid(0xffffffffffffffff, 0xee00) fallocate(r1, 0x0, 0x0, 0x8000c62) copy_file_range(r0, 0x0, r0, &(0x7f00000000c0)=0xae8, 0x863, 0x0) 26.319595636s ago: executing program 0 (id=2342): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e, 0x0, 0xffffffffffffffff, 0x13}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000000000000000002"], 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 25.814911603s ago: executing program 0 (id=2367): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000002c0)={0x32, 0xffffffffffffffff, 'id0\x00'}) pidfd_getfd(r2, 0xffffffffffffffff, 0x0) 25.709212145s ago: executing program 0 (id=2373): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000240)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000040)='./file0\x00') 25.642912316s ago: executing program 0 (id=2379): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000005980)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x44}, 0x0) 25.34412513s ago: executing program 0 (id=2390): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xe}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070003070000000000000002000300030000000903000038000000fcffffff0e000000000020000100050000010000000000000300000008000000f30000007f00000004"], 0x58) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 25.307526461s ago: executing program 36 (id=2390): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0xe}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r2}, 0x18) write$binfmt_elf32(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070003070000000000000002000300030000000903000038000000fcffffff0e000000000020000100050000010000000000000300000008000000f30000007f00000004"], 0x58) close(r0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) 1.877874282s ago: executing program 1 (id=3179): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='mm_page_free\x00', r0, 0x0, 0x3}, 0x18) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3af, 0x4}, 0x100000, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 1.495765448s ago: executing program 1 (id=3185): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000080) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2040000, 0x0) r0 = io_uring_setup(0x2e34, &(0x7f0000000180)={0x0, 0xe148}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) read(r1, &(0x7f0000000840)=""/40, 0x28) 994.809085ms ago: executing program 7 (id=3199): r0 = socket$key(0xf, 0x3, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa000000000000000000000000000000000400"], 0xa8}}, 0x0) 963.997845ms ago: executing program 2 (id=3200): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) 961.711305ms ago: executing program 8 (id=3201): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = gettid() process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 922.450096ms ago: executing program 7 (id=3202): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49dd, 0xffff, 0x0, 0xc003, 0x0, "fa3d76170000001b"}) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000180)={0x0, 0x4, 0x1000000b, 0x9, 0x4, "00000000000000000000c2041a02003d00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) 893.824666ms ago: executing program 2 (id=3203): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="0107000000000000000020000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) 828.335677ms ago: executing program 8 (id=3204): openat$vcsa(0xffffffffffffff9c, 0x0, 0x842, 0x0) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) syz_emit_ethernet(0x26, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x58}, @void, {@arp={0x806, @generic={0x102, 0x805, 0x6, 0x4, 0xe9da94bda0ef4554, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, "620362b3", @remote}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 798.320707ms ago: executing program 2 (id=3205): r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r1, 0x1) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r2, 0x2) flock(r0, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 683.68513ms ago: executing program 9 (id=3207): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe90}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2eb2b00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x8010) 667.54098ms ago: executing program 2 (id=3208): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0x5f}, 0x18) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x80) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) close_range(r1, 0xffffffffffffffff, 0x0) 629.00931ms ago: executing program 1 (id=3209): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$usbfs(0x0, 0x205, 0x8401) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="c0020000100063d10000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa0000000000000000000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc01000000000000000000000000000000000000330000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000b000000000000000000000000000000ffffffffffffffff000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001600000000020000000000000000000000bf010100636d61632861657329"], 0x2c0}, 0x1, 0x0, 0x0, 0x40000}, 0x4004) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, 0x0, 0x20000080) 615.420051ms ago: executing program 9 (id=3210): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000003380)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000006cfa000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x13, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000", @ANYRES32=0x0, @ANYRES32], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r3}, &(0x7f0000000a00), &(0x7f0000000a40)=r2}, 0x20) 615.214251ms ago: executing program 2 (id=3211): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180600000000001700000000000000001812", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70700000000000018"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ptrace(0x10, r0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 580.498811ms ago: executing program 2 (id=3212): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x2, 0x1, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xb, 0x5}, {0xe, 0xffff}, {0xa, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x6}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4048084) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 567.100901ms ago: executing program 9 (id=3213): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getpeername$llc(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 543.214492ms ago: executing program 1 (id=3214): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8e7}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000100)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffff8}, 0x18) r2 = memfd_create(&(0x7f0000001b00)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0\x93F\x065\xb2\xe1b\x1c\x8d\x1b\n\xe7\x9d\x0e\xb9\xa6\xa1\xf1\x1df\xed ^\xa3\x12G2\x0f\xdb]\xd1\xa1\xb7(y\b\x1bOw\xcdV\v\x03\x83\xe2w\xf0\x1b\xc9\xa8\xa1\xa6\xb2\xf3\x97\xcd4h\xa3Ec\r\x8f\xc1', 0x0) write$binfmt_misc(r2, &(0x7f0000000180)="e502", 0x2) execveat(r2, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 534.490152ms ago: executing program 9 (id=3215): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000000203010100000000000000ffffff7f000800034000000000080004400000000008000540000000000900020000000000070000000800010001"], 0x40}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x24000041}, 0x0) 505.162622ms ago: executing program 1 (id=3216): socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f00000000c0)={&(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e20}}, 0x10, 0x0}, 0x8040) 458.126393ms ago: executing program 9 (id=3217): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='mm_page_free\x00', r0, 0x0, 0x3}, 0x18) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3af, 0x4}, 0x100000, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 457.933263ms ago: executing program 1 (id=3218): pipe2(&(0x7f0000001040)={0xffffffffffffffff}, 0x0) r1 = gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r0, r2, 0x60000000000, 0x0) 363.015754ms ago: executing program 8 (id=3219): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{r0}, &(0x7f0000000540), &(0x7f0000000580)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f0000000680)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10) 336.604205ms ago: executing program 8 (id=3220): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000012c0), 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fallocate(r0, 0x0, 0x803, 0x2000404) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000140)={0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffffffd}) 309.105015ms ago: executing program 9 (id=3221): syz_usb_connect(0x2, 0x64, 0x0, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000) 281.555016ms ago: executing program 8 (id=3222): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000095fc11f9de00000080c5897d64cfb22388aac307bd3d7f4de0d2f77b74eee5ee26d3e0a1ba27b2e7163c14f9a5eab2d7a364eff06743e251d0012c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="5300000007000046009d", @ANYBLOB="c770ee18914110e7c19b01ac039e"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 61.473569ms ago: executing program 7 (id=3223): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180200000020702500000000002020207b1af8ff00000000bfa100000000000007010000dbffffffb702000000000000b703000000000000850000000400000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18) r1 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4040095}, 0x8010) sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x2000000) 60.887759ms ago: executing program 8 (id=3233): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000300)={[{@usrquota}, {@data_err_ignore}, {@sysvgroups}, {@auto_da_alloc}]}, 0xfe, 0x567, &(0x7f0000001a40)="$eJzs3U1rXFUfAPD/nSR9S5+nKZSiLiTQhZXaSZP4UtFFXYoWC7qvQ3IbSiadkpmUJhZsF3bjRoogYkH8AO5dFr+An6KghSIl6MLNyJ3caabJTJKm086Y+f3gtufcc5Nzz733f3LOnBkmgIE1nv1TiHg5Ir5JIo60lA1HXji+dtzqoxsz2ZZEvf7pn0kk+b7m8Un+/2ieeSkifv0q4lRhc73V5ZX5UrmcLub5idrC1Ynq8srpywuluXQuvTI1PX32rempd995e/MP799dW1+/8Pf3n9z78OzXJ1a/+/nB0TtJnIvDeVlrO57BzdbMeIzn12Qkzm04cLILlfWTpNcnwK4M5XE+ElkfcCSG8qgH9r4vI6IODKhE/MOAao4DmnP7LefB9b03y3v4wdoEaHP7k7XXRuJAY250aDV5YmaUXYmxLtSf1fHLH3fvZFt073UIgG3dvBURZ4aHn+j//h8t/V9b7x3cwe8+s4NjNtah/4MX5142/nljf5vxT+Hx+CfajH9G28Tubmwf/4UHXaimo2z8937b8e/jRauxoTz3v8aYbyS5dLmcZn1b1k2ejJH9WX6r9Zyzq/frncpax3/ZltXfHAvm5/FgeMN612ypVnqWNrd6eCvilW3Gv0mb+59djws7rON4evfVTmXbt//5qv8U8Vrb+78+10m2Xp+caDwPE82nYrO/bh//rVP9vW5/dv8Pbd3+saR1vbb69HX8eOCftFPZeJIvmj7l878v+ayR3pfvu16q1RYnI/YlH2/eP7X+s8188/is/SdPtI//rZ7/bPzz+Q7bf/vY7Y6H9sP9n32q+98hUU86Ft3/6IsfOtW/s/7vzUbqZL5nJ/3fFmf6ROJZrh0AAAAAAAD0m0JEHI6kUHycLhSKxbX3dxyLQ4VypVo7damydGU2Gp+VHYuRQnOle7Tl/RCT+fthm/mpDfnpiDgaEd8OHWzkizOV8myvGw8AAAAAAAAAAAAAAAAAAAB9YrTD5/8zvw/1+uyA585XfsPg2jb+u/FNT0Bf8vcfBpf4h8El/mFwiX8YXOIfBpf4h8El/mFwrcf/gZ6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAOwRF86fz7b66qMbM1l+9try0nzl2unZtDpfXFiaKc5UFq8W5yqVuXJanKksbPf7ypXK1cmpWLo+UUuT2kR1eeXiQmXpSu3i5YXSXHoxHXkhrQIAAAAAAAAAAAAAAAAAAID/luryynypXE4XJSR2lRjuj9OQ6HKi1z0TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKz7NwAA//9PojbP") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x1c5042, 0x12) write(r1, &(0x7f0000000740)="cc", 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0) 44.116779ms ago: executing program 7 (id=3224): recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@getqdisc={0x24, 0x26, 0x10, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {0x10, 0xd}, {0x3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000001}, 0x20040000) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x2}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80d1}, 0x34008098) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 28.116239ms ago: executing program 7 (id=3225): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000b00)='kmem_cache_free\x00', r0, 0x0, 0x3}, 0x18) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r1, 0x400, 0x0) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000040), 0x0, 0x0, 0x0) fremovexattr(r1, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00') 0s ago: executing program 7 (id=3226): r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x44) recvfrom(r0, 0x0, 0x600, 0x41, 0x0, 0x0) kernel console output (not intermixed with test programs): 5568: inode #16: comm syz.8.1589: corrupted inode contents [ 79.876081][ T29] audit: type=1400 audit(1752358442.361:1877): avc: denied { read write } for pid=7474 comm="syz.2.1596" name="rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 79.924537][ T7455] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem [ 79.953226][ T29] audit: type=1400 audit(1752358442.361:1878): avc: denied { open } for pid=7474 comm="syz.2.1596" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=252 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1 [ 79.988624][ T7455] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #16: comm syz.8.1589: corrupted inode contents [ 80.004946][ T29] audit: type=1326 audit(1752358442.461:1879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7483 comm="syz.1.1601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 80.028509][ T29] audit: type=1326 audit(1752358442.461:1880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7483 comm="syz.1.1601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 80.052071][ T29] audit: type=1326 audit(1752358442.461:1881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7483 comm="syz.1.1601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 80.052411][ T7455] EXT4-fs error (device loop8): ext4_truncate:4597: inode #16: comm syz.8.1589: mark_inode_dirty error [ 80.075522][ T29] audit: type=1326 audit(1752358442.461:1882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7483 comm="syz.1.1601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 80.088006][ T7455] EXT4-fs error (device loop8) in ext4_process_orphan:347: Corrupt filesystem [ 80.109959][ T29] audit: type=1326 audit(1752358442.461:1883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7483 comm="syz.1.1601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 80.121013][ T7455] EXT4-fs (loop8): 1 truncate cleaned up [ 80.142362][ T29] audit: type=1326 audit(1752358442.461:1884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7483 comm="syz.1.1601" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 80.179415][ T7455] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.192094][ T7455] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.264336][ T7455] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.301838][ T7498] __nla_validate_parse: 2 callbacks suppressed [ 80.301853][ T7498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1606'. [ 80.346273][ T7498] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1606'. [ 80.355311][ T7503] netlink: 'syz.0.1609': attribute type 1 has an invalid length. [ 80.355338][ T7503] netlink: 'syz.0.1609': attribute type 4 has an invalid length. [ 80.355352][ T7503] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1609'. [ 80.430506][ T7511] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1613'. [ 80.491873][ T7513] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1614'. [ 80.586230][ T7519] loop8: detected capacity change from 0 to 512 [ 80.604268][ T7519] EXT4-fs: Ignoring removed bh option [ 80.613805][ T7519] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 80.648139][ T7505] syzkaller1: entered promiscuous mode [ 80.649271][ T7519] EXT4-fs (loop8): 1 truncate cleaned up [ 80.653701][ T7505] syzkaller1: entered allmulticast mode [ 80.661014][ T7519] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.778491][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.941807][ T7542] program syz.2.1626 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 81.068383][ T7554] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 81.130045][ T7554] bridge0: port 4(syz_tun) entered blocking state [ 81.136656][ T7554] bridge0: port 4(syz_tun) entered disabled state [ 81.158646][ T7554] syz_tun: entered allmulticast mode [ 81.169592][ T7554] syz_tun: entered promiscuous mode [ 81.185809][ T7554] bridge0: port 4(syz_tun) entered blocking state [ 81.192452][ T7554] bridge0: port 4(syz_tun) entered forwarding state [ 81.201497][ T7561] IPVS: stopping master sync thread 7562 ... [ 81.345296][ T7576] loop1: detected capacity change from 0 to 512 [ 81.450123][ T7576] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 81.483298][ T7585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'. [ 81.493622][ T7576] EXT4-fs (loop1): mount failed [ 81.554599][ T7589] loop8: detected capacity change from 0 to 128 [ 81.583577][ T7589] EXT4-fs: Ignoring removed nobh option [ 81.597737][ T7595] netlink: 'syz.1.1651': attribute type 1 has an invalid length. [ 81.628392][ T7589] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 81.646988][ T7595] 8021q: adding VLAN 0 to HW filter on device bond1 [ 81.669636][ T7589] ext4 filesystem being mounted at /120/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 81.708827][ T7595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1651'. [ 81.756645][ T7595] bond1 (unregistering): Released all slaves [ 81.932539][ T5992] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 81.994114][ T7621] syzkaller1: entered promiscuous mode [ 81.999729][ T7621] syzkaller1: entered allmulticast mode [ 82.760102][ T7678] loop1: detected capacity change from 0 to 8192 [ 82.770238][ T7678] FAT-fs (loop1): error, invalid access to FAT (entry 0x0000ff12) [ 82.778139][ T7678] FAT-fs (loop1): Filesystem has been set read-only [ 82.784937][ T7678] syz.1.1686: attempt to access beyond end of device [ 82.784937][ T7678] loop1: rw=0, sector=65368, nr_sectors = 1 limit=8192 [ 82.899473][ T7684] loop1: detected capacity change from 0 to 1764 [ 83.194403][ T7690] syzkaller1: entered promiscuous mode [ 83.199974][ T7690] syzkaller1: entered allmulticast mode [ 83.319739][ T7707] atomic_op ffff88811bda0128 conn xmit_atomic 0000000000000000 [ 83.376711][ T7714] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 83.391517][ T7713] loop8: detected capacity change from 0 to 2048 [ 83.435318][ T7713] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.514298][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.783931][ T7755] bridge0: entered promiscuous mode [ 83.790627][ T7755] macsec1: entered promiscuous mode [ 83.797164][ T7755] bridge0: port 3(macsec1) entered blocking state [ 83.803692][ T7755] bridge0: port 3(macsec1) entered disabled state [ 83.810352][ T7755] macsec1: entered allmulticast mode [ 83.815671][ T7755] bridge0: entered allmulticast mode [ 83.830196][ T7755] macsec1: left allmulticast mode [ 83.835269][ T7755] bridge0: left allmulticast mode [ 83.858935][ T7755] bridge0: left promiscuous mode [ 83.977811][ T7778] loop2: detected capacity change from 0 to 128 [ 83.993453][ T7778] EXT4-fs: Ignoring removed nobh option [ 84.002577][ T7774] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1728'. [ 84.010109][ T7776] bond1: entered promiscuous mode [ 84.016630][ T7776] bond1: entered allmulticast mode [ 84.022512][ T7776] 8021q: adding VLAN 0 to HW filter on device bond1 [ 84.035927][ T7778] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 84.059034][ T7776] bond1 (unregistering): Released all slaves [ 84.079608][ T7778] ext4 filesystem being mounted at /350/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 84.145037][ T7791] loop0: detected capacity change from 0 to 164 [ 84.188708][ T7797] vhci_hcd: invalid port number 23 [ 84.198290][ T7799] loop7: detected capacity change from 0 to 1764 [ 84.217133][ T3308] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 84.254317][ T7803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7803 comm=syz.0.1742 [ 84.270715][ T7803] netlink: 'syz.0.1742': attribute type 1 has an invalid length. [ 84.323646][ T7817] loop7: detected capacity change from 0 to 512 [ 84.329620][ T7803] bond1: (slave bridge2): making interface the new active one [ 84.338090][ T7803] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 84.370514][ T7817] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 84.434301][ T7824] bond2: entered promiscuous mode [ 84.439603][ T7824] bond2: entered allmulticast mode [ 84.445451][ T7824] 8021q: adding VLAN 0 to HW filter on device bond2 [ 84.446239][ T7817] EXT4-fs (loop7): 1 truncate cleaned up [ 84.460484][ T7824] bond2 (unregistering): Released all slaves [ 84.467174][ T7817] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.518724][ T7831] SELinux: ebitmap: map size 771752000 does not match my size 64 (high bit was 1818846767) [ 84.530101][ T7831] SELinux: failed to load policy [ 84.562856][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.597172][ T7844] atomic_op ffff88811b229528 conn xmit_atomic 0000000000000000 [ 84.663480][ T7852] loop0: detected capacity change from 0 to 512 [ 84.672833][ T7852] EXT4-fs (loop0): orphan cleanup on readonly fs [ 84.679695][ T7852] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.1762: bad orphan inode 13 [ 84.691684][ T7852] ext4_test_bit(bit=12, block=18) = 1 [ 84.697103][ T7852] is_bad_inode(inode)=0 [ 84.701370][ T7852] NEXT_ORPHAN(inode)=2130706432 [ 84.706242][ T7852] max_ino=32 [ 84.709515][ T7852] i_nlink=1 [ 84.715794][ T7852] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 84.730546][ T7852] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 84.750115][ T7852] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 84.771412][ T29] kauditd_printk_skb: 84 callbacks suppressed [ 84.771431][ T29] audit: type=1400 audit(1752358447.251:1968): avc: denied { listen } for pid=7862 comm="syz.7.1765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 84.797100][ T29] audit: type=1400 audit(1752358447.251:1969): avc: denied { accept } for pid=7862 comm="syz.7.1765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 84.838476][ T29] audit: type=1326 audit(1752358447.311:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 84.862001][ T29] audit: type=1326 audit(1752358447.311:1971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 84.894475][ T29] audit: type=1326 audit(1752358447.321:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 84.917921][ T29] audit: type=1326 audit(1752358447.321:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 84.931588][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.941393][ T29] audit: type=1326 audit(1752358447.321:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 84.952069][ T7869] loop8: detected capacity change from 0 to 164 [ 84.973743][ T29] audit: type=1326 audit(1752358447.321:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 85.003486][ T29] audit: type=1326 audit(1752358447.321:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 85.027018][ T29] audit: type=1326 audit(1752358447.321:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7864 comm="syz.2.1767" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 85.084003][ T7878] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1770'. [ 85.152846][ T7890] bridge0: entered promiscuous mode [ 85.160712][ T7890] macsec1: entered promiscuous mode [ 85.168671][ T7890] bridge0: port 3(macsec1) entered blocking state [ 85.175176][ T7890] bridge0: port 3(macsec1) entered disabled state [ 85.183843][ T7890] macsec1: entered allmulticast mode [ 85.184951][ T7897] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 85.184951][ T7897] The task syz.2.1773 (7897) triggered the difference, watch for misbehavior. [ 85.189228][ T7890] bridge0: entered allmulticast mode [ 85.215302][ T7890] macsec1: left allmulticast mode [ 85.220514][ T7890] bridge0: left allmulticast mode [ 85.230685][ T7890] bridge0: left promiscuous mode [ 85.253173][ T7899] loop7: detected capacity change from 0 to 1024 [ 85.266910][ T7901] netlink: 'syz.1.1783': attribute type 10 has an invalid length. [ 85.276978][ T7901] bridge0: port 3(team0) entered disabled state [ 85.286586][ T7899] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.299930][ T7901] team0: left allmulticast mode [ 85.304815][ T7901] team_slave_0: left allmulticast mode [ 85.310525][ T7901] team_slave_1: left allmulticast mode [ 85.313000][ T7899] EXT4-fs error (device loop7): ext4_clear_blocks:876: inode #14: comm syz.7.1782: attempt to clear invalid blocks 1886221359 len 1 [ 85.315996][ T7901] team0: left promiscuous mode [ 85.334587][ T7901] team_slave_0: left promiscuous mode [ 85.340088][ T7901] team_slave_1: left promiscuous mode [ 85.345890][ T7901] bridge0: port 3(team0) entered disabled state [ 85.357655][ T7901] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.376547][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 85.381733][ T7901] team0: entered allmulticast mode [ 85.393293][ T7901] team_slave_0: entered allmulticast mode [ 85.399152][ T7901] team_slave_1: entered allmulticast mode [ 85.441280][ T7907] xt_CT: You must specify a L4 protocol and not use inversions on it [ 85.495282][ T7922] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1792'. [ 85.509584][ T7924] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1793'. [ 85.584707][ T7937] netlink: 'syz.0.1799': attribute type 1 has an invalid length. [ 85.615022][ T7939] loop0: detected capacity change from 0 to 512 [ 85.634140][ T7939] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 85.648270][ T7939] EXT4-fs (loop0): 1 truncate cleaned up [ 85.656627][ T7939] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.860567][ T7970] netlink: 'syz.0.1814': attribute type 10 has an invalid length. [ 85.871172][ T7970] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.921264][ T7974] pim6reg: entered allmulticast mode [ 85.950504][ T7974] pim6reg: left allmulticast mode [ 86.088676][ T7990] loop1: detected capacity change from 0 to 164 [ 86.096705][ T7988] loop2: detected capacity change from 0 to 2048 [ 86.103312][ T7990] Unable to read rock-ridge attributes [ 86.118929][ T7990] Unable to read rock-ridge attributes [ 86.125091][ T7990] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 86.139791][ T7988] loop2: p1 < > p4 [ 86.145560][ T7988] loop2: p4 size 8388608 extends beyond EOD, truncated [ 86.445738][ T8022] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1835'. [ 86.803517][ T8043] bond1: entered promiscuous mode [ 86.808715][ T8043] bond1: entered allmulticast mode [ 86.814652][ T8043] 8021q: adding VLAN 0 to HW filter on device bond1 [ 86.828553][ T8043] bond1 (unregistering): Released all slaves [ 87.035988][ T8064] loop0: detected capacity change from 0 to 1024 [ 87.044872][ T8065] loop7: detected capacity change from 0 to 1024 [ 87.084961][ T8064] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #14: comm syz.0.1854: attempt to clear invalid blocks 1886221359 len 1 [ 87.108654][ T8065] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:4113: comm syz.7.1855: Allocating blocks 449-513 which overlap fs metadata [ 87.138345][ T8062] EXT4-fs (loop7): pa ffff888106aa37e0: logic 48, phys. 177, len 21 [ 87.146592][ T8062] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 87.211927][ T8084] netlink: 'syz.7.1862': attribute type 1 has an invalid length. [ 87.244041][ T8086] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1863'. [ 87.280650][ T8088] loop7: detected capacity change from 0 to 1024 [ 87.287465][ T8088] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 87.314657][ T8088] SELinux: security_context_str_to_sid (-Xܘ7.H\ %u@) failed with errno=-22 [ 87.327878][ T8093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1866'. [ 87.363200][ T8095] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 87.461221][ T8106] netlink: 'syz.7.1871': attribute type 1 has an invalid length. [ 87.477030][ T8106] 8021q: adding VLAN 0 to HW filter on device bond1 [ 87.973829][ T8122] loop8: detected capacity change from 0 to 1024 [ 87.988983][ T8122] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 88.010283][ T8122] SELinux: security_context_str_to_sid (-Xܘ7.H\ %u@) failed with errno=-22 [ 88.033623][ T8124] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 88.051607][ T8127] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1882'. [ 88.143078][ T8136] loop8: detected capacity change from 0 to 1024 [ 88.181251][ T8136] EXT4-fs error (device loop8): ext4_clear_blocks:876: inode #14: comm syz.8.1885: attempt to clear invalid blocks 1886221359 len 1 [ 88.229775][ T8101] syz.1.1879 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 88.243962][ T8101] CPU: 0 UID: 0 PID: 8101 Comm: syz.1.1879 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(voluntary) [ 88.244019][ T8101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.244036][ T8101] Call Trace: [ 88.244045][ T8101] [ 88.244055][ T8101] __dump_stack+0x1d/0x30 [ 88.244082][ T8101] dump_stack_lvl+0xe8/0x140 [ 88.244108][ T8101] dump_stack+0x15/0x1b [ 88.244136][ T8101] dump_header+0x81/0x220 [ 88.244185][ T8101] oom_kill_process+0x334/0x3f0 [ 88.244225][ T8101] out_of_memory+0x979/0xb80 [ 88.244310][ T8101] try_charge_memcg+0x5e6/0x9e0 [ 88.244428][ T8101] obj_cgroup_charge_pages+0xa6/0x150 [ 88.244465][ T8101] __memcg_kmem_charge_page+0x9f/0x170 [ 88.244521][ T8101] __alloc_frozen_pages_noprof+0x188/0x360 [ 88.244593][ T8101] alloc_pages_mpol+0xb3/0x250 [ 88.244623][ T8101] alloc_pages_noprof+0x90/0x130 [ 88.244674][ T8101] __vmalloc_node_range_noprof+0x6f2/0xe00 [ 88.244717][ T8101] __kvmalloc_node_noprof+0x30f/0x4e0 [ 88.244746][ T8101] ? ip_set_alloc+0x1f/0x30 [ 88.244834][ T8101] ? ip_set_alloc+0x1f/0x30 [ 88.244929][ T8101] ? __kmalloc_cache_noprof+0x189/0x320 [ 88.244958][ T8101] ip_set_alloc+0x1f/0x30 [ 88.245133][ T8101] hash_netiface_create+0x282/0x740 [ 88.245212][ T8101] ? __pfx_hash_netiface_create+0x10/0x10 [ 88.245247][ T8101] ip_set_create+0x3c9/0x960 [ 88.245340][ T8101] ? __nla_parse+0x40/0x60 [ 88.245378][ T8101] nfnetlink_rcv_msg+0x4c3/0x590 [ 88.245491][ T8101] ? selinux_capable+0x1f9/0x270 [ 88.245530][ T8101] netlink_rcv_skb+0x120/0x220 [ 88.245702][ T8101] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 88.245737][ T8101] nfnetlink_rcv+0x16b/0x1690 [ 88.245770][ T8101] ? __kfree_skb+0x109/0x150 [ 88.245884][ T8101] ? nlmon_xmit+0x4f/0x60 [ 88.245909][ T8101] ? consume_skb+0x49/0x150 [ 88.245994][ T8101] ? nlmon_xmit+0x4f/0x60 [ 88.246016][ T8101] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 88.246063][ T8101] ? __dev_queue_xmit+0x11c0/0x1fb0 [ 88.246104][ T8101] ? __dev_queue_xmit+0x182/0x1fb0 [ 88.246218][ T8101] ? ref_tracker_free+0x37d/0x3e0 [ 88.246341][ T8101] ? __netlink_deliver_tap+0x4dc/0x500 [ 88.246378][ T8101] netlink_unicast+0x5a5/0x680 [ 88.246420][ T8101] netlink_sendmsg+0x58b/0x6b0 [ 88.246448][ T8101] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.246474][ T8101] __sock_sendmsg+0x145/0x180 [ 88.246505][ T8101] ____sys_sendmsg+0x31e/0x4e0 [ 88.246590][ T8101] ___sys_sendmsg+0x17b/0x1d0 [ 88.246653][ T8101] __x64_sys_sendmsg+0xd4/0x160 [ 88.246747][ T8101] x64_sys_call+0x2999/0x2fb0 [ 88.246797][ T8101] do_syscall_64+0xd2/0x200 [ 88.246814][ T8101] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 88.246839][ T8101] ? clear_bhb_loop+0x40/0x90 [ 88.246863][ T8101] ? clear_bhb_loop+0x40/0x90 [ 88.246956][ T8101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.246989][ T8101] RIP: 0033:0x7f578b40e929 [ 88.247035][ T8101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.247053][ T8101] RSP: 002b:00007f5789a77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.247075][ T8101] RAX: ffffffffffffffda RBX: 00007f578b635fa0 RCX: 00007f578b40e929 [ 88.247092][ T8101] RDX: 0000000000000810 RSI: 0000200000000040 RDI: 0000000000000003 [ 88.247109][ T8101] RBP: 00007f578b490b39 R08: 0000000000000000 R09: 0000000000000000 [ 88.247126][ T8101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 88.247206][ T8101] R13: 0000000000000000 R14: 00007f578b635fa0 R15: 00007ffde47d5b58 [ 88.247226][ T8101] [ 88.247373][ T8101] memory: usage 307200kB, limit 307200kB, failcnt 384 [ 88.601796][ T8101] memory+swap: usage 307652kB, limit 9007199254740988kB, failcnt 0 [ 88.609765][ T8101] kmem: usage 307200kB, limit 9007199254740988kB, failcnt 0 [ 88.617101][ T8101] Memory cgroup stats for /syz1: [ 88.617303][ T8101] cache 0 [ 88.625280][ T8101] rss 0 [ 88.628043][ T8101] shmem 0 [ 88.630993][ T8101] mapped_file 0 [ 88.634455][ T8101] dirty 0 [ 88.637392][ T8101] writeback 0 [ 88.640702][ T8101] workingset_refault_anon 80 [ 88.645299][ T8101] workingset_refault_file 128 [ 88.650076][ T8101] swap 462848 [ 88.653386][ T8101] swapcached 0 [ 88.656814][ T8101] pgpgin 72894 [ 88.660269][ T8101] pgpgout 72894 [ 88.663752][ T8101] pgfault 106571 [ 88.667303][ T8101] pgmajfault 61 [ 88.670785][ T8101] inactive_anon 0 [ 88.674419][ T8101] active_anon 0 [ 88.677873][ T8101] inactive_file 0 [ 88.681523][ T8101] active_file 0 [ 88.685040][ T8101] unevictable 0 [ 88.689080][ T8101] hierarchical_memory_limit 314572800 [ 88.694530][ T8101] hierarchical_memsw_limit 9223372036854771712 [ 88.700875][ T8101] total_cache 0 [ 88.704502][ T8101] total_rss 0 [ 88.707860][ T8101] total_shmem 0 [ 88.711448][ T8101] total_mapped_file 0 [ 88.715440][ T8101] total_dirty 0 [ 88.718957][ T8101] total_writeback 0 [ 88.722773][ T8101] total_workingset_refault_anon 80 [ 88.728004][ T8101] total_workingset_refault_file 128 [ 88.733213][ T8101] total_swap 462848 [ 88.737020][ T8101] total_swapcached 0 [ 88.740935][ T8101] total_pgpgin 72894 [ 88.744948][ T8101] total_pgpgout 72894 [ 88.748932][ T8101] total_pgfault 106571 [ 88.752992][ T8101] total_pgmajfault 61 [ 88.756967][ T8101] total_inactive_anon 0 [ 88.761149][ T8101] total_active_anon 0 [ 88.765125][ T8101] total_inactive_file 0 [ 88.769436][ T8101] total_active_file 0 [ 88.773506][ T8101] total_unevictable 0 [ 88.777497][ T8101] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.1879,pid=8099,uid=0 [ 88.792134][ T8101] Memory cgroup out of memory: Killed process 8099 (syz.1.1879) total-vm:93756kB, anon-rss:940kB, file-rss:22180kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 88.860963][ T8147] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1891'. [ 88.880629][ T8150] IPVS: stopping master sync thread 8151 ... [ 88.885323][ T8151] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 88.918390][ T8147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.925983][ T8147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.935555][ T8147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.943191][ T8147] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.956349][ T8104] syz.1.1879 (8104) used greatest stack depth: 9224 bytes left [ 88.988742][ T8159] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 89.021235][ T8163] netlink: 'syz.0.1897': attribute type 1 has an invalid length. [ 89.054953][ T8163] 8021q: adding VLAN 0 to HW filter on device bond2 [ 89.132782][ T8171] loop7: detected capacity change from 0 to 2048 [ 89.179468][ T8171] loop7: p1 < > p4 [ 89.187199][ T8171] loop7: p4 size 8388608 extends beyond EOD, truncated [ 89.289637][ T8101] syz.1.1879 (8101) used greatest stack depth: 7160 bytes left [ 89.384925][ T8199] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1910'. [ 89.401162][ T8195] loop7: detected capacity change from 0 to 1024 [ 89.420238][ T8195] ext4 filesystem being mounted at /181/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.453931][ T51] EXT4-fs error (device loop7): ext4_map_blocks:816: inode #15: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 15) [ 89.486043][ T51] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 15 with error 117 [ 89.498668][ T51] EXT4-fs (loop7): This should not happen!! Data will be lost [ 89.498668][ T51] [ 89.514218][ T8211] netlink: 76 bytes leftover after parsing attributes in process `syz.8.1915'. [ 89.575180][ T8218] syzkaller0: entered promiscuous mode [ 89.580763][ T8218] syzkaller0: entered allmulticast mode [ 89.583482][ T8222] loop8: detected capacity change from 0 to 1024 [ 89.594838][ T8222] EXT4-fs: inline encryption not supported [ 89.601043][ T8222] EXT4-fs: Ignoring removed bh option [ 89.767972][ T8248] syzkaller1: entered promiscuous mode [ 89.773608][ T8248] syzkaller1: entered allmulticast mode [ 89.847217][ T8259] loop8: detected capacity change from 0 to 512 [ 89.861176][ T8259] ext4 filesystem being mounted at /190/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 89.884822][ T29] kauditd_printk_skb: 66 callbacks suppressed [ 89.884835][ T29] audit: type=1400 audit(1752358452.361:2044): avc: denied { setattr } for pid=8258 comm="syz.8.1937" name="/" dev="loop8" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 89.913604][ T8259] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #2: comm syz.8.1937: corrupted inode contents [ 89.928761][ T8259] EXT4-fs error (device loop8): ext4_dirty_inode:6459: inode #2: comm syz.8.1937: mark_inode_dirty error [ 89.940485][ T29] audit: type=1400 audit(1752358452.411:2045): avc: denied { read } for pid=8266 comm="syz.1.1940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 89.954793][ T8265] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1939'. [ 89.965768][ T8259] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #2: comm syz.8.1937: corrupted inode contents [ 89.973737][ T8265] netem: change failed [ 89.990168][ T8268] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #2: comm syz.8.1937: corrupted inode contents [ 90.009661][ T8268] EXT4-fs error (device loop8): ext4_dirty_inode:6459: inode #2: comm syz.8.1937: mark_inode_dirty error [ 90.021510][ T8268] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #2: comm syz.8.1937: corrupted inode contents [ 90.033722][ T8268] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #2: comm syz.8.1937: mark_inode_dirty error [ 90.046328][ T8268] EXT4-fs error (device loop8): ext4_do_update_inode:5568: inode #2: comm syz.8.1937: corrupted inode contents [ 90.061963][ T8268] EXT4-fs error (device loop8): ext4_dirty_inode:6459: inode #2: comm syz.8.1937: mark_inode_dirty error [ 90.106477][ T29] audit: type=1400 audit(1752358452.581:2046): avc: denied { view } for pid=8273 comm="syz.8.1943" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 90.163186][ T8281] loop0: detected capacity change from 0 to 1024 [ 90.171296][ T8281] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 90.182532][ T29] audit: type=1326 audit(1752358452.661:2047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8271 comm="syz.7.1942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7fc00000 [ 90.221906][ T8281] EXT4-fs error (device loop0): ext4_check_all_de:659: inode #12: block 7: comm syz.0.1946: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 90.241941][ T8281] EXT4-fs (loop0): Remounting filesystem read-only [ 90.281274][ T8292] loop0: detected capacity change from 0 to 128 [ 90.289946][ T8292] EXT4-fs: Ignoring removed oldalloc option [ 90.306953][ T8292] ext4 filesystem being mounted at /439/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.370283][ T29] audit: type=1400 audit(1752358452.851:2048): avc: denied { setopt } for pid=8307 comm="syz.2.1955" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 90.844749][ T29] audit: type=1326 audit(1752358453.321:2049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8271 comm="syz.7.1942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc46f3ae929 code=0x7fc00000 [ 90.868294][ T29] audit: type=1326 audit(1752358453.321:2050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8271 comm="syz.7.1942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7fc00000 [ 90.891755][ T29] audit: type=1326 audit(1752358453.321:2051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8271 comm="syz.7.1942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7fc00000 [ 90.915261][ T29] audit: type=1326 audit(1752358453.321:2052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8271 comm="syz.7.1942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7fc00000 [ 90.938821][ T29] audit: type=1326 audit(1752358453.321:2053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8271 comm="syz.7.1942" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7fc00000 [ 91.112915][ T8321] netlink: 'syz.7.1961': attribute type 1 has an invalid length. [ 91.120810][ T8321] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1961'. [ 91.541250][ T8352] capability: warning: `syz.0.1973' uses 32-bit capabilities (legacy support in use) [ 91.823148][ T8380] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8380 comm=syz.7.1987 [ 91.841245][ T8380] netlink: 'syz.7.1987': attribute type 1 has an invalid length. [ 91.867598][ T8380] bond2: (slave bridge1): making interface the new active one [ 91.876916][ T8380] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 91.958761][ T8390] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1988'. [ 91.961413][ T8386] syz.1.1990 (8386) used obsolete PPPIOCDETACH ioctl [ 91.981184][ T8383] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.1988'. [ 91.996262][ T8395] vlan2: entered allmulticast mode [ 92.117940][ T8415] atomic_op ffff88810f07b928 conn xmit_atomic 0000000000000000 [ 92.177793][ T8424] loop2: detected capacity change from 0 to 512 [ 92.201874][ T8424] ext4 filesystem being mounted at /394/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.236566][ T8420] SELinux: failed to load policy [ 92.484934][ T8456] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2018'. [ 92.494138][ T8456] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2018'. [ 92.594171][ T8460] SELinux: failed to load policy [ 92.670488][ T8472] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8472 comm=syz.2.2026 [ 92.721541][ T8478] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2029'. [ 92.737169][ T8478] hsr_slave_0 (unregistering): left promiscuous mode [ 92.815556][ T8484] loop2: detected capacity change from 0 to 1024 [ 92.822814][ T8484] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 92.843678][ T8484] EXT4-fs error (device loop2): ext4_check_all_de:659: inode #12: block 7: comm syz.2.2031: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 92.863577][ T8484] EXT4-fs (loop2): Remounting filesystem read-only [ 92.907033][ T8491] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2032'. [ 92.916145][ T8491] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2032'. [ 93.150854][ T8514] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.2042'. [ 93.340775][ T8518] IPv6: Can't replace route, no match found [ 93.358702][ T8511] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.2042'. [ 93.523713][ T8525] tipc: Started in network mode [ 93.528716][ T8525] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 93.535938][ T8525] tipc: Enabled bearer , priority 0 [ 93.824742][ T8544] loop8: detected capacity change from 0 to 128 [ 93.865012][ T8544] FAT-fs (loop8): error, invalid access to FAT (entry 0x0fff0000) [ 93.872965][ T8544] FAT-fs (loop8): Filesystem has been set read-only [ 93.928567][ T8544] FAT-fs (loop8): error, invalid access to FAT (entry 0x0fff0000) [ 94.303269][ T8565] sd 0:0:1:0: device reset [ 94.313769][ T8563] loop2: detected capacity change from 0 to 2048 [ 94.528626][ T3368] tipc: Node number set to 11578026 [ 94.534491][ T8581] usb usb8: usbfs: process 8581 (syz.8.2074) did not claim interface 0 before use [ 94.663654][ T8590] loop7: detected capacity change from 0 to 512 [ 94.697440][ T8590] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 94.771683][ T8590] EXT4-fs (loop7): 1 truncate cleaned up [ 94.839761][ T8601] netlink: 'syz.8.2081': attribute type 10 has an invalid length. [ 94.867048][ T8601] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 95.102692][ T291] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 95.148528][ T291] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 95.161047][ T291] EXT4-fs (loop2): This should not happen!! Data will be lost [ 95.161047][ T291] [ 95.170954][ T291] EXT4-fs (loop2): Total free blocks count 0 [ 95.176977][ T291] EXT4-fs (loop2): Free/Dirty block details [ 95.182923][ T291] EXT4-fs (loop2): free_blocks=2415919504 [ 95.188690][ T291] EXT4-fs (loop2): dirty_blocks=16400 [ 95.194083][ T291] EXT4-fs (loop2): Block reservation details [ 95.200168][ T291] EXT4-fs (loop2): i_reserved_data_blocks=1025 [ 95.264974][ T291] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 95.278016][ T291] EXT4-fs (loop2): This should not happen!! Data will be lost [ 95.278016][ T291] [ 95.350401][ T8629] netlink: 'syz.1.2095': attribute type 10 has an invalid length. [ 95.378681][ T29] kauditd_printk_skb: 1498 callbacks suppressed [ 95.378698][ T29] audit: type=1400 audit(1752358457.851:3552): avc: denied { create } for pid=8627 comm="syz.7.2093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 95.383323][ T8631] pim6reg: entered allmulticast mode [ 95.606764][ T29] audit: type=1326 audit(1752358458.081:3553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.668466][ T29] audit: type=1326 audit(1752358458.081:3554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.692109][ T29] audit: type=1326 audit(1752358458.081:3555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.715583][ T29] audit: type=1326 audit(1752358458.081:3556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.739140][ T29] audit: type=1326 audit(1752358458.081:3557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.762642][ T29] audit: type=1326 audit(1752358458.081:3558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.786179][ T29] audit: type=1326 audit(1752358458.081:3559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.809730][ T29] audit: type=1326 audit(1752358458.081:3560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 95.833204][ T29] audit: type=1326 audit(1752358458.081:3561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8646 comm="syz.7.2101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc46f3ae929 code=0x7ffc0000 [ 96.136381][ T8672] __nla_validate_parse: 2 callbacks suppressed [ 96.136399][ T8672] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2109'. [ 96.176284][ T8670] hsr_slave_0 (unregistering): left promiscuous mode [ 96.511773][ T8693] netlink: 'syz.2.2120': attribute type 10 has an invalid length. [ 96.561433][ T8693] bridge0: port 3(dummy0) entered disabled state [ 96.586338][ T8693] dummy0: left allmulticast mode [ 96.601729][ T8693] dummy0: left promiscuous mode [ 96.606811][ T8693] bridge0: port 3(dummy0) entered disabled state [ 96.812089][ T8710] openvswitch: netlink: Message has 6 unknown bytes. [ 96.974055][ T8726] netlink: 'wޣ': attribute type 13 has an invalid length. [ 97.056447][ T8726] 8021q: adding VLAN 0 to HW filter on device  [ 97.064980][ T8726] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.076708][ T8726] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 97.115623][ T8732] loop0: detected capacity change from 0 to 2048 [ 97.148962][ T8734] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 97.194639][ T8732] EXT4-fs (loop0): shut down requested (0) [ 97.205628][ T8732] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 97.233368][ T8732] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 97.250511][ T8732] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop0 ino=12 [ 97.628405][ T8763] pim6reg: entered allmulticast mode [ 98.102591][ T8775] loop0: detected capacity change from 0 to 1024 [ 98.135582][ T8779] netlink: 48 bytes leftover after parsing attributes in process `syz.7.2159'. [ 98.222189][ T8787] sd 0:0:1:0: device reset [ 98.297482][ T8789] loop7: detected capacity change from 0 to 4096 [ 98.345581][ T8795] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2165'. [ 98.413731][ T8795] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.475002][ T8795] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.509319][ T8795] bond0 (unregistering): Released all slaves [ 98.757564][ T8811] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.923232][ T8811] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.946402][ T8823] loop0: detected capacity change from 0 to 1024 [ 99.062285][ T8811] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.153709][ T8811] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.210249][ T8830] netlink: 'wޣ': attribute type 13 has an invalid length. [ 99.282200][ T8830] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.315802][ T8811] netdevsim netdevsim8 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.341389][ T8811] netdevsim netdevsim8 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.369312][ T8811] netdevsim netdevsim8 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.395399][ T8811] netdevsim netdevsim8 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.481747][ T8823] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 18: block 433:freeing already freed block (bit 27); block bitmap corrupt. [ 99.691439][ T8873] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2198'. [ 99.732972][ T8877] netlink: 'syz.0.2200': attribute type 3 has an invalid length. [ 99.865514][ T8893] loop1: detected capacity change from 0 to 1024 [ 99.898950][ T8893] ext4 filesystem being mounted at /481/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.086221][ T3319] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 100.108491][ T3319] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 100.120963][ T3319] EXT4-fs (loop1): This should not happen!! Data will be lost [ 100.120963][ T3319] [ 100.130805][ T3319] EXT4-fs (loop1): Total free blocks count 0 [ 100.136961][ T3319] EXT4-fs (loop1): Free/Dirty block details [ 100.143147][ T3319] EXT4-fs (loop1): free_blocks=4293918720 [ 100.148936][ T3319] EXT4-fs (loop1): dirty_blocks=16 [ 100.154145][ T3319] EXT4-fs (loop1): Block reservation details [ 100.160317][ T3319] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 100.179782][ T8925] netlink: 14 bytes leftover after parsing attributes in process `syz.7.2219'. [ 100.218983][ T8925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.239378][ T3310] EXT4-fs unmount: 34 callbacks suppressed [ 100.239397][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.255070][ T8925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 100.273895][ T8925] bond0 (unregistering): Released all slaves [ 100.302594][ T8933] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 100.302594][ T8933] program syz.2.2221 not setting count and/or reply_len properly [ 100.443620][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 100.443639][ T29] audit: type=1400 audit(1752358462.921:3618): avc: denied { write } for pid=8947 comm="syz.0.2228" lport=48078 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 100.478821][ T29] audit: type=1400 audit(1752358462.921:3619): avc: denied { setopt } for pid=8947 comm="syz.0.2228" lport=48078 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 100.760869][ T8962] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8962 comm=syz.2.2235 [ 100.875802][ T8966] loop0: detected capacity change from 0 to 2048 [ 100.883066][ T8966] ext4: Unknown parameter 'dont_appraise' [ 101.281718][ T29] audit: type=1400 audit(1752358463.761:3620): avc: denied { read } for pid=8972 comm="syz.0.2239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 101.442283][ T29] audit: type=1107 audit(1752358463.921:3621): pid=8988 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 101.576358][ T9008] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 101.666184][ T29] audit: type=1326 audit(1752358464.141:3622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.2.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 101.731002][ T29] audit: type=1326 audit(1752358464.141:3623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.2.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 101.754540][ T29] audit: type=1326 audit(1752358464.141:3624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.2.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 101.778095][ T29] audit: type=1326 audit(1752358464.141:3625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.2.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 101.801666][ T29] audit: type=1326 audit(1752358464.201:3626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9015 comm="syz.2.2260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 101.825583][ T9024] syz.0.2263: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 101.840254][ T9024] CPU: 1 UID: 0 PID: 9024 Comm: syz.0.2263 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(voluntary) [ 101.840285][ T9024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 101.840300][ T9024] Call Trace: [ 101.840308][ T9024] [ 101.840385][ T9024] __dump_stack+0x1d/0x30 [ 101.840409][ T9024] dump_stack_lvl+0xe8/0x140 [ 101.840431][ T9024] dump_stack+0x15/0x1b [ 101.840513][ T9024] warn_alloc+0x12b/0x1a0 [ 101.840548][ T9024] __vmalloc_node_range_noprof+0x9c/0xe00 [ 101.840578][ T9024] ? __futex_wait+0x1ff/0x260 [ 101.840687][ T9024] ? __pfx_futex_wake_mark+0x10/0x10 [ 101.840764][ T9024] ? __rcu_read_unlock+0x4f/0x70 [ 101.840784][ T9024] ? avc_has_perm_noaudit+0x1b1/0x200 [ 101.840815][ T9024] ? should_fail_ex+0x30/0x280 [ 101.840921][ T9024] ? xskq_create+0x36/0xe0 [ 101.840970][ T9024] vmalloc_user_noprof+0x7d/0xb0 [ 101.841071][ T9024] ? xskq_create+0x80/0xe0 [ 101.841098][ T9024] xskq_create+0x80/0xe0 [ 101.841125][ T9024] xsk_init_queue+0x95/0xf0 [ 101.841148][ T9024] xsk_setsockopt+0x35c/0x510 [ 101.841168][ T9024] ? __pfx_xsk_setsockopt+0x10/0x10 [ 101.841246][ T9024] __sys_setsockopt+0x184/0x200 [ 101.841287][ T9024] __x64_sys_setsockopt+0x64/0x80 [ 101.841393][ T9024] x64_sys_call+0x2bd5/0x2fb0 [ 101.841420][ T9024] do_syscall_64+0xd2/0x200 [ 101.841438][ T9024] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 101.841461][ T9024] ? clear_bhb_loop+0x40/0x90 [ 101.841480][ T9024] ? clear_bhb_loop+0x40/0x90 [ 101.841535][ T9024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.841555][ T9024] RIP: 0033:0x7ff01e10e929 [ 101.841571][ T9024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.841594][ T9024] RSP: 002b:00007ff01c777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 101.841616][ T9024] RAX: ffffffffffffffda RBX: 00007ff01e335fa0 RCX: 00007ff01e10e929 [ 101.841648][ T9024] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 101.841663][ T9024] RBP: 00007ff01e190b39 R08: 0000000000000004 R09: 0000000000000000 [ 101.841676][ T9024] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 101.841765][ T9024] R13: 0000000000000000 R14: 00007ff01e335fa0 R15: 00007fff2f845c08 [ 101.841814][ T9024] [ 101.841822][ T9024] Mem-Info: [ 101.872303][ T9022] loop7: detected capacity change from 0 to 4096 [ 101.875094][ T9024] active_anon:34692 inactive_anon:8 isolated_anon:0 [ 101.875094][ T9024] active_file:23416 inactive_file:2441 isolated_file:0 [ 101.875094][ T9024] unevictable:0 dirty:287 writeback:0 [ 101.875094][ T9024] slab_reclaimable:3230 slab_unreclaimable:41920 [ 101.875094][ T9024] mapped:38334 shmem:30746 pagetables:1291 [ 101.875094][ T9024] sec_pagetables:0 bounce:0 [ 101.875094][ T9024] kernel_misc_reclaimable:0 [ 101.875094][ T9024] free:1816723 free_pcp:14028 free_cma:0 [ 102.051624][ T9022] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.057387][ T9024] Node 0 active_anon:132040kB inactive_anon:32kB active_file:93664kB inactive_file:9764kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:153568kB dirty:1148kB writeback:0kB shmem:116256kB writeback_tmp:0kB kernel_stack:3472kB pagetables:5280kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 102.164998][ T9024] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 102.193648][ T9024] lowmem_reserve[]: 0 2882 7860 7860 [ 102.199048][ T9024] Node 0 DMA32 free:2947728kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2951356kB mlocked:0kB bounce:0kB free_pcp:3628kB local_pcp:3528kB free_cma:0kB [ 102.229432][ T9024] lowmem_reserve[]: 0 0 4978 4978 [ 102.234517][ T9024] Node 0 Normal free:4340888kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:104780kB inactive_anon:32kB active_file:93664kB inactive_file:9764kB unevictable:0kB writepending:1148kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:48664kB local_pcp:46564kB free_cma:0kB [ 102.266780][ T9024] lowmem_reserve[]: 0 0 0 0 [ 102.271400][ T9024] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 102.284318][ T9024] Node 0 DMA32: 2*4kB (M) 1*8kB (M) 4*16kB (M) 2*32kB (M) 4*64kB (M) 4*128kB (M) 3*256kB (M) 4*512kB (M) 3*1024kB (M) 2*2048kB (M) 717*4096kB (M) = 2947728kB [ 102.300499][ T9024] Node 0 Normal: 1443*4kB (UM) 981*8kB (UME) 786*16kB (UME) 390*32kB (UME) 228*64kB (UME) 93*128kB (UM) 92*256kB (UME) 53*512kB (UM) 40*1024kB (UME) 31*2048kB (UM) 1006*4096kB (UM) = 4340884kB [ 102.319991][ T9024] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 102.329326][ T9024] 46450 total pagecache pages [ 102.334036][ T9024] 8 pages in swap cache [ 102.338292][ T9024] Free swap = 124596kB [ 102.342503][ T9024] Total swap = 124996kB [ 102.346672][ T9024] 2097051 pages RAM [ 102.350526][ T9024] 0 pages HighMem/MovableOnly [ 102.355216][ T9024] 80812 pages reserved [ 102.495429][ T36] kernel write not supported for file /1110/attr/exec (pid: 36 comm: kworker/1:1) [ 102.562873][ T9043] rdma_op ffff88810f152980 conn xmit_rdma 0000000000000000 [ 102.599376][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.861398][ T9056] 9pnet_fd: Insufficient options for proto=fd [ 103.106462][ T9086] netlink: 'syz.7.2291': attribute type 83 has an invalid length. [ 103.129735][ T9088] syzkaller1: entered promiscuous mode [ 103.135279][ T9088] syzkaller1: entered allmulticast mode [ 103.198340][ T29] audit: type=1326 audit(1752358465.671:3627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9097 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 103.262092][ T9100] loop8: detected capacity change from 0 to 512 [ 103.300581][ T9100] EXT4-fs error (device loop8): ext4_iget_extra_inode:5035: inode #15: comm syz.8.2298: corrupted in-inode xattr: invalid ea_ino [ 103.328966][ T9100] EXT4-fs error (device loop8): ext4_orphan_get:1398: comm syz.8.2298: couldn't read orphan inode 15 (err -117) [ 103.354945][ T9100] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.389357][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.438975][ T9114] vhci_hcd: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 103.481613][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2307'. [ 103.628972][ T9151] netlink: 16402 bytes leftover after parsing attributes in process `syz.8.2316'. [ 103.659857][ T9138] netlink: 16402 bytes leftover after parsing attributes in process `syz.8.2316'. [ 103.885168][ T9187] loop7: detected capacity change from 0 to 512 [ 103.898014][ T9184] loop0: detected capacity change from 0 to 1024 [ 103.905044][ T9187] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 103.908856][ T9186] loop8: detected capacity change from 0 to 1024 [ 103.922100][ T9187] EXT4-fs (loop7): 1 truncate cleaned up [ 103.928193][ T9187] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.950251][ T9184] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.962889][ T9180] loop1: detected capacity change from 0 to 8192 [ 103.973332][ T9184] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.2337: Allocating blocks 497-513 which overlap fs metadata [ 103.973581][ T9186] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.990170][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.018065][ T9184] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 3 with error 117 [ 104.018425][ T9180] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 104.030567][ T9184] EXT4-fs (loop0): This should not happen!! Data will be lost [ 104.030567][ T9184] [ 104.065546][ T9196] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2341'. [ 104.076784][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.087393][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.209914][ T9210] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 104.346811][ T9233] SELinux: Context system_u:object_r:selinux_config_t:s0 is not valid (left unmapped). [ 104.404356][ T9242] SELinux: failed to load policy [ 104.440021][ T9238] loop7: detected capacity change from 0 to 8192 [ 104.455886][ T9238] syz.7.2357: attempt to access beyond end of device [ 104.455886][ T9238] loop7: rw=0, sector=57847, nr_sectors = 1 limit=8192 [ 104.470727][ T9238] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 104.478595][ T9238] FAT-fs (loop7): Filesystem has been set read-only [ 104.481740][ T9202] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2342'. [ 104.486145][ T9238] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 104.506774][ T9238] FAT-fs (loop7): error, invalid access to FAT (entry 0x0000e1b1) [ 104.506952][ T9249] pimreg: entered allmulticast mode [ 104.546539][ T9249] pimreg: left allmulticast mode [ 104.587883][ T9257] loop0: detected capacity change from 0 to 512 [ 104.595877][ T9257] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 104.614585][ T9257] EXT4-fs (loop0): 1 truncate cleaned up [ 104.620844][ T9260] openvswitch: netlink: Message has 6 unknown bytes. [ 104.638211][ T9257] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.683737][ T3303] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.709155][ T3392] IPVS: starting estimator thread 0... [ 104.754454][ T9281] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2377'. [ 104.768620][ T9281] gretap0: entered promiscuous mode [ 104.783161][ T9283] xt_CT: No such helper "pptp" [ 104.799982][ T9271] IPVS: using max 1872 ests per chain, 93600 per kthread [ 104.835898][ T9281] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2377'. [ 104.849264][ T9281] 0{X: renamed from gretap0 [ 104.864987][ T9281] 0{X: left promiscuous mode [ 104.870114][ T9281] 0{X: entered allmulticast mode [ 104.896402][ T9281] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 104.935874][ T5476] bridge0: port 3(syz_tun) entered disabled state [ 104.950311][ T5476] syz_tun (unregistering): left allmulticast mode [ 104.956882][ T5476] syz_tun (unregistering): left promiscuous mode [ 104.963516][ T5476] bridge0: port 3(syz_tun) entered disabled state [ 105.006604][ T9297] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2386'. [ 105.102331][ T9306] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2388'. [ 105.123177][ T9306] netdevsim netdevsim8 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.131578][ T9306] netdevsim netdevsim8 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.139973][ T9306] netdevsim netdevsim8 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.148364][ T9306] netdevsim netdevsim8 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.158780][ T9306] vxlan0: entered promiscuous mode [ 105.220260][ T9316] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2394'. [ 105.375495][ T9334] loop2: detected capacity change from 0 to 2048 [ 105.390507][ T9309] chnl_net:caif_netlink_parms(): no params data found [ 105.406831][ T9329] netlink: 'syz.1.2398': attribute type 4 has an invalid length. [ 105.440896][ T9309] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.448027][ T9309] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.456865][ T9309] bridge_slave_0: entered allmulticast mode [ 105.463898][ T9309] bridge_slave_0: entered promiscuous mode [ 105.471990][ T9309] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.479163][ T9309] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.486672][ T9309] bridge_slave_1: entered allmulticast mode [ 105.495025][ T9309] bridge_slave_1: entered promiscuous mode [ 105.535162][ T9309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.550002][ T9309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.563485][ T9342] loop7: detected capacity change from 0 to 164 [ 105.571025][ T9342] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 105.582826][ T9342] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 105.591702][ T9342] Symlink component flag not implemented [ 105.593754][ T9309] team0: Port device team_slave_0 added [ 105.597368][ T9342] Symlink component flag not implemented [ 105.604485][ T9309] team0: Port device team_slave_1 added [ 105.614415][ T9342] Symlink component flag not implemented (7) [ 105.620483][ T9342] Symlink component flag not implemented (116) [ 105.638660][ T9309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.645641][ T9309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.671675][ T9309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.687422][ T9309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 105.694471][ T9309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.720607][ T9309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.747998][ T9309] hsr_slave_0: entered promiscuous mode [ 105.754404][ T9309] hsr_slave_1: entered promiscuous mode [ 105.761963][ T9309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.769688][ T9309] Cannot create hsr debugfs directory [ 105.852442][ T9309] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 105.862975][ T9309] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 105.873465][ T9309] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 105.883331][ T29] kauditd_printk_skb: 93 callbacks suppressed [ 105.883348][ T29] audit: type=1400 audit(1752358468.361:3721): avc: denied { bind } for pid=9356 comm="syz.1.2408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 105.890416][ T9309] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 105.925104][ T29] audit: type=1400 audit(1752358468.391:3722): avc: denied { listen } for pid=9356 comm="syz.1.2408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 106.000270][ T9309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.016499][ T9309] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.029890][ T3319] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.037201][ T3319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.052429][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.059585][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.223335][ T29] audit: type=1326 audit(1752358468.701:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.272777][ T9388] loop8: detected capacity change from 0 to 512 [ 106.276136][ T29] audit: type=1326 audit(1752358468.731:3724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.280322][ T9309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.302810][ T29] audit: type=1326 audit(1752358468.731:3725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.302846][ T29] audit: type=1326 audit(1752358468.731:3726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.302883][ T29] audit: type=1326 audit(1752358468.731:3727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.302967][ T29] audit: type=1326 audit(1752358468.731:3728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.302998][ T29] audit: type=1326 audit(1752358468.731:3729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9384 comm="syz.2.2415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.432760][ T9391] loop2: detected capacity change from 0 to 512 [ 106.445141][ T9391] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 106.446110][ T9388] EXT4-fs error (device loop8): ext4_validate_block_bitmap:432: comm syz.8.2416: bg 0: block 5: invalid block bitmap [ 106.496952][ T9391] EXT4-fs (loop2): 1 truncate cleaned up [ 106.503123][ T9391] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.514184][ T9388] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 106.531546][ T29] audit: type=1326 audit(1752358469.001:3730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9389 comm="syz.2.2417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 106.556014][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.558514][ T9388] EXT4-fs error (device loop8): ext4_free_branches:1023: inode #11: comm syz.8.2416: invalid indirect mapped block 3 (level 2) [ 106.586987][ T9388] EXT4-fs (loop8): 2 truncates cleaned up [ 106.596084][ T9388] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.662019][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.725691][ T9309] veth0_vlan: entered promiscuous mode [ 106.735112][ T9309] veth1_vlan: entered promiscuous mode [ 106.764208][ T9407] SELinux: failed to load policy [ 106.775209][ T9309] veth0_macvtap: entered promiscuous mode [ 106.801179][ T9309] veth1_macvtap: entered promiscuous mode [ 106.847528][ T9309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.882737][ T9309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.894213][ T9309] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.903110][ T9309] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.911924][ T9309] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.920670][ T9309] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.345906][ T9496] loop9: detected capacity change from 0 to 1024 [ 107.355654][ T9494] netlink: 'syz.8.2443': attribute type 1 has an invalid length. [ 107.373424][ T9496] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.387640][ T9496] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.417210][ T31] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 107.435136][ T9504] loop8: detected capacity change from 0 to 1024 [ 107.443190][ T31] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 107.455652][ T31] EXT4-fs (loop9): This should not happen!! Data will be lost [ 107.455652][ T31] [ 107.465449][ T31] EXT4-fs (loop9): Total free blocks count 0 [ 107.471535][ T31] EXT4-fs (loop9): Free/Dirty block details [ 107.477478][ T31] EXT4-fs (loop9): free_blocks=4293918720 [ 107.483252][ T31] EXT4-fs (loop9): dirty_blocks=16 [ 107.488386][ T31] EXT4-fs (loop9): Block reservation details [ 107.494651][ T31] EXT4-fs (loop9): i_reserved_data_blocks=1 [ 107.502044][ T9309] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.514603][ T9504] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.548674][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.591634][ T9524] netlink: 'syz.8.2446': attribute type 13 has an invalid length. [ 107.610132][ T9524] gretap0: refused to change device tx_queue_len [ 107.616550][ T9524] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 107.701185][ T9535] SELinux: unknown common [ 107.706073][ T9535] SELinux: failed to load policy [ 107.711774][ T9533] loop9: detected capacity change from 0 to 4096 [ 107.721975][ T9533] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.758088][ T9542] SELinux: policydb version 0 does not match my version range 15-34 [ 107.766414][ T9542] SELinux: failed to load policy [ 107.788176][ T9309] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.243217][ T9594] loop7: detected capacity change from 0 to 164 [ 108.252081][ T9594] syz.7.2469: attempt to access beyond end of device [ 108.252081][ T9594] loop7: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 108.266540][ T9594] syz.7.2469: attempt to access beyond end of device [ 108.266540][ T9594] loop7: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 108.303171][ T9598] team_slave_0: entered promiscuous mode [ 108.308917][ T9598] team_slave_1: entered promiscuous mode [ 108.315839][ T9598] team_slave_0: left promiscuous mode [ 108.321402][ T9598] team_slave_1: left promiscuous mode [ 108.433788][ T9611] loop7: detected capacity change from 0 to 512 [ 108.442701][ T9611] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm syz.7.2477: bg 0: block 5: invalid block bitmap [ 108.456546][ T9611] EXT4-fs error (device loop7) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 108.466145][ T9611] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.2477: invalid indirect mapped block 3 (level 2) [ 108.480962][ T9611] EXT4-fs (loop7): 2 truncates cleaned up [ 108.487381][ T9611] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.514565][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.778020][ T9652] loop1: detected capacity change from 0 to 4096 [ 108.787325][ T9652] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.895582][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.925988][ T9670] loop1: detected capacity change from 0 to 1024 [ 108.942926][ T9670] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.990542][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.049869][ T9686] loop2: detected capacity change from 0 to 164 [ 109.061299][ T9686] syz.2.2509: attempt to access beyond end of device [ 109.061299][ T9686] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 109.075501][ T9686] syz.2.2509: attempt to access beyond end of device [ 109.075501][ T9686] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 109.130822][ T9693] loop8: detected capacity change from 0 to 1024 [ 109.151134][ T9693] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.182696][ T9693] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.2513: Allocating blocks 497-513 which overlap fs metadata [ 109.199805][ T9693] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 3 with error 117 [ 109.212286][ T9693] EXT4-fs (loop8): This should not happen!! Data will be lost [ 109.212286][ T9693] [ 109.226698][ T9699] loop2: detected capacity change from 0 to 512 [ 109.237318][ T9699] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.2524: bg 0: block 5: invalid block bitmap [ 109.263018][ T9699] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 109.273403][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.283476][ T9699] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.2524: invalid indirect mapped block 3 (level 2) [ 109.297482][ T9699] EXT4-fs (loop2): 2 truncates cleaned up [ 109.305340][ T9699] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.343336][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.359039][ T9704] __nla_validate_parse: 9 callbacks suppressed [ 109.359058][ T9704] netlink: 664 bytes leftover after parsing attributes in process `syz.7.2517'. [ 109.375088][ T9706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'. [ 109.391646][ T9706] bridge0: port 3(macvlan0) entered blocking state [ 109.398247][ T9706] bridge0: port 3(macvlan0) entered disabled state [ 109.417990][ T9706] macvlan0: entered allmulticast mode [ 109.423540][ T9706] bridge0: entered allmulticast mode [ 109.435623][ T9706] macvlan0: left allmulticast mode [ 109.440937][ T9706] bridge0: left allmulticast mode [ 109.585440][ T9736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2526'. [ 109.705662][ T9761] loop7: detected capacity change from 0 to 1024 [ 109.730014][ T9761] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.743008][ T9761] ext4 filesystem being mounted at /332/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.779447][ T9772] ref_ctr_offset mismatch. inode: 0xa2d offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300001118 [ 109.795879][ T9761] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 109.812587][ T9761] EXT4-fs (loop7): Remounting filesystem read-only [ 109.820301][ T54] EXT4-fs warning (device loop7): ext4_convert_unwritten_extents:4940: inode #15: block 1: len 3: ext4_ext_map_blocks returned -30 [ 109.865714][ T9780] loop9: detected capacity change from 0 to 256 [ 109.872926][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.894094][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.901583][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.919858][ T9785] loop8: detected capacity change from 0 to 128 [ 109.926233][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.933798][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.941297][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.948829][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.956303][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.963821][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.971428][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.978903][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.986311][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 109.993759][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.002303][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.009766][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.017180][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.024746][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.032227][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.039952][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.047662][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.055171][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.062624][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.070110][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.077556][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.085052][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.092520][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.099965][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.107455][ T3368] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 110.118521][ T3368] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 110.244692][ T9816] netlink: 'syz.7.2554': attribute type 1 has an invalid length. [ 110.378891][ T9830] syzkaller0: entered promiscuous mode [ 110.384422][ T9830] syzkaller0: entered allmulticast mode [ 110.431647][ T9836] netlink: 8 bytes leftover after parsing attributes in process `gtp'. [ 110.440093][ T9836] netlink: 8 bytes leftover after parsing attributes in process `gtp'. [ 110.735735][ T9863] openvswitch: netlink: Message has 6 unknown bytes. [ 110.866605][ T9872] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 110.879290][ T9876] loop7: detected capacity change from 0 to 164 [ 111.028806][ T9890] SELinux: failed to load policy [ 111.235573][ T29] kauditd_printk_skb: 89 callbacks suppressed [ 111.235590][ T29] audit: type=1400 audit(1752358473.711:3820): avc: denied { create } for pid=9926 comm="syz.8.2598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.281963][ T29] audit: type=1400 audit(1752358473.761:3821): avc: denied { read } for pid=9926 comm="syz.8.2598" path="socket:[26237]" dev="sockfs" ino=26237 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.425591][ T9943] netlink: 96 bytes leftover after parsing attributes in process `syz.9.2605'. [ 111.434832][ T9945] netlink: 240 bytes leftover after parsing attributes in process `syz.8.2598'. [ 111.444384][ T29] audit: type=1400 audit(1752358473.921:3822): avc: denied { write } for pid=9926 comm="syz.8.2598" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 111.496162][ T29] audit: type=1326 audit(1752358473.971:3823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.540941][ T29] audit: type=1326 audit(1752358474.001:3824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.564623][ T29] audit: type=1326 audit(1752358474.001:3825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.588350][ T29] audit: type=1326 audit(1752358474.001:3826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.612452][ T29] audit: type=1326 audit(1752358474.001:3827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.636491][ T29] audit: type=1326 audit(1752358474.001:3828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.660324][ T29] audit: type=1326 audit(1752358474.001:3829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9948 comm="syz.9.2606" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 111.743578][ T9966] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 112.101446][ T9992] vlan0: entered allmulticast mode [ 112.120237][ T9993] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2613'. [ 112.187118][ T9996] SELinux: policydb magic number 0x6d656d6b does not match expected magic number 0xf97cff8c [ 112.211652][ T9996] SELinux: failed to load policy [ 112.299874][T10002] rdma_op ffff888115350980 conn xmit_rdma 0000000000000000 [ 112.397690][T10010] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.407645][T10010] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.522832][T10010] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.532788][T10010] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.610191][T10010] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.620023][T10010] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.680533][T10010] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 112.690519][T10010] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.748845][T10010] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.757164][T10010] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.769030][T10010] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.777564][T10010] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.825400][T10010] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.833824][T10010] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.876801][T10010] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 112.885266][T10010] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.048916][T10069] syzkaller0: entered promiscuous mode [ 113.054438][T10069] syzkaller0: entered allmulticast mode [ 113.066995][T10068] loop9: detected capacity change from 0 to 2048 [ 113.111101][T10076] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2655'. [ 113.132081][T10068] loop9: p1 < > p4 [ 113.160921][T10068] loop9: p4 size 8388608 extends beyond EOD, truncated [ 113.259942][T10092] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.311565][T10092] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.373246][T10102] loop2: detected capacity change from 0 to 2048 [ 113.389466][T10092] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.389613][T10102] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.441045][T10102] EXT4-fs error (device loop2): ext4_read_inline_dir:1502: inode #12: block 9: comm syz.2.2667: path /513/file1/file0: bad entry in directory: rec_len % 4 != 0 - offset=24, inode=13, rec_len=21, size=80 fake=0 [ 113.471469][T10092] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.503215][T10102] EXT4-fs (loop2): Remounting filesystem read-only [ 113.536469][T10092] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.549934][T10092] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.561835][T10092] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.574726][T10092] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.647926][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.673121][T10121] tipc: Started in network mode [ 113.678057][T10121] tipc: Node identity 4, cluster identity 4711 [ 113.684322][T10121] tipc: Node number set to 4 [ 114.708598][T10175] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340 [ 114.762848][T10182] loop1: detected capacity change from 0 to 512 [ 114.770858][T10182] EXT4-fs: Ignoring removed nomblk_io_submit option [ 114.785466][T10182] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 114.849318][T10182] EXT4-fs (loop1): 1 truncate cleaned up [ 114.855677][T10182] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.896550][T10185] netlink: 'syz.2.2698': attribute type 10 has an invalid length. [ 114.943921][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.018389][T10196] loop1: detected capacity change from 0 to 2048 [ 115.069322][T10196] loop1: p1 < > p4 [ 115.074124][T10196] loop1: p4 size 8388608 extends beyond EOD, truncated [ 115.266740][T10219] __nla_validate_parse: 5 callbacks suppressed [ 115.266757][T10219] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2716'. [ 115.294564][T10221] x_tables: unsorted underflow at hook 2 [ 115.319221][ T3392] kernel write not supported for file /1135/loginuid (pid: 3392 comm: kworker/1:4) [ 115.373958][T10235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'. [ 115.456455][T10243] loop8: detected capacity change from 0 to 512 [ 115.485196][T10243] EXT4-fs: Ignoring removed nomblk_io_submit option [ 115.502101][T10243] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 115.517928][T10243] EXT4-fs (loop8): 1 truncate cleaned up [ 115.524305][T10243] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.565583][T10251] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.572856][T10255] loop2: detected capacity change from 0 to 512 [ 115.583081][T10255] EXT4-fs: Ignoring removed oldalloc option [ 115.589415][T10255] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 115.608233][T10255] EXT4-fs (loop2): 1 truncate cleaned up [ 115.617940][T10255] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.670452][T10251] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.687980][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.721865][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.747342][T10278] loop8: detected capacity change from 0 to 1024 [ 115.754378][T10278] EXT4-fs: Ignoring removed nobh option [ 115.779910][T10251] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.801109][T10278] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 115.831138][T10280] loop1: detected capacity change from 0 to 8192 [ 115.848287][T10280] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 115.876215][T10251] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.892904][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.945423][T10251] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.957957][T10251] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.972589][T10251] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.985365][T10251] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.177980][T10323] netlink: 'syz.8.2760': attribute type 1 has an invalid length. [ 116.247387][T10330] loop8: detected capacity change from 0 to 1024 [ 116.261122][T10330] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.281045][T10330] EXT4-fs error (device loop8): mb_free_blocks:1948: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 116.312291][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.395639][ T29] kauditd_printk_skb: 109 callbacks suppressed [ 116.395654][ T29] audit: type=1400 audit(1752358478.871:3939): avc: denied { watch watch_reads } for pid=10339 comm="syz.7.2767" path="/syzcgroup/cpu/syz7/cgroup.procs" dev="cgroup" ino=396 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 116.468360][ T29] audit: type=1400 audit(1752358478.941:3940): avc: denied { create } for pid=10347 comm="syz.7.2771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 116.491203][ T29] audit: type=1400 audit(1752358478.971:3941): avc: denied { bind } for pid=10347 comm="syz.7.2771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 116.511225][ T29] audit: type=1400 audit(1752358478.971:3942): avc: denied { connect } for pid=10347 comm="syz.7.2771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 116.531542][ T29] audit: type=1400 audit(1752358478.971:3943): avc: denied { write } for pid=10347 comm="syz.7.2771" path="socket:[28264]" dev="sockfs" ino=28264 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 116.764320][ T29] audit: type=1326 audit(1752358479.241:3944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10371 comm="syz.1.2781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 116.788150][ T29] audit: type=1326 audit(1752358479.241:3945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10371 comm="syz.1.2781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 116.865138][ T29] audit: type=1326 audit(1752358479.261:3946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10371 comm="syz.1.2781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 116.888708][ T29] audit: type=1326 audit(1752358479.261:3947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10371 comm="syz.1.2781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 116.912242][ T29] audit: type=1326 audit(1752358479.261:3948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10371 comm="syz.1.2781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 116.923419][T10370] SELinux: failed to load policy [ 116.981297][T10378] loop7: detected capacity change from 0 to 512 [ 116.990437][T10378] EXT4-fs: Ignoring removed nomblk_io_submit option [ 116.997369][T10378] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 117.045841][T10378] EXT4-fs (loop7): 1 truncate cleaned up [ 117.053502][T10378] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.186293][T10399] IPVS: stopping master sync thread 10400 ... [ 117.194048][T10400] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 117.222602][ T5635] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.242975][T10406] netlink: 'syz.2.2797': attribute type 10 has an invalid length. [ 117.250884][T10406] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2797'. [ 117.275887][T10406] dummy0: entered promiscuous mode [ 117.286387][T10413] netlink: 'syz.8.2801': attribute type 10 has an invalid length. [ 117.296038][T10406] bridge0: port 3(dummy0) entered blocking state [ 117.302677][T10406] bridge0: port 3(dummy0) entered disabled state [ 117.311084][T10406] dummy0: entered allmulticast mode [ 117.329473][T10406] bridge0: port 3(dummy0) entered blocking state [ 117.335906][T10406] bridge0: port 3(dummy0) entered forwarding state [ 117.382351][T10413] team0 (unregistering): Port device team_slave_0 removed [ 117.396110][T10413] team0 (unregistering): Port device team_slave_1 removed [ 117.453927][T10431] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.527492][T10431] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.554365][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2811'. [ 117.563379][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.9.2811'. [ 117.622634][T10431] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.689834][T10431] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.744368][T10431] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.755457][T10431] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.767318][T10431] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.780188][T10431] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.875228][T10475] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2829'. [ 117.908931][T10477] loop2: detected capacity change from 0 to 512 [ 117.923421][T10477] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 117.933128][T10477] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.2830: invalid indirect mapped block 2683928664 (level 1) [ 117.948070][T10477] EXT4-fs (loop2): Remounting filesystem read-only [ 117.954886][T10477] EXT4-fs (loop2): 1 truncate cleaned up [ 117.961264][T10477] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.994896][ T3308] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.075887][T10495] netlink: 'syz.9.2838': attribute type 3 has an invalid length. [ 118.085136][T10497] loop2: detected capacity change from 0 to 128 [ 118.100575][T10497] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 118.114235][T10497] ext4 filesystem being mounted at /545/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 118.142779][ T3308] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 118.174595][T10506] loop9: detected capacity change from 0 to 7 [ 118.230518][T10513] netlink: 'syz.9.2846': attribute type 4 has an invalid length. [ 119.236900][T10609] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2863'. [ 119.259624][T10611] netlink: 'syz.1.2864': attribute type 1 has an invalid length. [ 119.269684][T10609] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 119.294087][T10611] 8021q: adding VLAN 0 to HW filter on device bond1 [ 119.339262][T10614] 9pnet: p9_errstr2errno: server reported unknown error 18446744 [ 119.355138][T10616] pim6reg1: entered promiscuous mode [ 119.360647][T10616] pim6reg1: entered allmulticast mode [ 119.605053][T10636] netlink: 'syz.8.2875': attribute type 1 has an invalid length. [ 120.174417][T10677] netlink: 'syz.8.2893': attribute type 1 has an invalid length. [ 120.182355][T10677] netlink: 224 bytes leftover after parsing attributes in process `syz.8.2893'. [ 120.369853][T10695] sch_tbf: burst 0 is lower than device lo mtu (18) ! [ 120.575453][T10723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2913'. [ 120.677314][T10739] loop1: detected capacity change from 0 to 512 [ 120.700247][T10739] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 120.716509][T10744] loop8: detected capacity change from 0 to 512 [ 120.723939][T10744] EXT4-fs: Ignoring removed mblk_io_submit option [ 120.730880][T10744] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 120.745287][T10739] EXT4-fs (loop1): 1 truncate cleaned up [ 120.752080][T10744] EXT4-fs (loop8): 1 truncate cleaned up [ 120.758161][T10744] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.772269][T10739] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.810063][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.834829][ T3310] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.931722][T10762] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2931'. [ 120.964944][T10762] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0 [ 120.990613][T10764] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.001643][T10762] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2931'. [ 121.038595][T10764] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.063817][T10764] random: crng reseeded on system resumption [ 121.610732][T10827] loop8: detected capacity change from 0 to 128 [ 121.624190][T10827] EXT4-fs: Ignoring removed nobh option [ 121.634007][T10829] vhci_hcd: invalid port number 96 [ 121.634385][T10827] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 121.639189][T10829] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 121.668644][T10827] ext4 filesystem being mounted at /416/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 121.679676][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x1 [ 121.687121][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.694608][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.702065][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.709506][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.717086][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.724545][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x4 [ 121.731983][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.739408][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.746857][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.754266][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x2 [ 121.761742][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.769168][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.776622][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x4 [ 121.784182][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.791632][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.799066][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x2 [ 121.806473][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.813959][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.821458][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.828888][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.836319][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.843810][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.851627][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.859102][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.866620][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.874140][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.881567][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.889038][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.896561][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.904056][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.911525][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.919051][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.926468][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.933931][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.941580][ T3368] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 121.949014][ T3368] hid-generic 0000:0000:0000.0004: item fetching failed at offset 41/43 [ 121.961311][ T3368] hid-generic 0000:0000:0000.0004: probe with driver hid-generic failed with error -22 [ 121.963155][ T5992] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 121.984772][T10843] netlink: 'syz.1.2967': attribute type 21 has an invalid length. [ 121.992671][T10843] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2967'. [ 122.025133][T10845] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2968'. [ 122.034357][T10845] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2968'. [ 122.043417][T10845] netlink: 204 bytes leftover after parsing attributes in process `syz.2.2968'. [ 122.052508][T10845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2968'. [ 122.086090][T10847] loop8: detected capacity change from 0 to 2048 [ 122.110826][T10847] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.133900][T10860] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 122.143533][ T29] kauditd_printk_skb: 153 callbacks suppressed [ 122.143548][ T29] audit: type=1400 audit(1752358484.621:4102): avc: denied { relabelto } for pid=10859 comm="syz.2.2973" name="" dev="pipefs" ino=29194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=fifo_file permissive=1 trawcon="system_u:object_r:dhcp_state_t:s0" [ 122.194585][T10858] netlink: 96 bytes leftover after parsing attributes in process `syz.9.2972'. [ 122.446256][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.532165][T10885] Cannot find add_set index 0 as target [ 122.664975][ T29] audit: type=1326 audit(1752358485.141:4103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10895 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 122.688629][ T29] audit: type=1326 audit(1752358485.141:4104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10895 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 122.748960][ T29] audit: type=1326 audit(1752358485.171:4105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10895 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 122.772545][ T29] audit: type=1326 audit(1752358485.171:4106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10895 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f921c15e929 code=0x7ffc0000 [ 122.964817][T10911] loop8: detected capacity change from 0 to 512 [ 123.005677][T10911] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.033877][T10911] ext4 filesystem being mounted at /421/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.066853][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.149731][ T29] audit: type=1400 audit(1752358485.631:4107): avc: denied { create } for pid=10928 comm="syz.1.3003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 123.179609][ T29] audit: type=1400 audit(1752358485.651:4108): avc: denied { sys_admin } for pid=10928 comm="syz.1.3003" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 123.327604][T10948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.336246][T10948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 123.368968][ T29] audit: type=1400 audit(1752358485.851:4109): avc: denied { mount } for pid=10953 comm="syz.1.3015" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 123.423238][T10958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3017'. [ 123.447346][ T29] audit: type=1326 audit(1752358485.921:4110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10959 comm="syz.1.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 123.471297][ T29] audit: type=1326 audit(1752358485.921:4111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10959 comm="syz.1.3018" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578b40e929 code=0x7ffc0000 [ 123.717105][T10986] bridge0: entered promiscuous mode [ 123.723687][T10986] bridge0: port 3(macvlan2) entered blocking state [ 123.730402][T10986] bridge0: port 3(macvlan2) entered disabled state [ 123.737080][T10986] macvlan2: entered allmulticast mode [ 123.742561][T10986] bridge0: entered allmulticast mode [ 123.749136][T10986] macvlan2: left allmulticast mode [ 123.754342][T10986] bridge0: left allmulticast mode [ 123.759876][T10986] bridge0: left promiscuous mode [ 123.860081][T10993] loop7: detected capacity change from 0 to 128 [ 123.904555][T10575] kworker/u8:39: attempt to access beyond end of device [ 123.904555][T10575] loop7: rw=1, sector=145, nr_sectors = 896 limit=128 [ 123.941430][T11001] loop9: detected capacity change from 0 to 1024 [ 123.948483][T11001] EXT4-fs: Ignoring removed nobh option [ 123.954121][T11001] EXT4-fs: Ignoring removed bh option [ 123.970807][T11001] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.996206][T11001] EXT4-fs error (device loop9): ext4_mb_mark_diskspace_used:4113: comm syz.9.3036: Allocating blocks 385-513 which overlap fs metadata [ 124.012950][T11001] EXT4-fs (loop9): pa ffff888106aa3770: logic 16, phys. 129, len 24 [ 124.021031][T11001] EXT4-fs error (device loop9): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 124.033051][T11001] EXT4-fs (loop9): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 4 with error 28 [ 124.045436][T11001] EXT4-fs (loop9): This should not happen!! Data will be lost [ 124.045436][T11001] [ 124.055174][T11001] EXT4-fs (loop9): Total free blocks count 0 [ 124.061448][T11001] EXT4-fs (loop9): Free/Dirty block details [ 124.067420][T11001] EXT4-fs (loop9): free_blocks=128 [ 124.072815][T11001] EXT4-fs (loop9): dirty_blocks=0 [ 124.077876][T11001] EXT4-fs (loop9): Block reservation details [ 124.084217][T11001] EXT4-fs (loop9): i_reserved_data_blocks=0 [ 124.143464][T11023] rdma_op ffff88811b21c580 conn xmit_rdma 0000000000000000 [ 124.199736][T11032] loop8: detected capacity change from 0 to 1024 [ 124.231474][T11032] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.3050: Allocating blocks 449-513 which overlap fs metadata [ 124.276378][T11030] EXT4-fs (loop8): pa ffff888106aa3770: logic 48, phys. 177, len 21 [ 124.284494][T11030] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 124.379528][T11048] loop1: detected capacity change from 0 to 256 [ 124.386842][T11048] FAT-fs (loop1): bogus number of FAT sectors [ 124.392996][T11048] FAT-fs (loop1): Can't find a valid FAT filesystem [ 124.897861][T11090] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 124.913066][T11089] IPVS: stopping master sync thread 11090 ... [ 124.934944][T11093] netlink: 'syz.8.3073': attribute type 15 has an invalid length. [ 124.972084][T11099] loop9: detected capacity change from 0 to 512 [ 124.980222][T11099] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 125.011627][T11099] ext4 filesystem being mounted at /119/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.026311][T11099] EXT4-fs error (device loop9): ext4_xattr_block_get:593: inode #15: comm syz.9.3078: corrupted xattr block 19: overlapping e_value [ 125.041533][T11099] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop9 ino=15 [ 125.050671][T11099] EXT4-fs error (device loop9): ext4_xattr_block_get:593: inode #15: comm syz.9.3078: corrupted xattr block 19: overlapping e_value [ 125.065696][T11099] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop9 ino=15 [ 125.075091][T11099] EXT4-fs error (device loop9): ext4_xattr_block_get:593: inode #15: comm syz.9.3078: corrupted xattr block 19: overlapping e_value [ 125.526138][T11142] loop2: detected capacity change from 0 to 512 [ 125.533048][T11142] EXT4-fs: Ignoring removed nomblk_io_submit option [ 125.543195][T11142] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 125.564812][T11142] ext4 filesystem being mounted at /605/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.580184][T11142] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 125.593614][T11142] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 125.803390][T11176] __nla_validate_parse: 7 callbacks suppressed [ 125.803410][T11176] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3112'. [ 125.819109][T11176] netlink: 212 bytes leftover after parsing attributes in process `syz.8.3112'. [ 125.938069][T11184] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3115'. [ 125.948057][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 125.954574][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 125.962435][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 125.970343][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 125.978171][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 125.986082][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 125.993932][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.001893][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.009760][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.017638][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.025520][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.033401][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.041322][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.049207][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.057079][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.064980][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.072832][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.080721][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.088599][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.096458][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.104337][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.112211][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.120059][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.127895][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.135752][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.143645][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.151501][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.159397][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.167255][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.175147][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.183014][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.190907][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.198838][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.206705][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.214583][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.222436][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.230297][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.238134][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.245996][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.253889][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.261763][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.265355][T11194] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 126.269606][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.288768][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.296644][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.304529][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.312406][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.320304][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.328130][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.335965][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.343821][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.351660][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.359507][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.367313][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.375166][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.383026][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.390871][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.398787][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.406607][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.414466][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.422328][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.430195][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.438043][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.445882][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.453737][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.461560][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.469391][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.477219][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.485052][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.492868][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.500719][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.508545][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.516374][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.524209][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.532041][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.539874][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.547689][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.555525][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.563384][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.571210][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.579037][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.586854][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.594707][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.602535][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.610380][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.618210][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.626063][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.633891][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.641841][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.649668][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.657505][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.665367][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.673255][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.681084][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.688925][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.696753][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.704654][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 126.712520][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 126.724469][T11196] netlink: 'syz.1.3120': attribute type 3 has an invalid length. [ 126.885705][T11219] loop9: detected capacity change from 0 to 2048 [ 126.939087][T11219] loop9: p1 < > p4 [ 126.943514][T11219] loop9: p4 size 8388608 extends beyond EOD, truncated [ 127.016230][T11239] loop9: detected capacity change from 0 to 1024 [ 127.192396][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 127.192416][ T29] audit: type=1400 audit(1752358489.671:4147): avc: denied { bind } for pid=11254 comm="syz.9.3142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 127.260491][ T29] audit: type=1400 audit(1752358489.701:4148): avc: denied { connect } for pid=11254 comm="syz.9.3142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 127.286833][T11259] loop9: detected capacity change from 0 to 1024 [ 127.321208][T11259] EXT4-fs: Ignoring removed orlov option [ 127.326944][T11259] EXT4-fs: Ignoring removed nomblk_io_submit option [ 127.544208][T11284] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3157'. [ 127.553295][T11284] netlink: 212 bytes leftover after parsing attributes in process `syz.1.3157'. [ 127.611634][T11286] loop7: detected capacity change from 0 to 512 [ 127.618598][T11286] EXT4-fs: Ignoring removed nomblk_io_submit option [ 127.638961][T11286] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 127.680012][T11286] ext4 filesystem being mounted at /438/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 127.706788][T11286] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 128.047002][T11300] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3162'. [ 128.086057][T11300] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 128.161753][ T29] audit: type=1400 audit(1752358490.641:4149): avc: denied { bind } for pid=11305 comm="syz.1.3165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 128.181243][ T29] audit: type=1400 audit(1752358490.641:4150): avc: denied { name_bind } for pid=11305 comm="syz.1.3165" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1 [ 128.229839][T11308] SELinux: syz.1.3167 (11308) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 128.243582][ T29] audit: type=1400 audit(1752358490.641:4151): avc: denied { node_bind } for pid=11305 comm="syz.1.3165" saddr=fe80::aa src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 128.416456][T11335] syzkaller1: entered promiscuous mode [ 128.422084][T11335] syzkaller1: entered allmulticast mode [ 128.545839][ T29] audit: type=1326 audit(1752358491.011:4152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11338 comm="syz.9.3178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 128.569415][ T29] audit: type=1326 audit(1752358491.011:4153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11338 comm="syz.9.3178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 128.592933][ T29] audit: type=1326 audit(1752358491.011:4154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11338 comm="syz.9.3178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 128.616419][ T29] audit: type=1326 audit(1752358491.011:4155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11338 comm="syz.9.3178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 128.639939][ T29] audit: type=1326 audit(1752358491.011:4156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11338 comm="syz.9.3178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f385c23e929 code=0x7ffc0000 [ 128.763193][T11346] loop2: detected capacity change from 0 to 1024 [ 129.048040][T11369] netlink: 'syz.2.3190': attribute type 1 has an invalid length. [ 129.085142][T11369] 8021q: adding VLAN 0 to HW filter on device bond1 [ 129.099857][T11374] loop8: detected capacity change from 0 to 1024 [ 129.131517][T11374] ext4 filesystem being mounted at /448/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.183900][T11382] vhci_hcd: default hub control req: 0000 v0000 i0000 l31125 [ 129.324697][T11386] netlink: 'syz.2.3195': attribute type 1 has an invalid length. [ 129.332642][T11386] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3195'. [ 129.533275][T11402] netlink: 'syz.2.3203': attribute type 3 has an invalid length. [ 129.724984][T11413] netlink: 7 bytes leftover after parsing attributes in process `syz.9.3207'. [ 129.737844][T11413] netlink: 7 bytes leftover after parsing attributes in process `syz.9.3207'. [ 129.782288][T11417] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3209'. [ 129.878616][T11433] netlink: 'syz.2.3212': attribute type 15 has an invalid length. [ 129.897146][T11433] vxlan1: entered promiscuous mode [ 130.065049][T11444] loop8: detected capacity change from 0 to 512 [ 130.082007][T11444] ext4 filesystem being mounted at /455/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 130.120258][T11452] 9pnet: p9_errstr2errno: server reported unknown error pAʼn}dϲ#=M{t&ࡺ'<ףdgCQ, [ 130.340697][T11456] loop8: detected capacity change from 0 to 1024 [ 130.373541][T11456] EXT4-fs mount: 19 callbacks suppressed [ 130.373558][T11456] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.500380][T11470] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000. [ 130.725242][T11456] ================================================================== [ 130.733562][T11456] BUG: KCSAN: data-race in __filemap_remove_folio / folio_mapping [ 130.741387][T11456] [ 130.743712][T11456] write to 0xffffea0004e90858 of 8 bytes by task 11469 on cpu 1: [ 130.751426][T11456] __filemap_remove_folio+0x1a5/0x2a0 [ 130.756813][T11456] folio_unmap_invalidate+0x1dd/0x360 [ 130.762191][T11456] invalidate_inode_pages2_range+0x27c/0x3d0 [ 130.768177][T11456] filemap_invalidate_pages+0x16d/0x1a0 [ 130.773736][T11456] kiocb_invalidate_pages+0x6e/0x80 [ 130.778951][T11456] __iomap_dio_rw+0x5d4/0x1250 [ 130.783726][T11456] iomap_dio_rw+0x40/0x90 [ 130.788072][T11456] ext4_file_write_iter+0xad9/0xf00 [ 130.794317][T11456] iter_file_splice_write+0x5f2/0x970 [ 130.799700][T11456] direct_splice_actor+0x156/0x2a0 [ 130.804838][T11456] splice_direct_to_actor+0x312/0x680 [ 130.810222][T11456] do_splice_direct+0xda/0x150 [ 130.815018][T11456] do_sendfile+0x380/0x650 [ 130.819449][T11456] __x64_sys_sendfile64+0x105/0x150 [ 130.824650][T11456] x64_sys_call+0xb39/0x2fb0 [ 130.829246][T11456] do_syscall_64+0xd2/0x200 [ 130.833750][T11456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.839647][T11456] [ 130.841970][T11456] read to 0xffffea0004e90858 of 8 bytes by task 11456 on cpu 0: [ 130.849596][T11456] folio_mapping+0xa1/0x120 [ 130.854103][T11456] lru_add+0x80/0x430 [ 130.858104][T11456] folio_batch_move_lru+0x177/0x230 [ 130.863312][T11456] lru_add_drain_cpu+0x77/0x250 [ 130.868184][T11456] __folio_batch_release+0x44/0xb0 [ 130.873319][T11456] filemap_splice_read+0x521/0x6b0 [ 130.878454][T11456] ext4_file_splice_read+0x8f/0xb0 [ 130.883575][T11456] splice_direct_to_actor+0x26c/0x680 [ 130.888975][T11456] do_splice_direct+0xda/0x150 [ 130.893758][T11456] do_sendfile+0x380/0x650 [ 130.898177][T11456] __x64_sys_sendfile64+0x105/0x150 [ 130.903390][T11456] x64_sys_call+0xb39/0x2fb0 [ 130.907994][T11456] do_syscall_64+0xd2/0x200 [ 130.912508][T11456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.918411][T11456] [ 130.920733][T11456] value changed: 0xffff88811a463af8 -> 0x0000000000000000 [ 130.927838][T11456] [ 130.930233][T11456] Reported by Kernel Concurrency Sanitizer on: [ 130.936391][T11456] CPU: 0 UID: 0 PID: 11456 Comm: syz.8.3233 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(voluntary) [ 130.948894][T11456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 130.958951][T11456] ================================================================== [ 131.280163][ T5992] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.