last executing test programs: 1m58.202598426s ago: executing program 1 (id=88): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1006}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x37, 0x0, 0x9}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x2d, 0x0) 1m58.134812097s ago: executing program 1 (id=90): r0 = socket$kcm(0x2, 0x3, 0x2) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48844}, 0xc000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) close(0xffffffffffffffff) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x10}, @multicast1}}}, @ip_retopts={{0x14, 0x0, 0x7, {[@noop]}}}], 0x38}, 0x0) 1m58.109489037s ago: executing program 1 (id=91): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={0x2c, r3, 0x1, 0x2000, 0x2, {0x18}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}]}]}, 0x2c}}, 0x20008000) 1m58.090593477s ago: executing program 1 (id=92): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000300)={[{@jqfmt_vfsv1}, {@dioread_lock}, {@barrier_val}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@errors_continue}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) 1m57.952691029s ago: executing program 1 (id=93): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1m57.319895508s ago: executing program 1 (id=112): open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_u}]}}) 1m57.319646157s ago: executing program 32 (id=112): open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@version_u}]}}) 1m33.518097047s ago: executing program 3 (id=994): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@printk={@ld}, @call={0x85, 0x0, 0x0, 0x7d}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000500)='9p_client_req\x00', r2}, 0x10) r3 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) 1m33.414368658s ago: executing program 3 (id=999): r0 = socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SET_NAME(0xf, &(0x7f0000000680)='+}[@\x00[$oB\xfa=\xee\xc4F\xba\xed\x97') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000006c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d2800128014000180090001006c617374000000000400028010000180060001006c6173740000000008000340000001"], 0xb4}}, 0x20050800) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x520, 0x340, 0x25, 0x148, 0x0, 0x60, 0x488, 0x2a8, 0x2a8, 0x488, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x0, 0x0, 0x9, 0x0, 0x80ffffff, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@set={{0x40}}, @common=@unspec=@statistic={{0x38}}]}, @common=@SET={0x60}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x580) 1m33.27947452s ago: executing program 3 (id=1000): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x5, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x13, r0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) 1m33.024207394s ago: executing program 3 (id=1013): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000580)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@noauto_da_alloc}, {@dioread_nolock}, {@usrquota}, {@nobarrier}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xba6, &(0x7f0000000c00)="$eJzs3M1rXFUUAPDzXj7bRicVEeumEZEWxGlaSbFFsJWKGxeCboWGdFJCph8kkZo0i4n+A6KuBTeCWpQu7LobBbdutG4tLoQisVEQ0cibjyQ2M0naTvJq8vvBzbt3zpvcc/KYeffCTALYsQayH2nEvog4nUQU6o+nEdFd7fVGVGrnLczPjvwxPzuSxOLi678mkUTE7fnZkcbvSurHPfVBb0R891ISj7y7et7J6Znx4XK5NFEfH5o6d/HQ5PTMs2Pnhs+WzpbOHz76/NCRoaODx4baVuufP5249vuTr/xc+euzv6/89sEnSZyIvnpsZR3tMhADS3+TlTojYrjdk+Wko17PyjqTznWelG5yUgAAtJSuWMM9FoXoiOXFWyG+/j7X5AAAAIC2WOyIWAQAAAC2ucT+HwAAALa5xucAbs/PjjRavp9I2Fq3TkZEf63+hXqrRTqjUj32RldE7L6dxMqvtSa1p923gYi4+eOxL7MWm/Q95LVU5iLi8WbXP6nW31/9Fvfq+tOIGGzD/AN3jP9P9Z9ow/x51w/AznT9ZO1Gtvr+ly6tf6LJ/a+zyb3rXuR9/2us/xZWrf+W6+9osf57bYNzXP70o0utYln9L1x7+YtGy+bPjvdV1F24NRfxRGez+pOl+pMW9Z/e4ByFfy6VWsXyrn/x44gD0bz+hmTt/090aHSsXBqs/Ww6x9y3Q5+3mj/v+rPrv7tF/etd/4sbnOPNU6eutoqtX3/6S3fyRrXXXX/k7eGpqYnDEd3Jq6sfP7J2Lo1zGr8jq//gU2u//pvVn70nVOp/h2wvMFc/ZuN37pjzxSuXv1qr/mzvl+f1P3OP1/+9Dc7x9DfvH2wVW7n/zVo2/82kthcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIY0IvoiSYtL/TQtFiP2RMSjsTstX5icemb0wlvnz2SxiP7oSkfHyqXBiCjUxkk2PlztL4+P3DF+LiL2RsSHhV3VcXHkQvlM3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwZE9E9EWSFiMijYiFQpoWi3lnBQAAALRdf94JAAAAAJvO/h8AAAC2P/t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANtne/ddvJBFROb6r2jLd9VhXrpkBmy3NOwEgNx15JwDkpjPvBIDc3OUe33IBtqFknXhvy0hP23MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MF1YN/1G0lEVI7vqrZMdz3W1fQZ+7cwO2AzpXknAOSmY61g59blAWw9L3HYuZrv8YGdJFkn3rt8TuW/kZ5NywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAB09ftSVpMSLSaj9Ni8WIhyKiP7qS0bFyaTAiHo6IHwpdPdm4J++kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLvJ6Znx4XK5NKGjo5NvJ3kw0qh18n5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD5PTM+PD5XJpYjLvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC8TU7PjA+Xy6WJDXSu3s3JKzp51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DQAA//+LYA3r") open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) 1m32.781509797s ago: executing program 3 (id=1019): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) unshare(0x22020600) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x1ff, 0x4, 0x100, 0x90, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)=r0}, 0x20) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x5, r2}, 0x38) 1m32.712797418s ago: executing program 2 (id=1022): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, r3, 0x1, 0x0, 0x25cfdbfc, {0x54}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x40010) 1m32.641578429s ago: executing program 2 (id=1026): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) close(r2) 1m32.61575904s ago: executing program 2 (id=1029): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x0) poll(&(0x7f0000000040)=[{r2}], 0x1, 0x0) 1m32.595282709s ago: executing program 2 (id=1031): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000580)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@noauto_da_alloc}, {@dioread_nolock}, {@usrquota}, {@nobarrier}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xba6, &(0x7f0000000c00)="$eJzs3M1rXFUUAPDzXj7bRicVEeumEZEWxGlaSbFFsJWKGxeCboWGdFJCph8kkZo0i4n+A6KuBTeCWpQu7LobBbdutG4tLoQisVEQ0cibjyQ2M0naTvJq8vvBzbt3zpvcc/KYeffCTALYsQayH2nEvog4nUQU6o+nEdFd7fVGVGrnLczPjvwxPzuSxOLi678mkUTE7fnZkcbvSurHPfVBb0R891ISj7y7et7J6Znx4XK5NFEfH5o6d/HQ5PTMs2Pnhs+WzpbOHz76/NCRoaODx4baVuufP5249vuTr/xc+euzv6/89sEnSZyIvnpsZR3tMhADS3+TlTojYrjdk+Wko17PyjqTznWelG5yUgAAtJSuWMM9FoXoiOXFWyG+/j7X5AAAAIC2WOyIWAQAAAC2ucT+HwAAALa5xucAbs/PjjRavp9I2Fq3TkZEf63+hXqrRTqjUj32RldE7L6dxMqvtSa1p923gYi4+eOxL7MWm/Q95LVU5iLi8WbXP6nW31/9Fvfq+tOIGGzD/AN3jP9P9Z9ow/x51w/AznT9ZO1Gtvr+ly6tf6LJ/a+zyb3rXuR9/2us/xZWrf+W6+9osf57bYNzXP70o0utYln9L1x7+YtGy+bPjvdV1F24NRfxRGez+pOl+pMW9Z/e4ByFfy6VWsXyrn/x44gD0bz+hmTt/090aHSsXBqs/Ww6x9y3Q5+3mj/v+rPrv7tF/etd/4sbnOPNU6eutoqtX3/6S3fyRrXXXX/k7eGpqYnDEd3Jq6sfP7J2Lo1zGr8jq//gU2u//pvVn70nVOp/h2wvMFc/ZuN37pjzxSuXv1qr/mzvl+f1P3OP1/+9Dc7x9DfvH2wVW7n/zVo2/82kthcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIY0IvoiSYtL/TQtFiP2RMSjsTstX5icemb0wlvnz2SxiP7oSkfHyqXBiCjUxkk2PlztL4+P3DF+LiL2RsSHhV3VcXHkQvlM3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwZE9E9EWSFiMijYiFQpoWi3lnBQAAALRdf94JAAAAAJvO/h8AAAC2P/t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANtne/ddvJBFROb6r2jLd9VhXrpkBmy3NOwEgNx15JwDkpjPvBIDc3OUe33IBtqFknXhvy0hP23MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4MF1YN/1G0lEVI7vqrZMdz3W1fQZ+7cwO2AzpXknAOSmY61g59blAWw9L3HYuZrv8YGdJFkn3rt8TuW/kZ5NywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAB09ftSVpMSLSaj9Ni8WIhyKiP7qS0bFyaTAiHo6IHwpdPdm4J++kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaLvJ6Znx4XK5NKGjo5NvJ3kw0qh18n5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD5PTM+PD5XJpYjLvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC8TU7PjA+Xy6WJDXSu3s3JKzp51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DQAA//+LYA3r") open(&(0x7f0000000000)='./bus\x00', 0x1050c1, 0x170) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]}) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) 1m32.517573681s ago: executing program 3 (id=1035): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@noload}, {@dioread_lock}, {@dioread_lock}, {@resgid}, {@data_err_ignore}, {@nojournal_checksum}, {@nobh}, {@user_xattr}, {@bh}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}]}, 0xfe, 0x562, &(0x7f0000000440)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIuHMyla+uPCV7MS9HhQG+8miE9K6PpMpp0rHXgduFuvJEheOFAvNd7L4f/gH/FQIdDRvHGm8hJT7quSdasy9rMfD5w2vfNe5L3PDnnefOenIQEMLQmsj+FiJcj4psk4nBEJHnbaOSNE2vrrT68Xs6WJBqNT/5KsvX2R0S59Vit+x3MKy9FxK9fRZwstPdbW16ZL1Uq6WJe3xsLVyZryyunLi2U5tK59PL0zMyZt2am333n7b7E2fhy7f/Hdz848/Xx1e9+vn/kdhJn41DensXVh25ubKxMxET+nIzF2U0rTvWhs0GS7PYGsC0jeZ6PRTYGHI6RPOuB/77sZbEBDKlE/sOQas0DWuf2fToPfmE8eH/tBKg9/tG190ZiX/Pc6MBq8tiZUXa+O96H/rM+fvnjzu1sif69DwGwpRs3I+L06Gj7+Jfk49/2ne5hnc19GP9g59zN5j9vdJr/FNbnP9Fh/nOwQ+5ux9b5X7jfh266yuZ/73Wc/65ftBofyWv/a875xpKLlyppNrb9PyJOxNjerP6k6zlnVu81urVtnP9lS9Z/ay6Yb8f90b2P32e2VC89S8wbPbgZ8UrH+W+yvv+TDvs/ez7O99jHsfTOa93ato7/+Wr8GPF6x/3/6IpWVpqsd70+Odk8HiZbR0W7v28d+61b/7sdf7b/Dzw5/vFk4/Xa2tP38cO+f9K8uG9z22PxR+/H/57k02Z5T37btVK9vjgVsSf5qP326Uf3bdVb62fxnzj+5PGv0/G/PyI+7zH+W0d/erVb2yDs/9mn2v9PX7j34Rffd+u/t/HvzWbpRH5LL+Nfrxv4LM8dAAAAAAAADJpCRByKpFBcLxcKxeLa5zuOxoFCpVqrn7xYXbo8G83vyo7HWKF1pfvwhs9DTOWfh23VpzfVZyLiSER8O7K/WS+Wq5XZ3Q4eAAAAAAAAAAAAAAAAAAAABsTBLt//z/w+0rb6Z3/u/CYCz5Of/IbhtWX+9+OXnoCB5PUfhpf8h+El/2F4yX8YXvIfhpf8h+El/2F4yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq/PnzmVLY/Xh9XJWn726vDRfvXpqNq3NFxeWysVydfFKca5anaukxXJ1YavHq1SrV6amY+naZD2t1SdryysXFqpLl+sXLi2U5tIL6diORAUAAAAAAAAAAAAAAAAAAAAvltryynypUkkXFRS2VRgdjM1Q6HNht0cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjk3wAAAP//cHo1gQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x11, r0, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) 1m32.486294271s ago: executing program 33 (id=1035): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@noload}, {@dioread_lock}, {@dioread_lock}, {@resgid}, {@data_err_ignore}, {@nojournal_checksum}, {@nobh}, {@user_xattr}, {@bh}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}]}, 0xfe, 0x562, &(0x7f0000000440)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIuHMyla+uPCV7MS9HhQG+8miE9K6PpMpp0rHXgduFuvJEheOFAvNd7L4f/gH/FQIdDRvHGm8hJT7quSdasy9rMfD5w2vfNe5L3PDnnefOenIQEMLQmsj+FiJcj4psk4nBEJHnbaOSNE2vrrT68Xs6WJBqNT/5KsvX2R0S59Vit+x3MKy9FxK9fRZwstPdbW16ZL1Uq6WJe3xsLVyZryyunLi2U5tK59PL0zMyZt2am333n7b7E2fhy7f/Hdz848/Xx1e9+vn/kdhJn41DensXVh25ubKxMxET+nIzF2U0rTvWhs0GS7PYGsC0jeZ6PRTYGHI6RPOuB/77sZbEBDKlE/sOQas0DWuf2fToPfmE8eH/tBKg9/tG190ZiX/Pc6MBq8tiZUXa+O96H/rM+fvnjzu1sif69DwGwpRs3I+L06Gj7+Jfk49/2ne5hnc19GP9g59zN5j9vdJr/FNbnP9Fh/nOwQ+5ux9b5X7jfh266yuZ/73Wc/65ftBofyWv/a875xpKLlyppNrb9PyJOxNjerP6k6zlnVu81urVtnP9lS9Z/ay6Yb8f90b2P32e2VC89S8wbPbgZ8UrH+W+yvv+TDvs/ez7O99jHsfTOa93ato7/+Wr8GPF6x/3/6IpWVpqsd70+Odk8HiZbR0W7v28d+61b/7sdf7b/Dzw5/vFk4/Xa2tP38cO+f9K8uG9z22PxR+/H/57k02Z5T37btVK9vjgVsSf5qP326Uf3bdVb62fxnzj+5PGv0/G/PyI+7zH+W0d/erVb2yDs/9mn2v9PX7j34Rffd+u/t/HvzWbpRH5LL+Nfrxv4LM8dAAAAAAAADJpCRByKpFBcLxcKxeLa5zuOxoFCpVqrn7xYXbo8G83vyo7HWKF1pfvwhs9DTOWfh23VpzfVZyLiSER8O7K/WS+Wq5XZ3Q4eAAAAAAAAAAAAAAAAAAAABsTBLt//z/w+0rb6Z3/u/CYCz5Of/IbhtWX+9+OXnoCB5PUfhpf8h+El/2F4yX8YXvIfhpf8h+El/2F4yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq/PnzmVLY/Xh9XJWn726vDRfvXpqNq3NFxeWysVydfFKca5anaukxXJ1YavHq1SrV6amY+naZD2t1SdryysXFqpLl+sXLi2U5tIL6diORAUAAAAAAAAAAAAAAAAAAAAvltryynypUkkXFRS2VRgdjM1Q6HNht0cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjk3wAAAP//cHo1gQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x11, r0, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) 1m32.230411335s ago: executing program 2 (id=1040): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x21408, 0x0, 0x1, 0x0, &(0x7f0000006380)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000004540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cachetag=,aname=u']) 1m31.938183839s ago: executing program 2 (id=1049): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000001f) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r2}, 0x10) fcntl$notify(r1, 0x402, 0x8000003d) close_range(r0, r1, 0x0) 1m31.938000159s ago: executing program 34 (id=1049): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000001f) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000c80)='kmem_cache_free\x00', r2}, 0x10) fcntl$notify(r1, 0x402, 0x8000003d) close_range(r0, r1, 0x0) 1m22.632710367s ago: executing program 7 (id=1250): socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) syz_open_dev$usbfs(0x0, 0x77, 0x101301) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0xfffffffffffffc86, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x0) 1m22.571058099s ago: executing program 7 (id=1252): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000840)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) r2 = perf_event_open(&(0x7f00000004c0)={0x2, 0x80, 0xfe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x4}, 0x40db, 0x0, 0x4, 0x8, 0xa, 0x100, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000000)='cpu<=0||!') 1m22.43927465s ago: executing program 7 (id=1257): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000e00)='kfree\x00', r1, 0x0, 0x4ab}, 0x18) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f00000000c0)={0x800000, 0x80, 0x401, 0x6, 0x4000, 0xac9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f0000000bc0)={0x800080, 0x856, 0x8, 0x9, 0x40, 0x558}) 1m22.408662711s ago: executing program 7 (id=1258): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x810000, &(0x7f0000000040)={[{@auto_da_alloc}]}, 0x3, 0x4d4, &(0x7f0000000340)="$eJzs3E9sFNUfAPDvbLu0wI8fFREFUYpobExsofw9eMFo4kETIx702LSVIAUM7UEIkZIYPBoS78aj8ebBq3oznky84sGDiSEhhgvgxTGzO9Nu90+7C22Xup9PMu17M2/mvTfz3uzbebsbQM8azv4kEf+LiJsRsb0aXZpguPrv3p0rk/fvXJmM+TQ99VdSSXc3i+eK/bbmkZFSROnTpO6AVbOXLp+dmJmZvpjHx+bOfTQ2e+nyy2fOTZyePj19fvzEiSOHDx0/Nn6080o1yS+r1909n1zYu/uN92+8NdlfrB/M/9fWo6X+zooxvMy2Fzo71CNvW004aTxPV9e1MLRtMG/W5Ur/3x59nTZyYMNK0zQdaL15Pq13rWENsGEl0e0SAN1RvNBn73+LZZ2GHo+E2yerb4Cyet/Ll+qW/ijlacp1729X03BEvDf/95fZEss9h/h9jQoAAPScH04WI8H68V8pdtWk+38+hzIUEY9FxI6IeDwidkbEExGVtE9GxFP1GSQR6TL576yLN45/Srcepn4rycZ/r+RzW0vHf8XoL4b68ti2iGLAPH0wPycjUR744MzM9KFl8vjxtV8/b7WtdvyXLVn+xVgwL8et/roHdFMTcxMPXOE6t69F7Omvr3/Sn124YiYgiYjdEbGng+MO1YTPvPT13oVIeWm6letfkTaZ0ut4Pq6Z9KuIF6vXfz6WXP/FHJPW85P/HBs/OjYYM9MHx7JWkLWK2FSfx8+/XH+7Vf4r1v+7P+p3ef3496cevuK57PpvqWn/UczfLtZ/KIlIFuZrZzvP4/pvn1WOO3ygcduDtv9NybuVcHGyP56Ym7t4KGJT8mbj+vHFfYt4kT6r/8iB5v1/R34WsuXpiMga8TMR8WxE7MvLvj8inouIJlVb8NOrz3/Yalub7X/NZPWfanr/W3L9F+fr2wwUO2dr+s7uv3m/xc2jvet/pBIaydc0v/8lS24R7Zb04c4eAAAAbAylqHz2vzS6EC6VRkerz4B2xpbSzIXZuX0RcX6q+h2BoSiXiidd1efB5aR4/jlUEx+vix/Onxt/0be5Eh+dvDAz1e3KQ4/bWunzSUP/z/zZ1+3SAWvOV36gd63U/3fdWKeCAOvO6z/0rpr+P98iybxPysB/k9d/6F3N+v/V+Kbhg+wr7QNsLKm+DD1N/4fe1R/vLIRLXS0JsN46ev3fvnblANZVp9/r7yyQDjTfNBhNfjFgcG2KsblJXl0JZCOrVTxgOSLaS7z5QbIofk2h9S88lDo74EA0buqL5fZKOvgdhyKQnZUVE5/eteqNP80/K7/azebbxX5abvNyr1KgK7cjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAVfdvAAAA//8XK9av") creat(&(0x7f0000000040)='./bus\x00', 0x120) mount(&(0x7f0000000180)=@loop={'/dev/loop', 0x0}, &(0x7f0000000240)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x5, 0x0, "ef359f413bb901527f00d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea0000000000000000000800002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x8]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r1, 0xfffffffffffffffe, 0x29) 1m22.014628196s ago: executing program 7 (id=1265): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)={0x67, 0x0, 0x2, 0x95}, 0x8) 1m21.279163476s ago: executing program 7 (id=1282): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) close_range(r3, 0xffffffffffffffff, 0x0) 1m21.194244868s ago: executing program 35 (id=1282): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) close_range(r3, 0xffffffffffffffff, 0x0) 1.428259951s ago: executing program 5 (id=4361): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00000000c0)='./file0\x00', 0xa2002874) fsetxattr$security_capability(r0, &(0x7f0000000000), 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x0, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1.254466373s ago: executing program 6 (id=4372): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='fdinfo\x00') io_uring_setup(0x177d, &(0x7f00000002c0)={0x0, 0xa5dd, 0x1, 0x2, 0xfffffffe}) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 1.196785924s ago: executing program 6 (id=4375): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x1, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) syz_clone3(&(0x7f0000000680)={0x40004000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.124035185s ago: executing program 8 (id=4376): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000004c0)='kfree\x00', r2}, 0x18) add_key(&(0x7f00000003c0)='ceph\x00', 0x0, &(0x7f0000000400)="010000000037a788a11d18000000000000006923c63a4541062101a59ea9cba39a989ca8", 0x24, r0) 1.108030515s ago: executing program 8 (id=4378): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000004c0)="c8", &(0x7f0000000380), 0x9, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r1}, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) 1.074419726s ago: executing program 8 (id=4381): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581) syz_open_dev$sg(0x0, 0x0, 0x191200) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 1.039016886s ago: executing program 8 (id=4382): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000005900000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = dup(r3) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000680)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@version_9p2000}], [], 0x6b}}) 1.038634846s ago: executing program 5 (id=4383): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r4}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) 927.995868ms ago: executing program 5 (id=4386): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000380)='attr/exec\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) r3 = syz_io_uring_setup(0x2e3b, &(0x7f0000000440)={0x0, 0x482b, 0x10100, 0x1}, &(0x7f0000000400)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000340)=[{&(0x7f00000002c0)=""/9, 0x9}], 0x1}) io_uring_enter(r3, 0x567, 0xa1ff, 0x0, 0x0, 0x0) 927.475118ms ago: executing program 8 (id=4388): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000400000003"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe8d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000840)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x22c000, 0x800}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 861.058009ms ago: executing program 6 (id=4390): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb79100a000000800000000642"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1100}, 0x48) 830.595079ms ago: executing program 5 (id=4391): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@noload}, {@dioread_lock}, {@dioread_lock}, {@resgid}, {@data_err_ignore}, {@nojournal_checksum}, {@nobh}, {@user_xattr}, {@bh}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x5}}]}, 0xfe, 0x562, &(0x7f0000000440)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIuHMyla+uPCV7MS9HhQG+8miE9K6PpMpp0rHXgduFuvJEheOFAvNd7L4f/gH/FQIdDRvHGm8hJT7quSdasy9rMfD5w2vfNe5L3PDnnefOenIQEMLQmsj+FiJcj4psk4nBEJHnbaOSNE2vrrT68Xs6WJBqNT/5KsvX2R0S59Vit+x3MKy9FxK9fRZwstPdbW16ZL1Uq6WJe3xsLVyZryyunLi2U5tK59PL0zMyZt2am333n7b7E2fhy7f/Hdz848/Xx1e9+vn/kdhJn41DensXVh25ubKxMxET+nIzF2U0rTvWhs0GS7PYGsC0jeZ6PRTYGHI6RPOuB/77sZbEBDKlE/sOQas0DWuf2fToPfmE8eH/tBKg9/tG190ZiX/Pc6MBq8tiZUXa+O96H/rM+fvnjzu1sif69DwGwpRs3I+L06Gj7+Jfk49/2ne5hnc19GP9g59zN5j9vdJr/FNbnP9Fh/nOwQ+5ux9b5X7jfh266yuZ/73Wc/65ftBofyWv/a875xpKLlyppNrb9PyJOxNjerP6k6zlnVu81urVtnP9lS9Z/ay6Yb8f90b2P32e2VC89S8wbPbgZ8UrH+W+yvv+TDvs/ez7O99jHsfTOa93ato7/+Wr8GPF6x/3/6IpWVpqsd70+Odk8HiZbR0W7v28d+61b/7sdf7b/Dzw5/vFk4/Xa2tP38cO+f9K8uG9z22PxR+/H/57k02Z5T37btVK9vjgVsSf5qP326Uf3bdVb62fxnzj+5PGv0/G/PyI+7zH+W0d/erVb2yDs/9mn2v9PX7j34Rffd+u/t/HvzWbpRH5LL+Nfrxv4LM8dAAAAAAAADJpCRByKpFBcLxcKxeLa5zuOxoFCpVqrn7xYXbo8G83vyo7HWKF1pfvwhs9DTOWfh23VpzfVZyLiSER8O7K/WS+Wq5XZ3Q4eAAAAAAAAAAAAAAAAAAAABsTBLt//z/w+0rb6Z3/u/CYCz5Of/IbhtWX+9+OXnoCB5PUfhpf8h+El/2F4yX8YXvIfhpf8h+El/2F4yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq/PnzmVLY/Xh9XJWn726vDRfvXpqNq3NFxeWysVydfFKca5anaukxXJ1YavHq1SrV6amY+naZD2t1SdryysXFqpLl+sXLi2U5tIL6diORAUAAAAAAAAAAAAAAAAAAAAvltryynypUkkXFRS2VRgdjM1Q6HNht0cmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjk3wAAAP//cHo1gQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r0, &(0x7f0000000180), 0x40010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x189) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x11, r1, 0x1000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) 721.54034ms ago: executing program 6 (id=4394): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x200804, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64, @ANYRES16=0x0], 0x1, 0x377, &(0x7f0000000f80)="$eJzs3c9rI2UYwPEnbZpOumyTgygK0ge96GVoq2c1yC6IBZfuRtwVhNntVEPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/STDL5sbNdmm6/H9jNk77vM/O+mSQ8byBvjt776uPmrmfuWh1ZMFQKIiIPRKqyIIlCdFOSDAfy8oU/7z9/9fqNt2tbW5e2VS/Xrr2yqaqraz988lk57nZvWQ6rHxyJ8dvh04fPHv137aOGpw1PW+2OWnqz/WvHuunYutPwmqbqFce2PFsbLc92o/Z21L7rtPf2emq1di6u7Lm256nV6mnT7mmnrR23p9aHVqOlpmnqxZWs4T7BjBw59dvb21Yt5wlv5czDSfvH9/0Jza5bsxZFzPJIS/32Yx0XAACYS0P1/zdJjVCVhX5BWYjXAqUwTi8Dgvo/icP6P1gsHNf/d174qXPh3burcf1/r5RV/7/6S5Sfqv+Ds594/f/d0P3RiujM23+Yzo9U/2M+rKVfkb8fr9hjQf0fvBr6K/ov3r+zHgbU/wAAAAAAAAAAAAAAAAAAAAAAnAUPfL/i+34luU3+HX+FIL6f3Jv0RWOcOeOu/3K8o0D/+YAn0tXrN8QIv7hXXBVxvuzWu/XoNm5POq5LRf4Nnw+xaMOJg7BRA1X50dnv1pfihMXw/5qIiiO2bEhFqqn8ML781talDY1E+eH597v1QnElyN+VRpi/KRV5Kjt/MzO/JC+9OJBvSkV+viVtcWQnfh9L8j/fUH3zna2h/HLYL8vrj/eSAAAAAABw4kxVI14+V9Pr32j9bpqqWe3BWl4G1+ejnw/019frmevzYuW54unOHQAAAACA88Irfdq0HMd2vd7YoCzT+izHRxtqKsqUIwdBcYY+qeB+GCxN6rM4MMNZj1yKf0Fj1mG4Xk9mHnMS/LUsmQ9msoVrqsnIflRnDJL5z9DZeNhL4HoLE+ZeGDvmtaBFc01nIEg+Nho5aXy55UreI48Lkp1zp3V+5utv/853ikK8a+9g02t3jayZDgeFob8cTHnS/uH7U8ezlP1u8X2eH5kBAAAAMCeSor/sJX9543QHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAOTRlW7K1nJvPpYLTniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwL/4PAAD//6147+o=") r0 = open(&(0x7f0000000300)='./file0\x00', 0x145142, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) ftruncate(r0, 0x2007ffb) sendfile(r0, r0, 0x0, 0x800000009) 530.241413ms ago: executing program 6 (id=4399): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00'}) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x1200002, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'}) 435.884954ms ago: executing program 5 (id=4401): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x1, &(0x7f000006b000)={{}, {0x0, 0x9}}, 0x0) syz_clone3(&(0x7f0000000680)={0x40004000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) 381.099615ms ago: executing program 8 (id=4403): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x20000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2b, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r2}, 0x10) waitid(0x0, 0x0, 0x0, 0x4, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x5a, 0xe4, 0xc4, 0x10, 0x596, 0x1, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x0, 0x0, 0xb5, 0xe1, 0x45}}]}}]}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 367.358585ms ago: executing program 6 (id=4404): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20) prlimit64(0x0, 0xe, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2, 0x0, 0x10001}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) 308.691346ms ago: executing program 0 (id=4405): r0 = socket$inet6(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000300)='neigh_update\x00', r3}, 0x10) sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 239.486267ms ago: executing program 0 (id=4407): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000006c0)='kmem_cache_free\x00', r1, 0x0, 0x2000}, 0x18) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xa2, 0x4007}}, '\x00'}) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080)) 232.564877ms ago: executing program 4 (id=4408): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x2}, 0x8) sendto$inet6(r0, &(0x7f0000000080)="be", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18) shutdown(r0, 0x1) 207.908167ms ago: executing program 4 (id=4409): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r3, 0x0, r2, 0x0, 0x46) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 164.069378ms ago: executing program 0 (id=4410): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet_sctp(0x2, 0x1, 0x84) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={r3, 0x8}, 0x8) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x85, &(0x7f00000000c0)={r4, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}, 0x0, 0x0, 0xfffffffc}, &(0x7f00000001c0)=0x9c) 141.220778ms ago: executing program 0 (id=4411): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x2, 0x40024e}, &(0x7f0000000080)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x6, 0x0, r2, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) 125.667079ms ago: executing program 4 (id=4412): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c00018008000140e00000020c00028008000140e000400173ff34b4eb0240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) unshare(0x40600) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000001040)={{0x1, 0x1, 0x1018}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00'}) 71.99828ms ago: executing program 0 (id=4413): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000000d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@gettfilter={0x24, 0x29, 0x6ce324a938346939, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x3}, {0x0, 0xffff}}}, 0x24}}, 0x0) 71.82503ms ago: executing program 4 (id=4414): r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200001000000000280000000000003"], 0x69) close(r0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 56.71495ms ago: executing program 5 (id=4415): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000017b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000bc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x4000, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4000000010000104000000260000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000300", @ANYRES32=r4], 0x40}, 0x1, 0xd}, 0x0) 54.52475ms ago: executing program 0 (id=4416): syz_clone(0x40200, 0x0, 0x49, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000ff41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x4000884) 149.57µs ago: executing program 4 (id=4417): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) r0 = gettid() r1 = gettid() tkill(r0, 0x12) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000005c0)='kmem_cache_free\x00', r3}, 0x10) tkill(r1, 0x14) 0s ago: executing program 4 (id=4418): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="46ec0800000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0) kernel console output (not intermixed with test programs): T9591] vhci_hcd: invalid port number 96 [ 82.744848][ T9591] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 82.902153][ T9609] team0 (unregistering): Port device team_slave_0 removed [ 82.933557][ T9609] team0 (unregistering): Port device team_slave_1 removed [ 83.408328][ T9709] bond1: entered promiscuous mode [ 83.413420][ T9709] bond1: entered allmulticast mode [ 83.418936][ T9709] 8021q: adding VLAN 0 to HW filter on device bond1 [ 83.446344][ T9746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.461659][ T9746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.479122][ T9754] veth0_to_bond: left allmulticast mode [ 83.484868][ T9754] veth0_to_bond: left promiscuous mode [ 83.490471][ T9754] bridge0: port 3(veth0_to_bond) entered disabled state [ 83.498684][ T9754] bridge_slave_1: left allmulticast mode [ 83.504625][ T9754] bridge_slave_1: left promiscuous mode [ 83.510347][ T9754] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.518786][ T9754] bridge_slave_0: left promiscuous mode [ 83.524668][ T9754] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.304963][ T9790] xt_hashlimit: max too large, truncated to 1048576 [ 84.336142][ T9794] loop6: detected capacity change from 0 to 1024 [ 84.348608][ T9794] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 84.374406][ T9794] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 84.383912][ T9794] EXT4-fs (loop6): orphan cleanup on readonly fs [ 84.390284][ T9794] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #3: comm syz.6.1745: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 2(4), depth 0(0) [ 84.408551][ T9794] EXT4-fs error (device loop6): ext4_quota_enable:7129: comm syz.6.1745: Bad quota inode: 3, type: 0 [ 84.420992][ T9794] EXT4-fs warning (device loop6): ext4_enable_quotas:7170: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 84.435648][ T9794] EXT4-fs (loop6): Cannot turn on quotas: error -117 [ 84.442736][ T9794] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 84.458094][ T9794] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 84.490070][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.540831][ T9825] loop6: detected capacity change from 0 to 128 [ 84.565615][ T9831] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 808 [ 84.587948][ T9825] bio_check_eod: 41 callbacks suppressed [ 84.587963][ T9825] syz.6.1760: attempt to access beyond end of device [ 84.587963][ T9825] loop6: rw=0, sector=121, nr_sectors = 120 limit=128 [ 84.620298][ T12] kworker/u8:0: attempt to access beyond end of device [ 84.620298][ T12] loop6: rw=1, sector=241, nr_sectors = 800 limit=128 [ 84.665061][ T9841] __nla_validate_parse: 11 callbacks suppressed [ 84.665099][ T9841] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1765'. [ 84.699498][ T9841] bond1: entered promiscuous mode [ 84.704582][ T9841] bond1: entered allmulticast mode [ 84.721648][ T9841] 8021q: adding VLAN 0 to HW filter on device bond1 [ 85.370197][ T9899] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 808 [ 85.419745][ T9912] sch_tbf: burst 3092 is lower than device lo mtu (65550) ! [ 85.491293][ T9921] xt_hashlimit: max too large, truncated to 1048576 [ 85.796876][ T9984] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1803'. [ 86.028952][T10017] gretap0: entered promiscuous mode [ 86.034417][T10017] vlan2: entered promiscuous mode [ 86.490040][T10064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1827'. [ 86.506376][T10064] team0 (unregistering): Port device team_slave_0 removed [ 86.515981][T10064] team0 (unregistering): Port device team_slave_1 removed [ 86.547692][T10100] bridge_slave_1: left allmulticast mode [ 86.553485][T10100] bridge_slave_1: left promiscuous mode [ 86.559181][T10100] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.566888][T10100] bridge_slave_0: left allmulticast mode [ 86.572554][T10100] bridge_slave_0: left promiscuous mode [ 86.578271][T10100] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.601111][T10102] capability: warning: `syz.0.1830' uses 32-bit capabilities (legacy support in use) [ 86.778388][T10122] gretap0: entered promiscuous mode [ 86.784049][T10122] vlan2: entered promiscuous mode [ 86.889970][T10149] openvswitch: netlink: Message has 6 unknown bytes. [ 86.907357][T10151] netlink: 'syz.8.1845': attribute type 1 has an invalid length. [ 87.240961][T10197] loop6: detected capacity change from 0 to 1024 [ 87.249182][T10197] EXT4-fs: Ignoring removed oldalloc option [ 87.255464][T10197] EXT4-fs: Ignoring removed bh option [ 87.263000][T10197] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 87.275429][T10197] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 87.292631][T10197] JBD2: no valid journal superblock found [ 87.298883][T10197] EXT4-fs (loop6): Could not load journal inode [ 87.584919][T10217] loop6: detected capacity change from 0 to 256 [ 87.603223][T10217] syz.6.1874: attempt to access beyond end of device [ 87.603223][T10217] loop6: rw=0, sector=256, nr_sectors = 20 limit=256 [ 87.773715][T10232] loop6: detected capacity change from 0 to 256 [ 87.792767][T10232] syz.6.1880: attempt to access beyond end of device [ 87.792767][T10232] loop6: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 87.868720][T10247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.886647][T10247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 88.055535][T10301] loop8: detected capacity change from 0 to 512 [ 88.063005][T10301] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 88.076204][T10301] EXT4-fs (loop8): 1 truncate cleaned up [ 88.082445][T10301] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 88.116364][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.134400][T10311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1900'. [ 88.143384][T10311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1900'. [ 88.143583][T10307] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1898'. [ 88.192912][ T29] kauditd_printk_skb: 83 callbacks suppressed [ 88.192925][ T29] audit: type=1400 audit(1747882479.763:1898): avc: denied { write } for pid=10317 comm="syz.8.1899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 88.437355][T10321] openvswitch: netlink: Message has 6 unknown bytes. [ 88.456714][T10324] vlan3: entered allmulticast mode [ 88.464244][T10324] dummy0: entered allmulticast mode [ 88.676374][T10357] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1917'. [ 88.685313][T10357] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1917'. [ 88.734814][T10359] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1919'. [ 88.749492][T10359] vlan3: entered promiscuous mode [ 88.754664][T10359] hsr0: entered promiscuous mode [ 88.786830][T10377] syz_tun: entered allmulticast mode [ 88.794909][T10377] syz_tun: left allmulticast mode [ 88.926777][T10393] loop6: detected capacity change from 0 to 2048 [ 88.954602][T10393] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.983058][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.016313][T10408] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1935'. [ 89.047431][T10412] gtp0: entered promiscuous mode [ 89.106385][T10422] netem: change failed [ 89.223083][T10429] vlan2: entered allmulticast mode [ 89.228232][T10429] dummy0: entered allmulticast mode [ 89.331684][T10438] loop8: detected capacity change from 0 to 2048 [ 89.349113][T10438] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.364630][T10445] syz_tun: entered allmulticast mode [ 89.370256][T10445] syz_tun: left allmulticast mode [ 89.391698][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.393671][ T29] audit: type=1326 audit(1747882480.953:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10450 comm="syz.6.1949" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe83d0ee969 code=0x0 [ 89.416073][T10447] bond0: entered promiscuous mode [ 89.428854][T10447] bond0: entered allmulticast mode [ 89.434254][T10447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.447506][T10486] gtp0: entered promiscuous mode [ 89.474360][ T29] audit: type=1400 audit(1747882481.043:1900): avc: denied { create } for pid=10492 comm="syz.8.1952" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 89.501041][ T29] audit: type=1400 audit(1747882481.043:1901): avc: denied { write } for pid=10492 comm="syz.8.1952" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 89.734911][T10513] syz_tun: entered allmulticast mode [ 89.740589][T10513] syz_tun: left allmulticast mode [ 89.798307][ T29] audit: type=1400 audit(1747882481.363:1902): avc: denied { setopt } for pid=10516 comm="syz.4.1962" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 89.798451][T10517] Cannot find del_set index 0 as target [ 89.963858][ T29] audit: type=1400 audit(1747882481.533:1903): avc: denied { append } for pid=10526 comm="syz.4.1967" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 89.997058][T10527] program syz.4.1967 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 90.158793][T10555] __nla_validate_parse: 3 callbacks suppressed [ 90.158805][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1970'. [ 90.174050][T10555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1970'. [ 90.217415][ T29] audit: type=1326 audit(1747882481.783:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10558 comm="syz.4.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 90.249545][ T29] audit: type=1326 audit(1747882481.783:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10558 comm="syz.4.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 90.273112][ T29] audit: type=1326 audit(1747882481.783:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10558 comm="syz.4.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 90.296619][ T29] audit: type=1326 audit(1747882481.783:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10558 comm="syz.4.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 90.343295][T10564] Cannot find del_set index 0 as target [ 90.478375][T10575] loop8: detected capacity change from 0 to 2048 [ 90.496119][T10575] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 90.528871][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.557621][T10591] syzkaller1: entered promiscuous mode [ 90.563242][T10591] syzkaller1: entered allmulticast mode [ 90.613856][T10599] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1984'. [ 90.647143][T10601] bond2: entered promiscuous mode [ 90.652305][T10601] bond2: entered allmulticast mode [ 90.699798][T10601] 8021q: adding VLAN 0 to HW filter on device bond2 [ 90.735885][T10601] bond2 (unregistering): Released all slaves [ 90.855528][T10689] netlink: 'syz.6.1996': attribute type 10 has an invalid length. [ 90.863429][T10689] netlink: 2 bytes leftover after parsing attributes in process `syz.6.1996'. [ 90.956621][T10700] Cannot find del_set index 0 as target [ 90.990816][T10710] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 91.127305][T10737] bond2: entered promiscuous mode [ 91.132485][T10737] bond2: entered allmulticast mode [ 91.138195][T10737] 8021q: adding VLAN 0 to HW filter on device bond2 [ 91.147975][T10737] bond2 (unregistering): Released all slaves [ 91.221308][T10828] vlan3: entered allmulticast mode [ 91.226985][T10828] dummy0: entered allmulticast mode [ 91.242859][T10832] loop8: detected capacity change from 0 to 128 [ 91.250066][T10832] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 91.262142][T10832] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 91.462240][T10853] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2021'. [ 91.488403][T10855] loop8: detected capacity change from 0 to 512 [ 91.497325][T10855] EXT4-fs error (device loop8): ext4_iget_extra_inode:4693: inode #15: comm syz.8.2022: corrupted in-inode xattr: invalid ea_ino [ 91.511617][T10855] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.2022: couldn't read orphan inode 15 (err -117) [ 91.525892][T10855] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 91.550893][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.872390][T10896] loop6: detected capacity change from 0 to 2048 [ 91.959125][T10910] bond1: entered promiscuous mode [ 91.964314][T10910] bond1: entered allmulticast mode [ 91.969826][T10910] 8021q: adding VLAN 0 to HW filter on device bond1 [ 91.996743][T10910] bond1 (unregistering): Released all slaves [ 92.011642][T10949] pim6reg: entered allmulticast mode [ 92.019016][T10949] pim6reg: left allmulticast mode [ 92.030757][T10981] vlan2: entered allmulticast mode [ 92.036746][T10981] dummy0: entered allmulticast mode [ 92.159182][T11006] loop8: detected capacity change from 0 to 2048 [ 92.202687][T11006] loop8: p1 < > p4 [ 92.208826][T11006] loop8: p4 size 8388608 extends beyond EOD, truncated [ 92.222635][T11023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2058'. [ 92.289522][T11033] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 92.299926][T11035] xt_hashlimit: max too large, truncated to 1048576 [ 92.328341][T11037] vlan1: entered allmulticast mode [ 92.333669][T11037] dummy0: entered allmulticast mode [ 92.368895][T11045] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2064'. [ 92.475343][T11059] loop8: detected capacity change from 0 to 2048 [ 92.482002][T11061] loop5: detected capacity change from 0 to 2048 [ 92.507614][T11061] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 92.551639][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.668784][T11092] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2074'. [ 92.749966][T11109] pim6reg: entered allmulticast mode [ 92.756949][T11109] pim6reg: left allmulticast mode [ 92.811301][T11119] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2082'. [ 92.951227][T11135] netlink: 596 bytes leftover after parsing attributes in process `syz.0.2089'. [ 93.039974][T11144] vhci_hcd: invalid port number 96 [ 93.045270][T11144] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 93.210718][ T29] kauditd_printk_skb: 432 callbacks suppressed [ 93.210754][ T29] audit: type=1326 audit(1747882484.773:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd8c7d35927 code=0x7ffc0000 [ 93.240992][ T29] audit: type=1326 audit(1747882484.803:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8c7cdab39 code=0x7ffc0000 [ 93.264457][ T29] audit: type=1326 audit(1747882484.803:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd8c7d35927 code=0x7ffc0000 [ 93.287983][ T29] audit: type=1326 audit(1747882484.803:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8c7cdab39 code=0x7ffc0000 [ 93.311442][ T29] audit: type=1326 audit(1747882484.803:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd8c7d35927 code=0x7ffc0000 [ 93.334869][ T29] audit: type=1326 audit(1747882484.803:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8c7cdab39 code=0x7ffc0000 [ 93.358444][ T29] audit: type=1326 audit(1747882484.803:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 93.382077][ T29] audit: type=1326 audit(1747882484.883:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd8c7d35927 code=0x7ffc0000 [ 93.405562][ T29] audit: type=1326 audit(1747882484.883:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd8c7cdab39 code=0x7ffc0000 [ 93.429033][ T29] audit: type=1326 audit(1747882484.883:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11153 comm="syz.0.2098" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 93.464025][T11169] program syz.8.2103 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 93.502414][T11175] loop5: detected capacity change from 0 to 512 [ 93.514621][T11175] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2107: bg 0: block 248: padding at end of block bitmap is not set [ 93.529450][T11173] bond0: (slave bond_slave_0): Releasing backup interface [ 93.541648][T11175] EXT4-fs error (device loop5): ext4_acquire_dquot:6935: comm syz.5.2107: Failed to acquire dquot type 1 [ 93.553361][T11173] bond0: (slave bond_slave_1): Releasing backup interface [ 93.566172][T11173] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.573716][T11173] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.582335][T11175] EXT4-fs (loop5): 1 truncate cleaned up [ 93.588294][T11175] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.601016][T11175] ext4 filesystem being mounted at /370/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.613560][T11173] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 93.621032][T11173] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.623234][T11175] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.683731][T11173] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 93.690823][T11173] batman_adv: batadv0: Removing interface: ip6gretap1 [ 93.824040][T11202] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 94.017483][T11230] loop6: detected capacity change from 0 to 2048 [ 94.034262][T11230] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 94.064904][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.207062][T11254] loop5: detected capacity change from 0 to 2048 [ 94.219647][T11265] futex_wake_op: syz.0.2129 tries to shift op by -1; fix this program [ 94.252470][T11254] loop5: p1 < > p4 [ 94.256827][T11254] loop5: p4 size 8388608 extends beyond EOD, truncated [ 94.283268][T11273] netlink: 'syz.6.2132': attribute type 1 has an invalid length. [ 95.210063][T11404] rdma_op ffff88812ed6d180 conn xmit_rdma 0000000000000000 [ 95.505074][T11417] __nla_validate_parse: 7 callbacks suppressed [ 95.505089][T11417] netlink: 64 bytes leftover after parsing attributes in process `syz.8.2172'. [ 95.608704][T11430] loop8: detected capacity change from 0 to 512 [ 95.624296][T11430] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.2178: bg 0: block 248: padding at end of block bitmap is not set [ 95.639264][T11430] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.2178: Failed to acquire dquot type 1 [ 95.653171][T11430] EXT4-fs (loop8): 1 truncate cleaned up [ 95.659417][T11430] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.676952][T11430] ext4 filesystem being mounted at /171/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.690169][T11430] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.735324][T11444] loop8: detected capacity change from 0 to 2048 [ 95.762720][T11444] loop8: p1 < > p4 [ 95.767087][T11444] loop8: p4 size 8388608 extends beyond EOD, truncated [ 95.889274][T11466] SELinux: failed to load policy [ 96.369782][T11489] program syz.6.2196 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.248468][T11562] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2225'. [ 97.639456][T11635] loop5: detected capacity change from 0 to 512 [ 97.680704][T11635] EXT4-fs (loop5): 1 orphan inode deleted [ 97.689491][T11635] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.703342][ T4344] EXT4-fs error (device loop5): ext4_release_dquot:6971: comm kworker/u8:18: Failed to release dquot type 1 [ 97.715434][T11635] ext4 filesystem being mounted at /394/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.753330][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.833552][T11670] ipip0: entered promiscuous mode [ 98.027300][T11696] bridge_slave_0: left allmulticast mode [ 98.033030][T11696] bridge_slave_0: left promiscuous mode [ 98.038789][T11696] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.048283][T11696] bridge_slave_1: left allmulticast mode [ 98.054076][T11696] bridge_slave_1: left promiscuous mode [ 98.059783][T11696] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.079404][T11696] bond0: (slave bond_slave_0): Releasing backup interface [ 98.090084][T11696] bond0: (slave bond_slave_1): Releasing backup interface [ 98.103691][T11696] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.111121][T11696] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.121467][T11696] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.129104][T11696] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.357289][T11731] loop5: detected capacity change from 0 to 128 [ 98.380479][T11731] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 98.388382][T11731] FAT-fs (loop5): Filesystem has been set read-only [ 98.407233][T11731] syz.5.2286: attempt to access beyond end of device [ 98.407233][T11731] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 98.421577][T11731] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 98.429618][T11731] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 98.438782][T11731] syz.5.2286: attempt to access beyond end of device [ 98.438782][T11731] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 98.453699][T11731] syz.5.2286: attempt to access beyond end of device [ 98.453699][T11731] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 98.467084][T11731] syz.5.2286: attempt to access beyond end of device [ 98.467084][T11731] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 98.486245][T11731] syz.5.2286: attempt to access beyond end of device [ 98.486245][T11731] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 98.534132][ T10] Process accounting resumed [ 98.581428][T11745] : (slave bond_slave_0): Releasing backup interface [ 98.592415][T11745] : (slave bond_slave_1): Releasing backup interface [ 98.603963][T11745] team0: Port device team_slave_0 removed [ 98.613865][T11745] team0: Port device team_slave_1 removed [ 98.621343][T11745] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.628882][T11745] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.637717][T11745] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.645375][T11745] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.665869][T11745] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 98.673051][T11745] batman_adv: batadv0: Removing interface: ip6gretap1 [ 99.612799][T11779] loop6: detected capacity change from 0 to 512 [ 99.619780][T11779] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 99.648581][T11779] EXT4-fs (loop6): 1 truncate cleaned up [ 99.655289][T11779] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 99.674742][ T29] kauditd_printk_skb: 311 callbacks suppressed [ 99.674757][ T29] audit: type=1400 audit(1747882491.243:2656): avc: denied { write } for pid=11782 comm="syz.5.2307" name="usbmon6" dev="devtmpfs" ino=160 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 99.742443][ T29] audit: type=1400 audit(1747882491.313:2657): avc: denied { map } for pid=11778 comm="syz.6.2306" path="/287/bus/memory.current" dev="loop6" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 99.847658][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.104847][T11833] rdma_op ffff88813d732180 conn xmit_rdma 0000000000000000 [ 100.163627][T11837] vhci_hcd: invalid port number 224 [ 100.182098][T11843] loop5: detected capacity change from 0 to 2048 [ 100.212110][T11843] loop5: p1 < > p4 [ 100.216649][T11843] loop5: p4 size 8388608 extends beyond EOD, truncated [ 100.296540][T11867] geneve2: entered promiscuous mode [ 100.361522][T11886] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2340'. [ 100.371258][T11885] xt_hashlimit: size too large, truncated to 1048576 [ 100.468781][T11899] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2345'. [ 100.470955][ T29] audit: type=1326 audit(1747882492.033:2658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.501344][ T29] audit: type=1326 audit(1747882492.033:2659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.524858][ T29] audit: type=1326 audit(1747882492.033:2660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.548402][ T29] audit: type=1326 audit(1747882492.033:2661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.571959][ T29] audit: type=1326 audit(1747882492.033:2662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.651574][T11923] loop6: detected capacity change from 0 to 128 [ 100.680923][T11923] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 100.696285][ T29] audit: type=1326 audit(1747882492.163:2663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.719894][ T29] audit: type=1326 audit(1747882492.173:2664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.743425][ T29] audit: type=1326 audit(1747882492.173:2665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11900 comm="syz.0.2346" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 100.751650][T11923] ext4 filesystem being mounted at /296/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 100.814162][T11938] SELinux: security policydb version 18 (MLS) not backwards compatible [ 100.822588][T11938] SELinux: failed to load policy [ 100.905632][ T6004] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 100.932467][T11950] futex_wake_op: syz.4.2359 tries to shift op by -1; fix this program [ 100.972939][T11950] smc: net device bond0 applied user defined pnetid SYZ2 [ 101.051261][T11956] SELinux: failed to load policy [ 101.100387][T11965] ALSA: seq fatal error: cannot create timer (-19) [ 101.116285][T11974] loop5: detected capacity change from 0 to 512 [ 101.137002][T11974] EXT4-fs: Ignoring removed oldalloc option [ 101.179289][T11974] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 101.213419][T11974] EXT4-fs error (device loop5): __ext4_fill_super:5502: inode #2: comm syz.5.2368: iget: special inode unallocated [ 101.250152][T11974] EXT4-fs (loop5): get root inode failed [ 101.255831][T11974] EXT4-fs (loop5): mount failed [ 101.461945][T12025] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2385'. [ 101.605872][T12040] hub 2-0:1.0: USB hub found [ 101.625084][T12040] hub 2-0:1.0: 8 ports detected [ 101.670654][T12054] loop6: detected capacity change from 0 to 512 [ 101.779999][T12067] pim6reg1: entered promiscuous mode [ 101.785385][T12067] pim6reg1: entered allmulticast mode [ 102.026431][T12094] netlink: 'syz.8.2409': attribute type 2 has an invalid length. [ 102.492533][T12144] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 102.708801][T12185] loop5: detected capacity change from 0 to 512 [ 102.719881][T12185] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 overlaps block group descriptors [ 102.730708][T12185] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 2)! [ 102.740834][T12185] EXT4-fs (loop5): group descriptors corrupted! [ 102.805385][T12200] vlan3: entered allmulticast mode [ 102.810535][T12200] batadv0: entered allmulticast mode [ 102.942302][ C1] vcan0: j1939_tp_rxtimer: 0xffff8881193b3a00: rx timeout, send abort [ 102.950563][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8881193b3a00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 103.010340][T12240] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 103.085535][T12256] random: crng reseeded on system resumption [ 103.158757][T12262] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 103.166268][T12262] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 103.228072][T12269] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2470'. [ 103.285356][T12279] loop5: detected capacity change from 0 to 164 [ 103.305568][T12279] Unable to read rock-ridge attributes [ 103.314587][T12279] Unable to read rock-ridge attributes [ 103.583452][T12351] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2494'. [ 103.697631][T12375] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2487'. [ 103.771825][T12382] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2507'. [ 103.793290][T12312] netlink: 'syz.8.2487': attribute type 4 has an invalid length. [ 103.842217][T12393] netlink: 'syz.4.2514': attribute type 1 has an invalid length. [ 103.945035][T12393] gretap1: entered allmulticast mode [ 103.974732][T12393] bond1: (slave gretap1): making interface the new active one [ 103.983900][T12393] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 104.149500][T12471] ref_ctr_offset mismatch. inode: 0x565 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x2000000004c0 [ 104.381547][T12521] loop6: detected capacity change from 0 to 1024 [ 104.422219][T12521] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.435573][T12521] ext4 filesystem being mounted at /336/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.448172][T12535] SELinux: wޣ (12535) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 104.497473][T12533] loop8: detected capacity change from 0 to 512 [ 104.505303][T12539] loop5: detected capacity change from 0 to 2048 [ 104.512803][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.528547][T12533] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 104.555887][T12533] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.2550: bad orphan inode 131083 [ 104.580122][T12533] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.580702][T12539] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.657204][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.787839][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.828410][T12572] loop8: detected capacity change from 0 to 512 [ 104.856332][T12572] EXT4-fs (loop8): orphan cleanup on readonly fs [ 104.874297][T12572] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.2564: bg 0: block 248: padding at end of block bitmap is not set [ 104.890478][T12572] __quota_error: 106 callbacks suppressed [ 104.890528][T12572] Quota error (device loop8): write_blk: dquota write failed [ 104.904154][T12572] Quota error (device loop8): qtree_write_dquot: Error -117 occurred while creating quota [ 104.914268][T12572] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.2564: Failed to acquire dquot type 1 [ 104.929829][T12572] EXT4-fs (loop8): 1 truncate cleaned up [ 104.938081][T12572] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 104.960455][T12572] EXT4-fs (loop8): warning: mounting fs with errors, running e2fsck is recommended [ 104.981238][T12588] ref_ctr_offset mismatch. inode: 0xaff offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x2000000004c0 [ 105.003229][T12572] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 105.015584][T12596] Quota error (device loop8): find_tree_dqentry: Cycle in quota tree detected: block 2 index 2 [ 105.025967][T12596] Quota error (device loop8): qtree_read_dquot: Can't read quota structure for id 131074 [ 105.035838][T12596] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.2564: Failed to acquire dquot type 1 [ 105.073614][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.115947][T12602] ip6gre1: entered promiscuous mode [ 105.133479][T12609] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2572'. [ 105.164925][ T29] audit: type=1326 audit(1747882496.733:2772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12613 comm="syz.5.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 105.209911][T12618] netlink: 156 bytes leftover after parsing attributes in process `syz.8.2579'. [ 105.210047][ T29] audit: type=1326 audit(1747882496.763:2773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12613 comm="syz.5.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 105.228714][T12616] bond1: entered promiscuous mode [ 105.242497][ T29] audit: type=1326 audit(1747882496.763:2774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12613 comm="syz.5.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 105.247482][T12616] bond1: entered allmulticast mode [ 105.270938][ T29] audit: type=1326 audit(1747882496.763:2775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12613 comm="syz.5.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 105.270973][ T29] audit: type=1326 audit(1747882496.763:2776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12613 comm="syz.5.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 105.300932][T12616] 8021q: adding VLAN 0 to HW filter on device bond1 [ 105.323586][ T29] audit: type=1326 audit(1747882496.763:2777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12613 comm="syz.5.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 105.353764][T12618] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2579'. [ 105.375561][T12616] bond1 (unregistering): Released all slaves [ 105.513536][T12717] netlink: 180 bytes leftover after parsing attributes in process `syz.6.2586'. [ 105.622400][T12736] loop5: detected capacity change from 0 to 1024 [ 105.672709][T12736] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.689294][T12736] ext4 filesystem being mounted at /479/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.766657][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.415375][T12892] hub 9-0:1.0: USB hub found [ 106.425649][T12892] hub 9-0:1.0: 8 ports detected [ 106.459510][T12896] bond2: entered promiscuous mode [ 106.464616][T12896] bond2: entered allmulticast mode [ 106.505437][T12932] netlink: 'syz.6.2617': attribute type 6 has an invalid length. [ 106.514568][T12896] 8021q: adding VLAN 0 to HW filter on device bond2 [ 106.518967][T12934] loop8: detected capacity change from 0 to 512 [ 106.524937][T12799] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2603'. [ 106.528282][T12934] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 106.548131][T12896] bond2 (unregistering): Released all slaves [ 106.561440][T12934] EXT4-fs (loop8): 1 truncate cleaned up [ 106.567792][T12934] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.570238][T12799] netlink: 'syz.0.2603': attribute type 4 has an invalid length. [ 106.725302][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.740447][T12984] vlan2: entered allmulticast mode [ 106.745709][T12984] bridge_slave_0: entered allmulticast mode [ 106.819412][T12999] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2627'. [ 106.828444][T12999] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2627'. [ 106.838954][T12999] netlink: 204 bytes leftover after parsing attributes in process `syz.8.2627'. [ 106.903743][T13006] loop6: detected capacity change from 0 to 2048 [ 106.942279][T13015] rdma_op ffff88811d471180 conn xmit_rdma 0000000000000000 [ 106.949978][T13006] loop6: p1 < > p4 [ 106.962471][T13006] loop6: p4 size 8388608 extends beyond EOD, truncated [ 106.992201][T13024] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2635'. [ 107.030775][T13033] netlink: 'syz.8.2639': attribute type 6 has an invalid length. [ 107.178113][T13069] loop8: detected capacity change from 0 to 1024 [ 107.195863][T13069] EXT4-fs: Ignoring removed bh option [ 107.201529][T13069] EXT4-fs: inline encryption not supported [ 107.207419][T13069] EXT4-fs: Ignoring removed i_version option [ 107.214982][T13069] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 107.227077][T13069] EXT4-fs error (device loop8): ext4_map_blocks:709: inode #3: block 1: comm syz.8.2652: lblock 1 mapped to illegal pblock 1 (length 1) [ 107.246741][T13069] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.2652: Failed to acquire dquot type 0 [ 107.260126][T13069] EXT4-fs error (device loop8): ext4_free_blocks:6587: comm syz.8.2652: Freeing blocks not in datazone - block = 0, count = 4096 [ 107.275152][T13069] EXT4-fs error (device loop8): ext4_read_inode_bitmap:139: comm syz.8.2652: Invalid inode bitmap blk 0 in block_group 0 [ 107.287921][T13069] EXT4-fs error (device loop8) in ext4_free_inode:361: Corrupt filesystem [ 107.298028][T13069] EXT4-fs (loop8): 1 orphan inode deleted [ 107.301802][ T12] EXT4-fs error (device loop8): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1) [ 107.308284][T13069] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.347217][ T12] EXT4-fs error (device loop8): ext4_release_dquot:6971: comm kworker/u8:0: Failed to release dquot type 0 [ 107.371448][T13069] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.605553][T13135] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2686'. [ 107.614566][T13135] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2686'. [ 107.673157][T13137] 9pnet_fd: Insufficient options for proto=fd [ 107.705978][T13145] loop8: detected capacity change from 0 to 2048 [ 107.752271][T13145] loop8: p1 < > p4 [ 107.757312][T13145] loop8: p4 size 8388608 extends beyond EOD, truncated [ 107.834549][T13168] futex_wake_op: syz.6.2687 tries to shift op by -1; fix this program [ 108.390869][T13187] ALSA: seq fatal error: cannot create timer (-19) [ 108.427194][T13200] netlink: 'syz.6.2700': attribute type 1 has an invalid length. [ 108.435050][T13200] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2700'. [ 108.538748][T13226] hub 9-0:1.0: USB hub found [ 108.545890][T13226] hub 9-0:1.0: 8 ports detected [ 108.556672][T13234] loop6: detected capacity change from 0 to 128 [ 108.565760][T13233] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 108.573627][T13233] FAT-fs (loop6): Filesystem has been set read-only [ 108.580407][T13233] syz.6.2712: attempt to access beyond end of device [ 108.580407][T13233] loop6: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 108.594613][T13233] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 108.602570][T13233] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 108.613244][T13234] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 108.621243][T13234] syz.6.2712: attempt to access beyond end of device [ 108.621243][T13234] loop6: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 108.635143][T13234] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 108.643069][T13234] FAT-fs (loop6): error, invalid access to FAT (entry 0x00000100) [ 108.651104][T13234] syz.6.2712: attempt to access beyond end of device [ 108.651104][T13234] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 108.664515][T13234] syz.6.2712: attempt to access beyond end of device [ 108.664515][T13234] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 108.678231][T13234] syz.6.2712: attempt to access beyond end of device [ 108.678231][T13234] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 108.691613][T13234] syz.6.2712: attempt to access beyond end of device [ 108.691613][T13234] loop6: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 109.282541][T13248] pim6reg1: entered promiscuous mode [ 109.287890][T13248] pim6reg1: entered allmulticast mode [ 109.421534][T13297] netlink: 'syz.4.2729': attribute type 12 has an invalid length. [ 109.470361][T13305] loop6: detected capacity change from 0 to 2048 [ 109.486781][T13309] loop8: detected capacity change from 0 to 2048 [ 109.497266][T13305] EXT4-fs: Ignoring removed i_version option [ 109.498533][T13314] netlink: 'syz.4.2737': attribute type 1 has an invalid length. [ 109.503390][T13305] ext4: Unknown parameter 'obj_role' [ 109.531617][T13314] bond2: (slave gretap2): making interface the new active one [ 109.539892][T13314] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 109.552179][T13309] loop8: p1 < > p4 [ 109.560311][T13309] loop8: p4 size 8388608 extends beyond EOD, truncated [ 109.709682][T13390] vhci_hcd: invalid port number 65 [ 109.748986][T13397] block device autoloading is deprecated and will be removed. [ 109.758262][T13397] syz.8.2754: attempt to access beyond end of device [ 109.758262][T13397] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 109.821554][T13404] IPVS: stopping master sync thread 13406 ... [ 109.821875][T13406] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 109.900666][ T29] kauditd_printk_skb: 188 callbacks suppressed [ 109.900682][ T29] audit: type=1326 audit(1747882501.463:2963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6d8c7b5927 code=0x7ffc0000 [ 109.932362][ T29] audit: type=1326 audit(1747882501.463:2964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d8c75ab39 code=0x7ffc0000 [ 109.956133][ T29] audit: type=1326 audit(1747882501.473:2965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 109.979677][ T29] audit: type=1326 audit(1747882501.493:2966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6d8c7b5927 code=0x7ffc0000 [ 110.003239][ T29] audit: type=1326 audit(1747882501.493:2967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d8c75ab39 code=0x7ffc0000 [ 110.027018][ T29] audit: type=1326 audit(1747882501.493:2968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 110.050886][ T29] audit: type=1326 audit(1747882501.493:2969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6d8c7b5927 code=0x7ffc0000 [ 110.074516][ T29] audit: type=1326 audit(1747882501.493:2970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f6d8c75ab39 code=0x7ffc0000 [ 110.097991][ T29] audit: type=1326 audit(1747882501.493:2971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 110.122054][ T29] audit: type=1326 audit(1747882501.513:2972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13382 comm="syz.5.2746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6d8c7b5927 code=0x7ffc0000 [ 110.147638][T13423] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 110.171826][T13423] SELinux: failed to load policy [ 110.192398][T13427] smc: net device bond0 erased user defined pnetid SYZ2 [ 110.511041][T13493] netlink: 'syz.0.2785': attribute type 9 has an invalid length. [ 110.518839][T13493] netlink: 371 bytes leftover after parsing attributes in process `syz.0.2785'. [ 110.544331][T13497] loop8: detected capacity change from 0 to 2048 [ 110.560119][T13497] EXT4-fs: Ignoring removed i_version option [ 110.575961][T13497] ext4: Unknown parameter 'obj_role' [ 110.623605][T13514] netlink: 76 bytes leftover after parsing attributes in process `syz.8.2793'. [ 110.660928][T13521] loop6: detected capacity change from 0 to 1024 [ 110.668430][T13521] EXT4-fs: Ignoring removed bh option [ 110.692583][T13521] EXT4-fs: inline encryption not supported [ 110.698438][T13521] EXT4-fs: Ignoring removed i_version option [ 110.719485][T13521] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 110.741280][T13521] EXT4-fs error (device loop6): ext4_map_blocks:709: inode #3: block 1: comm syz.6.2796: lblock 1 mapped to illegal pblock 1 (length 1) [ 110.784170][T13521] EXT4-fs error (device loop6): ext4_acquire_dquot:6935: comm syz.6.2796: Failed to acquire dquot type 0 [ 110.793912][T13559] netlink: 'syz.8.2803': attribute type 1 has an invalid length. [ 110.809067][T13521] EXT4-fs error (device loop6): ext4_free_blocks:6587: comm syz.6.2796: Freeing blocks not in datazone - block = 0, count = 4096 [ 110.822872][T13521] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.2796: Invalid inode bitmap blk 0 in block_group 0 [ 110.837438][T13521] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem [ 110.846056][ T4336] EXT4-fs error (device loop6): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:10: lblock 1 mapped to illegal pblock 1 (length 1) [ 110.872035][ T4336] EXT4-fs error (device loop6): ext4_release_dquot:6971: comm kworker/u8:10: Failed to release dquot type 0 [ 110.883612][T13521] EXT4-fs (loop6): 1 orphan inode deleted [ 110.889717][T13521] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.895554][T13577] bond2: (slave gretap1): making interface the new active one [ 110.910810][T13521] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.920728][T13577] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 110.995419][T13610] netlink: 'syz.5.2809': attribute type 33 has an invalid length. [ 111.202959][T13658] netlink: 'syz.5.2818': attribute type 1 has an invalid length. [ 111.243045][T13658] bond1: (slave gretap1): making interface the new active one [ 111.260218][T13658] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 111.590309][T13744] __nla_validate_parse: 2 callbacks suppressed [ 111.590327][T13744] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2839'. [ 111.725456][T13758] netlink: 288 bytes leftover after parsing attributes in process `syz.5.2846'. [ 111.780124][T13748] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 111.964075][T13782] netlink: 664 bytes leftover after parsing attributes in process `syz.4.2853'. [ 112.086925][T13802] loop8: detected capacity change from 0 to 1024 [ 112.097542][T13802] EXT4-fs: Ignoring removed nobh option [ 112.103198][T13802] EXT4-fs: Ignoring removed bh option [ 112.120986][T13798] loop6: detected capacity change from 0 to 527 [ 112.128153][T13802] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.148291][T13798] EXT4-fs (loop6): failed to parse options in superblock:  [ 112.161202][T13798] EXT4-fs (loop6): Unsupported encryption level 4 [ 112.194824][T13802] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.2862: Allocating blocks 497-513 which overlap fs metadata [ 112.197409][T13817] netlink: 'syz.0.2868': attribute type 13 has an invalid length. [ 112.223766][T13802] EXT4-fs (loop8): pa ffff888105786770: logic 1, phys. 321, len 12 [ 112.231724][T13802] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5364: group 0, free 1, pa_free 2 [ 112.242584][T13802] EXT4-fs error (device loop8): mb_free_blocks:1948: group 0, inode 15: block 321:freeing already freed block (bit 20); block bitmap corrupt. [ 112.259999][T13821] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2870'. [ 112.292489][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.360983][T13817] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.370256][T13817] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.379288][T13817] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.388314][T13817] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.404626][T13821] batadv1: entered promiscuous mode [ 112.409928][T13821] batadv1: entered allmulticast mode [ 112.571149][T13873] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2879'. [ 112.602684][T13876] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2881'. [ 112.611573][T13876] policy can only be matched on NF_INET_PRE_ROUTING [ 112.611584][T13876] unable to load match [ 112.894274][T13921] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2895'. [ 112.965522][T13934] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 112.982389][T13935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2899'. [ 113.026283][T13941] loop8: detected capacity change from 0 to 1024 [ 113.034248][T13941] EXT4-fs: Ignoring removed orlov option [ 113.044364][T13941] EXT4-fs (loop8): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 113.065893][T13941] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.234316][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.513833][T13996] netlink: 'syz.6.2923': attribute type 33 has an invalid length. [ 113.521866][T13996] netlink: 152 bytes leftover after parsing attributes in process `syz.6.2923'. [ 113.536093][T13996] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2923'. [ 113.549389][T13994] netlink: 'syz.5.2933': attribute type 1 has an invalid length. [ 113.647380][T14008] loop8: detected capacity change from 0 to 1024 [ 113.654719][T14008] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 113.789565][T14029] loop6: detected capacity change from 0 to 8192 [ 113.797374][T14029] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 113.843777][T14029] FAT-fs (loop6): error, fat_free_clusters: deleting FAT entry beyond EOF [ 113.852477][T14029] FAT-fs (loop6): Filesystem has been set read-only [ 113.943475][T14058] vhci_hcd: invalid port number 15 [ 113.948618][T14058] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 114.203281][T14094] 9pnet_fd: Insufficient options for proto=fd [ 114.706084][T14161] netlink: 'syz.6.2987': attribute type 13 has an invalid length. [ 114.775114][T14175] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14175 comm=syz.4.2991 [ 114.778512][T14161] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.794918][T14161] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.839065][T14161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.849574][T14161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.889653][T14161] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 114.906962][T14161] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.916025][T14161] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.925220][T14161] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.934300][T14161] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.032014][T14189] tipc: Started in network mode [ 115.036911][T14189] tipc: Node identity 4, cluster identity 4711 [ 115.043240][T14189] tipc: Node number set to 4 [ 115.051880][ T29] kauditd_printk_skb: 407 callbacks suppressed [ 115.051892][ T29] audit: type=1400 audit(1747883019.615:3377): avc: denied { ioctl } for pid=14185 comm="syz.0.3004" path="socket:[29777]" dev="sockfs" ino=29777 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 115.213006][ T29] audit: type=1400 audit(1747883019.775:3378): avc: denied { cmd } for pid=14201 comm="syz.4.3001" path="socket:[28877]" dev="sockfs" ino=28877 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 115.331498][T14211] SELinux: Context is not valid (left unmapped). [ 115.658805][T14237] futex_wake_op: syz.0.3014 tries to shift op by -1; fix this program [ 115.669939][T14238] loop8: detected capacity change from 0 to 256 [ 115.691091][ T29] audit: type=1326 audit(1747883020.245:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.696564][T14238] FAT-fs (loop8): bogus number of FAT sectors [ 115.714674][ T29] audit: type=1326 audit(1747883020.245:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.720755][T14238] FAT-fs (loop8): Can't find a valid FAT filesystem [ 115.751508][ T29] audit: type=1326 audit(1747883020.245:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.775111][ T29] audit: type=1326 audit(1747883020.245:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14240 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f6d8c7f1225 code=0x7ffc0000 [ 115.798618][ T29] audit: type=1326 audit(1747883020.245:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.822120][ T29] audit: type=1326 audit(1747883020.255:3384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.845705][ T29] audit: type=1326 audit(1747883020.255:3385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.869260][ T29] audit: type=1326 audit(1747883020.255:3386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14235 comm="syz.5.3017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d8c7be969 code=0x7ffc0000 [ 115.950114][T14255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.968853][T14255] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.985121][T14269] hub 9-0:1.0: USB hub found [ 115.989847][T14266] loop8: detected capacity change from 0 to 256 [ 115.996237][T14269] hub 9-0:1.0: 8 ports detected [ 116.002264][T14266] FAT-fs (loop8): bogus number of FAT sectors [ 116.008364][T14266] FAT-fs (loop8): Can't find a valid FAT filesystem [ 116.472464][T14341] @: renamed from bond_slave_0 [ 116.547160][T14344] openvswitch: netlink: Message has 6 unknown bytes. [ 116.620656][T14355] __nla_validate_parse: 3 callbacks suppressed [ 116.620668][T14355] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3056'. [ 116.695899][T14372] netlink: 'syz.4.3059': attribute type 13 has an invalid length. [ 116.736542][T14380] loop8: detected capacity change from 0 to 1024 [ 116.832776][T14380] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.849563][T14372] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.858635][T14372] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.867779][T14372] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.876763][T14372] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.921410][T14380] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4113: comm syz.8.3063: Allocating blocks 449-513 which overlap fs metadata [ 116.964327][T14379] EXT4-fs (loop8): pa ffff888105798310: logic 48, phys. 177, len 21 [ 116.972471][T14379] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 117.024918][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.097069][T14413] syzkaller0: entered allmulticast mode [ 117.106130][T14413] syzkaller0 (unregistering): left allmulticast mode [ 117.165620][T14419] pim6reg: entered allmulticast mode [ 117.172767][T14419] pim6reg: left allmulticast mode [ 117.360394][T14455] loop8: detected capacity change from 0 to 1024 [ 117.394878][T14455] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.435624][T14460] IPVS: Error connecting to the multicast addr [ 117.445791][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.496929][T14471] pim6reg: entered allmulticast mode [ 117.521105][T14471] pim6reg: left allmulticast mode [ 117.614473][T14515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3098'. [ 117.773418][T14546] loop5: detected capacity change from 0 to 512 [ 117.784963][T14543] hub 6-0:1.0: USB hub found [ 117.789913][T14543] hub 6-0:1.0: 8 ports detected [ 117.797349][T14546] EXT4-fs error (device loop5): ext4_iget_extra_inode:4693: inode #15: comm syz.5.3110: corrupted in-inode xattr: invalid ea_ino [ 117.816852][T14546] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.3110: couldn't read orphan inode 15 (err -117) [ 117.869473][T14546] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.906786][T14557] futex_wake_op: syz.0.3115 tries to shift op by -1; fix this program [ 117.987784][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.036602][T14572] pim6reg1: entered promiscuous mode [ 118.042043][T14572] pim6reg1: entered allmulticast mode [ 118.156893][T14591] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 118.156893][T14591] program syz.4.3126 not setting count and/or reply_len properly [ 118.279439][T14609] loop6: detected capacity change from 0 to 256 [ 118.288084][T14609] FAT-fs (loop6): bogus number of FAT sectors [ 118.294258][T14609] FAT-fs (loop6): Can't find a valid FAT filesystem [ 118.399001][T14635] netlink: 'syz.5.3140': attribute type 13 has an invalid length. [ 118.513288][T14651] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3148'. [ 118.592936][T14657] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3151'. [ 118.644160][T14635] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.651496][T14663] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3151'. [ 118.653395][T14635] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.671146][T14635] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.680405][T14635] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.824399][T14666] hub 6-0:1.0: USB hub found [ 118.836822][T14666] hub 6-0:1.0: 8 ports detected [ 118.878179][T14686] loop5: detected capacity change from 0 to 256 [ 118.901829][T14686] FAT-fs (loop5): bogus number of FAT sectors [ 118.907938][T14686] FAT-fs (loop5): Can't find a valid FAT filesystem [ 118.946777][T14690] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 118.968206][T14690] SELinux: failed to load policy [ 118.986294][T14695] @: renamed from bond_slave_0 [ 119.011600][T14697] loop8: detected capacity change from 0 to 512 [ 119.024517][T14697] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 119.051328][T14697] EXT4-fs (loop8): 1 truncate cleaned up [ 119.099185][T14702] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3163'. [ 119.129068][T14697] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 119.193790][T14697] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.334841][T14725] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14725 comm=syz.8.3172 [ 119.373812][T14725] netlink: 'syz.8.3172': attribute type 1 has an invalid length. [ 119.426397][T14725] bond3: (slave gretap2): making interface the new active one [ 119.436653][T14725] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 119.579732][T14799] hub 6-0:1.0: USB hub found [ 119.598720][T14799] hub 6-0:1.0: 8 ports detected [ 119.671190][T14836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.687425][T14836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.449826][T14880] netlink: 'syz.8.3188': attribute type 13 has an invalid length. [ 120.527489][T14880] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.534769][T14880] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.577435][T14880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.587692][T14880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.620446][T14880] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.629393][T14880] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.638441][T14880] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.647337][T14880] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.677582][T14888] netlink: 292 bytes leftover after parsing attributes in process `syz.6.3195'. [ 120.729650][T14919] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3205'. [ 120.792314][T14941] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3210'. [ 120.900556][ T29] kauditd_printk_skb: 75 callbacks suppressed [ 120.900573][ T29] audit: type=1400 audit(1747883025.465:3462): avc: denied { write } for pid=14961 comm="syz.4.3216" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 120.941625][T14950] loop8: detected capacity change from 0 to 8192 [ 120.956178][T14950] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.014176][T14979] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3222'. [ 121.064124][T15001] netlink: 'syz.0.3227': attribute type 1 has an invalid length. [ 121.123173][T15012] 9pnet: p9_errstr2errno: server reported unknown error @pA;KZ44/@qkp [ 121.123173][T15012] C<+P5"kxU: [ 121.294944][ T29] audit: type=1326 audit(1747883025.865:3463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.318602][ T29] audit: type=1326 audit(1747883025.865:3464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.342148][ T29] audit: type=1326 audit(1747883025.865:3465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.365585][ T29] audit: type=1326 audit(1747883025.865:3466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.389065][ T29] audit: type=1326 audit(1747883025.865:3467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.412425][ T29] audit: type=1326 audit(1747883025.865:3468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.435951][ T29] audit: type=1326 audit(1747883025.865:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.459420][ T29] audit: type=1326 audit(1747883025.865:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.483053][ T29] audit: type=1326 audit(1747883025.865:3471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15024 comm="syz.4.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd92c77e969 code=0x7ffc0000 [ 121.678041][T15047] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3246'. [ 122.123947][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3262'. [ 122.132865][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3262'. [ 122.265961][T15103] netlink: 'syz.5.3266': attribute type 21 has an invalid length. [ 122.433484][T15140] dvmrp1: entered allmulticast mode [ 122.450585][T15140] dvmrp1: left allmulticast mode [ 122.618495][T15149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3278'. [ 122.656636][T15149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3278'. [ 122.985927][T15195] loop6: detected capacity change from 0 to 512 [ 123.008528][T15197] netlink: 4 bytes leftover after parsing attributes in process `+}[@'. [ 123.031081][T15197] netlink: 32 bytes leftover after parsing attributes in process `+}[@'. [ 123.060015][T15195] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.104150][T15195] ext4 filesystem being mounted at /488/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 123.117017][T15207] loop5: detected capacity change from 0 to 512 [ 123.149335][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.167228][T15207] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 123.203638][T15207] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 123.233578][T15207] EXT4-fs error (device loop5): ext4_iget_extra_inode:4693: inode #15: comm syz.5.3301: corrupted in-inode xattr: e_value size too large [ 123.264132][T15207] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.3301: couldn't read orphan inode 15 (err -117) [ 123.277050][T15207] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.358625][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.403667][T15242] netlink: 'syz.0.3313': attribute type 1 has an invalid length. [ 123.411458][T15242] netlink: 'syz.0.3313': attribute type 4 has an invalid length. [ 123.419443][T15242] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.3313'. [ 123.608807][T15267] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3323'. [ 123.621822][T15267] IPVS: Unknown mcast interface: vcan0 [ 123.797955][ T3392] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 123.812588][ T3392] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 123.831216][T15294] loop8: detected capacity change from 0 to 1024 [ 123.877391][T15318] netem: incorrect ge model size [ 123.882459][T15318] netem: change failed [ 124.008696][T15341] netlink: 'syz.4.3356': attribute type 298 has an invalid length. [ 124.031255][T15340] loop6: detected capacity change from 0 to 512 [ 124.045488][T15340] EXT4-fs (loop6): revision level too high, forcing read-only mode [ 124.053933][T15340] EXT4-fs (loop6): orphan cleanup on readonly fs [ 124.060727][T15340] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.3354: invalid indirect mapped block 256 (level 2) [ 124.075017][T15340] EXT4-fs (loop6): 2 truncates cleaned up [ 124.081144][T15340] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 124.108017][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.215818][T15374] bridge_slave_0: left allmulticast mode [ 124.221780][T15374] bridge_slave_0: left promiscuous mode [ 124.227547][T15374] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.237133][T15374] bridge_slave_1: left allmulticast mode [ 124.242840][T15374] bridge_slave_1: left promiscuous mode [ 124.248575][T15374] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.258765][T15374] bond0: (slave 5@): Releasing backup interface [ 124.266747][T15374] bond0: (slave bond_slave_1): Releasing backup interface [ 124.276225][T15374] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.284279][T15374] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.292005][T15374] batman_adv: batadv0: Removing interface: ip6gretap1 [ 124.314957][T15374] netlink: 'syz.6.3367': attribute type 10 has an invalid length. [ 124.324541][T15374] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 124.388535][ T3393] IPVS: starting estimator thread 0... [ 124.492188][T15427] IPVS: using max 2784 ests per chain, 139200 per kthread [ 124.711697][T15435] Set syz1 is full, maxelem 65536 reached [ 124.739620][T15453] program syz.5.3385 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 124.818341][T15458] netlink: 'syz.6.3387': attribute type 3 has an invalid length. [ 124.899272][T15465] sch_tbf: burst 3092 is lower than device lo mtu (65550) ! [ 125.203920][T15512] SELinux: Context system_u:object_r:mount_tmp_t:s0 is not valid (left unmapped). [ 125.763221][T15538] tipc: Enabling of bearer rejected, already enabled [ 125.942805][ T29] kauditd_printk_skb: 190 callbacks suppressed [ 125.942824][ T29] audit: type=1400 audit(1747883030.515:3662): avc: denied { module_request } for pid=15539 comm="syz.0.3422" kmod="arptable_vfat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 126.063191][ T29] audit: type=1400 audit(1747883030.625:3663): avc: denied { execute } for pid=15547 comm="syz.5.3426" name="file1" dev="tmpfs" ino=3240 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 126.085635][ T29] audit: type=1400 audit(1747883030.625:3664): avc: denied { execute_no_trans } for pid=15547 comm="syz.5.3426" path="/619/file1" dev="tmpfs" ino=3240 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 126.175388][ T29] audit: type=1400 audit(1747883030.635:3665): avc: denied { mount } for pid=15552 comm="syz.6.3428" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 126.352032][ T29] audit: type=1400 audit(1747883030.915:3666): avc: denied { create } for pid=15563 comm="syz.5.3434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 126.411902][ T29] audit: type=1400 audit(1747883030.925:3667): avc: denied { read write } for pid=15565 comm="syz.6.3435" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 126.435434][ T29] audit: type=1400 audit(1747883030.925:3668): avc: denied { open } for pid=15565 comm="syz.6.3435" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 126.458776][ T29] audit: type=1400 audit(1747883030.925:3669): avc: denied { ioctl } for pid=15565 comm="syz.6.3435" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 126.483534][ T29] audit: type=1400 audit(1747883030.965:3670): avc: denied { read } for pid=15569 comm="syz.0.3436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 126.554324][ T29] audit: type=1400 audit(1747883030.985:3671): avc: denied { create } for pid=15575 comm="syz.0.3438" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 126.574237][T15580] bond1: (slave gretap1): Releasing active interface [ 126.592418][T15580] netlink: 'syz.5.3440': attribute type 10 has an invalid length. [ 126.840590][T15652] bond1: (slave gretap1): Releasing active interface [ 126.860029][T15658] loop6: detected capacity change from 0 to 1024 [ 126.864616][T15652] bond2: (slave gretap2): Releasing active interface [ 126.885947][T15658] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.898998][T15663] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3461'. [ 126.919423][T15658] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4113: comm syz.6.3458: Allocating blocks 385-513 which overlap fs metadata [ 126.945461][T15658] EXT4-fs (loop6): pa ffff888105798310: logic 16, phys. 129, len 24 [ 126.945860][T15652] netlink: 'syz.4.3456': attribute type 10 has an invalid length. [ 126.953501][T15658] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 126.989397][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.105682][T15757] hub 4-0:1.0: USB hub found [ 127.110447][T15757] hub 4-0:1.0: 8 ports detected [ 127.190407][T15777] macvlan2: entered promiscuous mode [ 127.195779][T15777] macvlan2: entered allmulticast mode [ 127.201712][T15777] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 127.237807][T15785] loop9: detected capacity change from 0 to 7 [ 127.244364][T15785] Buffer I/O error on dev loop9, logical block 0, async page read [ 127.252474][T15785] Buffer I/O error on dev loop9, logical block 0, async page read [ 127.260319][T15785] loop9: unable to read partition table [ 127.266272][T15785] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 127.266272][T15785] U) failed (rc=-5) [ 127.339466][T15797] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3479'. [ 127.548543][T15851] tipc: Enabling of bearer rejected, failed to enable media [ 127.562846][T15857] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3490'. [ 127.569723][T15859] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3491'. [ 127.589526][T15859] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3491'. [ 127.691588][T15882] SELinux: policydb version 17152 does not match my version range 15-34 [ 127.700357][T15882] SELinux: failed to load policy [ 127.709728][T15884] syz_tun: entered allmulticast mode [ 127.721785][T15883] syz_tun: left allmulticast mode [ 127.777548][T15897] bridge_slave_0: left allmulticast mode [ 127.783351][T15897] bridge_slave_0: left promiscuous mode [ 127.789100][T15897] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.802418][T15897] bridge_slave_1: left allmulticast mode [ 127.808088][T15897] bridge_slave_1: left promiscuous mode [ 127.813937][T15897] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.826623][T15897] bond0: (slave bond_slave_0): Releasing backup interface [ 127.839820][T15897] bond0: (slave bond_slave_1): Releasing backup interface [ 127.869669][T15897] team0: Port device team_slave_0 removed [ 127.876994][T15897] team0: Port device team_slave_1 removed [ 127.884629][T15897] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.887596][T15915] netlink: 'syz.8.3504': attribute type 10 has an invalid length. [ 127.903291][T15897] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.919476][T15897] bond2: (slave gretap1): Releasing active interface [ 127.935829][T15897] bond3: (slave gretap2): Releasing active interface [ 127.957834][T15915] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 128.018479][T15968] loop8: detected capacity change from 0 to 512 [ 128.031908][T15968] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 128.050211][T15968] EXT4-fs (loop8): 1 truncate cleaned up [ 128.050507][T15970] pim6reg: entered allmulticast mode [ 128.064642][T15968] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.097493][T15970] pim6reg: left allmulticast mode [ 128.171072][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.189913][T15998] loop5: detected capacity change from 0 to 512 [ 128.203712][T15998] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 128.215293][T15998] EXT4-fs (loop5): 1 truncate cleaned up [ 128.221591][T15998] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.261144][T16008] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3527'. [ 128.271125][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.320997][T16020] netlink: 'syz.6.3530': attribute type 1 has an invalid length. [ 128.384852][T16020] bond3: entered promiscuous mode [ 128.389940][T16020] bond3: entered allmulticast mode [ 128.636096][T16150] loop5: detected capacity change from 0 to 1024 [ 128.682456][T16150] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.715609][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.231501][T16214] SELinux: failed to load policy [ 129.261216][T16219] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3574'. [ 129.346769][T16239] netlink: 75 bytes leftover after parsing attributes in process `syz.4.3579'. [ 129.419844][T16241] netlink: 'syz.4.3580': attribute type 13 has an invalid length. [ 129.593867][T16276] wg2: entered promiscuous mode [ 129.598838][T16276] wg2: entered allmulticast mode [ 129.649586][T16280] tipc: Enabling of bearer rejected, failed to enable media [ 129.678812][T16288] wg2: entered promiscuous mode [ 129.683796][T16288] wg2: entered allmulticast mode [ 130.688384][T16393] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3627'. [ 130.711973][T16393] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3627'. [ 130.811999][T16415] Falling back ldisc for ttyS3. [ 130.967253][T16456] SELinux: failed to load policy [ 131.079293][ T29] kauditd_printk_skb: 205 callbacks suppressed [ 131.079324][ T29] audit: type=1400 audit(1747883035.645:3877): avc: denied { create } for pid=16465 comm="syz.6.3648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 131.105550][ T29] audit: type=1400 audit(1747883035.645:3878): avc: denied { write } for pid=16465 comm="syz.6.3648" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 131.193598][ T29] audit: type=1326 audit(1747883035.705:3879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16470 comm="syz.0.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 131.217304][ T29] audit: type=1326 audit(1747883035.705:3880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16470 comm="syz.0.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 131.241756][ T29] audit: type=1326 audit(1747883035.705:3881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16470 comm="syz.0.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 131.265450][ T29] audit: type=1326 audit(1747883035.705:3882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16470 comm="syz.0.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 131.289035][ T29] audit: type=1326 audit(1747883035.705:3883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16470 comm="syz.0.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8c7d3e969 code=0x7ffc0000 [ 131.316403][ T29] audit: type=1400 audit(1747883035.805:3884): avc: denied { write } for pid=16480 comm="syz.6.3654" faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 131.337396][ T29] audit: type=1400 audit(1747883035.815:3885): avc: denied { mounton } for pid=16478 comm="syz.0.3653" path="/503/file0" dev="tmpfs" ino=2616 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 131.363187][ T29] audit: type=1400 audit(1747883035.935:3886): avc: denied { write } for pid=16482 comm="syz.6.3655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 132.016047][T16527] __nla_validate_parse: 1 callbacks suppressed [ 132.016061][T16527] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3670'. [ 132.235167][T16446] Set syz1 is full, maxelem 65536 reached [ 132.309556][T16539] loop6: detected capacity change from 0 to 512 [ 132.376851][T16539] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.389380][T16539] ext4 filesystem being mounted at /576/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 132.421733][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.540333][T16556] loop5: detected capacity change from 0 to 512 [ 132.548600][T16556] EXT4-fs error (device loop5): ext4_iget_extra_inode:4693: inode #15: comm syz.5.3680: corrupted in-inode xattr: invalid ea_ino [ 132.564670][T16556] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.3680: couldn't read orphan inode 15 (err -117) [ 132.577342][T16556] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.677395][T16566] netlink: 'syz.0.3685': attribute type 13 has an invalid length. [ 132.688531][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.699975][T16566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.709462][T16566] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 133.177496][T16616] netlink: 'syz.6.3706': attribute type 21 has an invalid length. [ 133.207989][T16621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.229353][T16621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.260969][T16619] SELinux: failed to load policy [ 133.348865][T16643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.357987][T16643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.358358][T16668] tipc: Enabled bearer , priority 0 [ 133.378688][T16668] tipc: Disabling bearer [ 133.504292][T16695] xt_hashlimit: max too large, truncated to 1048576 [ 133.884140][T16725] loop6: detected capacity change from 0 to 512 [ 133.890807][T16725] EXT4-fs: Ignoring removed nobh option [ 133.913575][T16725] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.3738: invalid indirect mapped block 256 (level 2) [ 133.927598][T16735] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3740'. [ 133.938040][T16725] EXT4-fs (loop6): 2 truncates cleaned up [ 133.944480][T16725] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.971383][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.987476][T16743] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3743'. [ 134.090058][T16756] netlink: 2036 bytes leftover after parsing attributes in process `syz.0.3746'. [ 134.091077][ T3393] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 134.099212][T16756] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3746'. [ 134.117191][ T3393] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 134.144206][T16766] netlink: zone id is out of range [ 134.149346][T16766] netlink: zone id is out of range [ 134.154579][T16766] netlink: zone id is out of range [ 134.159697][T16766] netlink: zone id is out of range [ 134.164873][T16766] netlink: zone id is out of range [ 134.170049][T16766] netlink: zone id is out of range [ 134.175337][T16766] netlink: zone id is out of range [ 134.180446][T16766] netlink: zone id is out of range [ 134.308517][T16782] netlink: 96 bytes leftover after parsing attributes in process `syz.8.3755'. [ 134.339740][T16784] loop8: detected capacity change from 0 to 512 [ 134.347410][T16784] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 134.365389][T16784] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.379609][T16784] ext4 filesystem being mounted at /454/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 134.536029][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.641507][T16801] loop8: detected capacity change from 0 to 128 [ 134.697488][T16801] syz.8.3762: attempt to access beyond end of device [ 134.697488][T16801] loop8: rw=2049, sector=194, nr_sectors = 1 limit=128 [ 134.710974][T16801] Buffer I/O error on dev loop8, logical block 194, lost async page write [ 134.721195][T16801] syz.8.3762: attempt to access beyond end of device [ 134.721195][T16801] loop8: rw=2049, sector=195, nr_sectors = 1 limit=128 [ 134.734709][T16801] Buffer I/O error on dev loop8, logical block 195, lost async page write [ 134.745033][T16801] syz.8.3762: attempt to access beyond end of device [ 134.745033][T16801] loop8: rw=2049, sector=196, nr_sectors = 1 limit=128 [ 134.758468][T16801] Buffer I/O error on dev loop8, logical block 196, lost async page write [ 134.768350][T16801] syz.8.3762: attempt to access beyond end of device [ 134.768350][T16801] loop8: rw=2049, sector=197, nr_sectors = 1 limit=128 [ 134.781890][T16801] Buffer I/O error on dev loop8, logical block 197, lost async page write [ 134.792536][T16801] syz.8.3762: attempt to access beyond end of device [ 134.792536][T16801] loop8: rw=2049, sector=198, nr_sectors = 1 limit=128 [ 134.806038][T16801] Buffer I/O error on dev loop8, logical block 198, lost async page write [ 134.836251][T16801] syz.8.3762: attempt to access beyond end of device [ 134.836251][T16801] loop8: rw=2049, sector=199, nr_sectors = 1 limit=128 [ 134.849687][T16801] Buffer I/O error on dev loop8, logical block 199, lost async page write [ 134.861110][T16801] syz.8.3762: attempt to access beyond end of device [ 134.861110][T16801] loop8: rw=2049, sector=200, nr_sectors = 1 limit=128 [ 134.874708][T16801] Buffer I/O error on dev loop8, logical block 200, lost async page write [ 134.888476][T16801] syz.8.3762: attempt to access beyond end of device [ 134.888476][T16801] loop8: rw=2049, sector=201, nr_sectors = 16 limit=128 [ 134.992990][ T4365] kworker/u8:37: attempt to access beyond end of device [ 134.992990][ T4365] loop8: rw=1, sector=217, nr_sectors = 824 limit=128 [ 135.249107][T16834] syzkaller0: entered promiscuous mode [ 135.254722][T16834] syzkaller0: entered allmulticast mode [ 135.262779][T16845] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 135.268627][T16845] syzkaller0: Linktype set failed because interface is up [ 135.275884][ T3326] syzkaller0: tun_net_xmit 48 [ 135.339141][T16855] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3776'. [ 135.496323][T16867] loop5: detected capacity change from 0 to 512 [ 135.524929][T16867] bond3: entered promiscuous mode [ 135.529988][T16867] bond3: entered allmulticast mode [ 135.552469][T16867] 8021q: adding VLAN 0 to HW filter on device bond3 [ 135.574272][T16867] bond3 (unregistering): Released all slaves [ 135.703404][T16947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3785'. [ 135.782212][T16955] netlink: 'syz.0.3788': attribute type 4 has an invalid length. [ 136.001207][T16978] tipc: Enabled bearer , priority 0 [ 136.011019][T16978] tipc: Disabling bearer [ 136.127551][T16990] loop5: detected capacity change from 0 to 8192 [ 136.134421][T16990] vfat: Unknown parameter 'H!1`w )ea뀋-sà_uŪ][_Hqm5W)-3?b5e]C"XG \ZHPX017777777777777777777770xffffffffffffffff184467440737095516150xffffffffffffffff' [ 136.303760][T17004] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17004 comm=syz.4.3806 [ 136.355281][T17008] futex_wake_op: syz.4.3808 tries to shift op by -1; fix this program [ 136.363493][T17010] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 136.439068][ T29] kauditd_printk_skb: 118 callbacks suppressed [ 136.439084][ T29] audit: type=1400 audit(1747883041.005:4005): avc: denied { sqpoll } for pid=17013 comm="syz.4.3811" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 136.578454][ T29] audit: type=1400 audit(1747883041.145:4006): avc: denied { module_load } for pid=17011 comm="syz.5.3810" path="/sys/kernel/notes" dev="sysfs" ino=211 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1 [ 136.602399][T17012] Invalid ELF header magic: != ELF [ 136.767453][ T29] audit: type=1400 audit(1747883041.335:4007): avc: denied { read } for pid=17022 comm="syz.5.3814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 136.793365][T17023] loop5: detected capacity change from 0 to 527 [ 136.804711][T17023] EXT4-fs (loop5): failed to parse options in superblock:  [ 136.817632][T17023] EXT4-fs (loop5): Unsupported encryption level 4 [ 136.844194][ T29] audit: type=1400 audit(1747883041.405:4008): avc: denied { write } for pid=17025 comm="syz.0.3815" lport=49670 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 136.868558][ T29] audit: type=1400 audit(1747883041.415:4009): avc: denied { getopt } for pid=17025 comm="syz.0.3815" lport=49670 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 137.230075][T17066] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3833'. [ 137.230410][ T29] audit: type=1400 audit(1747883041.795:4010): avc: denied { ioctl } for pid=17065 comm="syz.8.3833" path="socket:[35013]" dev="sockfs" ino=35013 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 137.263866][ T29] audit: type=1400 audit(1747883041.795:4011): avc: denied { bind } for pid=17065 comm="syz.8.3833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 137.283327][ T29] audit: type=1400 audit(1747883041.795:4012): avc: denied { setopt } for pid=17065 comm="syz.8.3833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 137.302875][ T29] audit: type=1400 audit(1747883041.795:4013): avc: denied { write } for pid=17065 comm="syz.8.3833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 137.334857][ T29] audit: type=1326 audit(1747883041.905:4014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17070 comm="syz.5.3834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6d8c7b5927 code=0x7ffc0000 [ 137.477259][T17082] loop5: detected capacity change from 0 to 512 [ 137.478274][T17085] sch_fq: defrate 2049 ignored. [ 137.511909][T17082] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.527537][T17082] ext4 filesystem being mounted at /690/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 137.565392][T17093] bridge0: entered promiscuous mode [ 137.572952][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.582230][T17093] macvlan2: entered promiscuous mode [ 137.587875][T17093] bridge0: port 1(macvlan2) entered blocking state [ 137.594552][T17093] bridge0: port 1(macvlan2) entered disabled state [ 137.623432][T17093] macvlan2: entered allmulticast mode [ 137.628837][T17093] bridge0: entered allmulticast mode [ 137.641555][T17093] macvlan2: left allmulticast mode [ 137.646757][T17093] bridge0: left allmulticast mode [ 137.658049][T17093] bridge0: left promiscuous mode [ 137.703215][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x4 [ 137.710904][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x2 [ 137.725947][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.733813][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.741567][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.749301][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.756986][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.764846][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.772597][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.780254][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.787943][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.795633][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.803370][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.811061][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.818722][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.826512][ T3393] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x0 [ 137.846606][ T3393] hid-generic 0000:3000000:0000.0007: hidraw0: HID v0.00 Device [sy] on syz0 [ 137.870774][T17140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.880683][T17140] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 137.899423][T17146] net_ratelimit: 633 callbacks suppressed [ 137.899439][T17146] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 137.975263][T17161] loop8: detected capacity change from 0 to 512 [ 137.982440][T17161] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 137.997311][T17164] syz_tun: entered allmulticast mode [ 138.006968][T17161] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 138.013308][T17163] syz_tun: left allmulticast mode [ 138.041999][T17161] EXT4-fs error (device loop8): ext4_iget_extra_inode:4693: inode #15: comm syz.8.3864: corrupted in-inode xattr: e_value size too large [ 138.079693][T17181] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3871'. [ 138.088879][T17161] EXT4-fs error (device loop8): ext4_orphan_get:1396: comm syz.8.3864: couldn't read orphan inode 15 (err -117) [ 138.113869][T17161] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.146409][T17191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3875'. [ 138.162906][T17195] tipc: Enabling of bearer rejected, failed to enable media [ 138.176251][T17197] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3877'. [ 138.228163][T17203] loop5: detected capacity change from 0 to 2048 [ 138.245481][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.292207][T17203] loop5: p1 < > p4 [ 138.296749][T17203] loop5: p4 size 8388608 extends beyond EOD, truncated [ 138.332022][T17218] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17218 comm=syz.0.3883 [ 138.350172][T17222] sd 0:0:1:0: device reset [ 138.390705][T17232] loop5: detected capacity change from 0 to 512 [ 138.398735][T17234] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17234 comm=syz.4.3887 [ 138.413553][T17232] EXT4-fs: Ignoring removed mblk_io_submit option [ 138.429771][T17232] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 138.446051][T17232] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 138.473237][T17232] EXT4-fs (loop5): orphan cleanup on readonly fs [ 138.481220][T17232] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:483: comm syz.5.3885: Invalid block bitmap block 0 in block_group 0 [ 138.496419][T17232] EXT4-fs (loop5): Remounting filesystem read-only [ 138.503201][T17232] EXT4-fs (loop5): 1 orphan inode deleted [ 138.510815][T17232] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 138.536221][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.587736][T17258] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3893'. [ 138.821542][T17297] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3911'. [ 138.832970][T17298] netlink: 75 bytes leftover after parsing attributes in process `syz.6.3910'. [ 138.893423][T17306] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 138.983143][T17315] loop5: detected capacity change from 0 to 128 [ 139.065711][T17315] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 139.083740][T17315] ext4 filesystem being mounted at /709/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 139.132506][T17325] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3919'. [ 139.149568][ T3746] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 139.246718][T17344] SELinux: failed to load policy [ 139.353646][T17351] SELinux: failed to load policy [ 139.393727][T17357] loop8: detected capacity change from 0 to 164 [ 139.401844][T17357] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 139.494608][T17374] -1: renamed from syzkaller0 [ 139.507877][T17378] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3935'. [ 139.542384][T17398] bond1: entered promiscuous mode [ 139.547496][T17398] bond1: entered allmulticast mode [ 139.552802][T17398] 8021q: adding VLAN 0 to HW filter on device bond1 [ 139.562819][T17398] bond1 (unregistering): Released all slaves [ 139.640059][T17468] loop6: detected capacity change from 0 to 1024 [ 139.649338][T17468] EXT4-fs: Ignoring removed mblk_io_submit option [ 139.656682][T17468] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 139.670426][T17468] EXT4-fs error (device loop6): ext4_ext_check_inode:524: inode #11: comm syz.6.3941: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 139.692391][T17468] EXT4-fs error (device loop6): ext4_orphan_get:1396: comm syz.6.3941: couldn't read orphan inode 11 (err -117) [ 139.713634][T17468] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.738579][T17468] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.3941: Invalid block bitmap block 0 in block_group 0 [ 139.762833][T17468] EXT4-fs error (device loop6): ext4_acquire_dquot:6935: comm syz.6.3941: Failed to acquire dquot type 0 [ 139.811392][T17490] -1: renamed from syzkaller0 [ 139.824337][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.966125][T17514] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3958'. [ 140.013656][T17527] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 140.023907][T17527] SELinux: failed to load policy [ 140.109984][T17539] loop5: detected capacity change from 0 to 1024 [ 140.128512][T17539] EXT4-fs (loop5): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 140.139428][T17539] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 140.158082][T17539] JBD2: no valid journal superblock found [ 140.163855][T17539] EXT4-fs (loop5): Could not load journal inode [ 140.172509][T17546] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 140.311808][ T1047] page_pool_release_retry() stalled pool shutdown: id 65, 1 inflight 60 sec [ 140.454633][T17583] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 140.830742][T17586] Invalid ELF header magic: != ELF [ 141.202741][T17683] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 141.445696][ T29] kauditd_printk_skb: 238 callbacks suppressed [ 141.445711][ T29] audit: type=1400 audit(1747883046.015:4248): avc: denied { prog_load } for pid=17721 comm="syz.0.4030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 141.501157][ T29] audit: type=1400 audit(1747883046.025:4249): avc: denied { read write } for pid=17717 comm="syz.8.4029" name="loop8" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 141.525374][ T29] audit: type=1400 audit(1747883046.045:4250): avc: denied { prog_load } for pid=17721 comm="syz.0.4030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 141.544520][ T29] audit: type=1400 audit(1747883046.045:4251): avc: denied { create } for pid=17721 comm="syz.0.4030" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=0 [ 141.564411][ T29] audit: type=1400 audit(1747883046.045:4252): avc: denied { prog_load } for pid=17724 comm="syz.4.4031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 141.594887][ T29] audit: type=1400 audit(1747883046.095:4253): avc: denied { open } for pid=17717 comm="syz.8.4029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=0 [ 141.614246][ T29] audit: type=1400 audit(1747883046.135:4254): avc: denied { prog_load } for pid=17728 comm="syz.0.4033" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 141.633524][ T29] audit: type=1400 audit(1747883046.155:4255): avc: denied { prog_load } for pid=17726 comm="syz.4.4032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 141.652697][ T29] audit: type=1400 audit(1747883046.155:4256): avc: denied { read write } for pid=7927 comm="syz-executor" name="loop8" dev="devtmpfs" ino=108 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 141.676893][ T29] audit: type=1400 audit(1747883046.155:4257): avc: denied { allowed } for pid=17726 comm="syz.4.4032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=0 [ 142.301968][T17855] Falling back ldisc for ttyS3. [ 142.377908][T17872] __nla_validate_parse: 6 callbacks suppressed [ 142.377925][T17872] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4084'. [ 142.395076][T17872] netlink: 7 bytes leftover after parsing attributes in process `syz.4.4084'. [ 142.406069][T17878] bond1: left promiscuous mode [ 142.411019][T17878] vlan2: left promiscuous mode [ 142.415966][T17878] gtp0: left promiscuous mode [ 142.420715][T17878] geneve2: left promiscuous mode [ 142.425703][T17878] bond3: left promiscuous mode [ 143.195917][T17937] syzkaller0: entered promiscuous mode [ 143.201438][T17937] syzkaller0: entered allmulticast mode [ 143.250793][T17949] netlink: 'syz.4.4114': attribute type 13 has an invalid length. [ 143.272633][T17949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.281849][T17949] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 143.449884][T17979] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4126'. [ 143.938348][T18011] netlink: 'syz.4.4136': attribute type 10 has an invalid length. [ 143.953963][T18011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4136'. [ 144.185805][T18068] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4163'. [ 144.194952][T18068] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4163'. [ 144.413334][T18118] loop6: detected capacity change from 0 to 128 [ 144.587715][T18133] syz.6.4179: attempt to access beyond end of device [ 144.587715][T18133] loop6: rw=0, sector=121, nr_sectors = 120 limit=128 [ 144.640731][ T4365] kworker/u8:37: attempt to access beyond end of device [ 144.640731][ T4365] loop6: rw=1, sector=241, nr_sectors = 800 limit=128 [ 144.660432][T18149] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4181'. [ 145.188585][T18209] vhci_hcd: invalid port number 96 [ 145.193835][T18209] vhci_hcd: default hub control req: 0000 vfffc i0060 l0 [ 145.239497][T18217] loop8: detected capacity change from 0 to 512 [ 145.263245][T18217] EXT4-fs: Ignoring removed nobh option [ 145.273699][T18217] EXT4-fs error (device loop8): ext4_free_branches:1023: inode #11: comm syz.8.4194: invalid indirect mapped block 256 (level 2) [ 145.291538][T18230] netlink: 'syz.4.4201': attribute type 4 has an invalid length. [ 145.299450][T18217] EXT4-fs (loop8): 2 truncates cleaned up [ 145.305837][T18217] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.372745][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.400778][T18246] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 145.700723][T18286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4214'. [ 145.958651][T18306] loop6: detected capacity change from 0 to 512 [ 145.966239][T18306] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 146.042900][T18306] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.057487][T18306] ext4 filesystem being mounted at /683/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 146.336485][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.453241][ T29] kauditd_printk_skb: 644 callbacks suppressed [ 146.453291][ T29] audit: type=1400 audit(1747883051.025:4902): avc: denied { shutdown } for pid=18345 comm="syz.6.4233" lport=33655 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 146.575004][ T29] audit: type=1400 audit(1747883051.125:4903): avc: denied { read } for pid=18353 comm="syz.6.4236" dev="nsfs" ino=4026532372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 146.596387][ T29] audit: type=1400 audit(1747883051.125:4904): avc: denied { open } for pid=18353 comm="syz.6.4236" path="net:[4026532372]" dev="nsfs" ino=4026532372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 146.619885][ T29] audit: type=1400 audit(1747883051.145:4905): avc: denied { create } for pid=18353 comm="syz.6.4236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.654604][ T29] audit: type=1400 audit(1747883051.145:4906): avc: denied { execmem } for pid=18316 comm="syz.5.4223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 146.674023][ T29] audit: type=1400 audit(1747883051.215:4907): avc: denied { bind } for pid=18353 comm="syz.6.4236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.693904][ T29] audit: type=1400 audit(1747883051.215:4908): avc: denied { read } for pid=18353 comm="syz.6.4236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 146.713793][ T29] audit: type=1400 audit(1747883051.215:4909): avc: denied { rename } for pid=18358 comm="syz.4.4239" name="file0" dev="tmpfs" ino=4652 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 146.746906][T18363] netlink: '+}[@': attribute type 10 has an invalid length. [ 146.754325][T18363] netlink: 2 bytes leftover after parsing attributes in process `+}[@'. [ 146.756372][ T29] audit: type=1400 audit(1747883051.325:4910): avc: denied { name_bind } for pid=18357 comm="syz.8.4238" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 146.785257][ T29] audit: type=1400 audit(1747883051.325:4911): avc: denied { node_bind } for pid=18357 comm="syz.8.4238" saddr=127.0.0.1 src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 147.017320][T18380] loop8: detected capacity change from 0 to 1024 [ 147.063360][T18380] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.092856][T18386] loop5: detected capacity change from 0 to 512 [ 147.098209][T18380] EXT4-fs error (device loop8): ext4_validate_block_bitmap:441: comm syz.8.4256: bg 0: block 88: padding at end of block bitmap is not set [ 147.099731][T18386] EXT4-fs: Ignoring removed nobh option [ 147.123050][T18386] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.4247: invalid indirect mapped block 256 (level 2) [ 147.136962][T18386] EXT4-fs (loop5): 2 truncates cleaned up [ 147.144423][ T7927] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.144449][T18386] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.196624][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.249835][T18402] vlan2: entered allmulticast mode [ 147.255054][T18402] bridge_slave_0: entered allmulticast mode [ 147.339630][T18419] netlink: 'syz.5.4258': attribute type 1 has an invalid length. [ 147.347456][T18419] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4258'. [ 147.445678][T18436] loop5: detected capacity change from 0 to 128 [ 147.545838][T18436] syz.5.4263: attempt to access beyond end of device [ 147.545838][T18436] loop5: rw=2049, sector=194, nr_sectors = 1 limit=128 [ 147.559379][T18436] Buffer I/O error on dev loop5, logical block 194, lost async page write [ 147.591683][T18436] syz.5.4263: attempt to access beyond end of device [ 147.591683][T18436] loop5: rw=2049, sector=195, nr_sectors = 1 limit=128 [ 147.605400][T18436] Buffer I/O error on dev loop5, logical block 195, lost async page write [ 147.617613][T18436] syz.5.4263: attempt to access beyond end of device [ 147.617613][T18436] loop5: rw=2049, sector=196, nr_sectors = 1 limit=128 [ 147.631081][T18436] Buffer I/O error on dev loop5, logical block 196, lost async page write [ 147.651653][T18436] syz.5.4263: attempt to access beyond end of device [ 147.651653][T18436] loop5: rw=2049, sector=197, nr_sectors = 1 limit=128 [ 147.665111][T18436] Buffer I/O error on dev loop5, logical block 197, lost async page write [ 147.687260][T18436] syz.5.4263: attempt to access beyond end of device [ 147.687260][T18436] loop5: rw=2049, sector=198, nr_sectors = 1 limit=128 [ 147.700773][T18436] Buffer I/O error on dev loop5, logical block 198, lost async page write [ 147.710984][T18436] syz.5.4263: attempt to access beyond end of device [ 147.710984][T18436] loop5: rw=2049, sector=199, nr_sectors = 1 limit=128 [ 147.724643][T18436] Buffer I/O error on dev loop5, logical block 199, lost async page write [ 147.734121][T18436] syz.5.4263: attempt to access beyond end of device [ 147.734121][T18436] loop5: rw=2049, sector=200, nr_sectors = 1 limit=128 [ 147.747616][T18436] Buffer I/O error on dev loop5, logical block 200, lost async page write [ 147.757464][T18436] syz.5.4263: attempt to access beyond end of device [ 147.757464][T18436] loop5: rw=2049, sector=201, nr_sectors = 16 limit=128 [ 147.818178][T18458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4273'. [ 147.825280][T18468] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4275'. [ 147.864344][T18458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4273'. [ 147.947557][T18500] bridge0: port 1(gretap0) entered blocking state [ 147.954131][T18500] bridge0: port 1(gretap0) entered disabled state [ 147.965865][T18500] gretap0: entered allmulticast mode [ 147.973614][T18500] gretap0: entered promiscuous mode [ 147.980281][T18500] bridge0: port 1(gretap0) entered blocking state [ 147.986766][T18500] bridge0: port 1(gretap0) entered forwarding state [ 147.999117][T18500] gretap0: left allmulticast mode [ 148.004280][T18500] gretap0: left promiscuous mode [ 148.009411][T18500] bridge0: port 1(gretap0) entered disabled state [ 148.438367][T18540] loop6: detected capacity change from 0 to 1024 [ 148.465190][T18540] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.592226][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.605802][T18550] loop5: detected capacity change from 0 to 2048 [ 148.621554][T18550] EXT4-fs: Ignoring removed bh option [ 148.657945][T18563] loop6: detected capacity change from 0 to 128 [ 148.671504][T18550] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.705907][T18563] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 148.769227][T18563] ext4 filesystem being mounted at /700/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 148.813555][T18549] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 148.846891][ T6004] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 148.859557][T18549] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 148.871948][T18549] EXT4-fs (loop5): This should not happen!! Data will be lost [ 148.871948][T18549] [ 148.881643][T18549] EXT4-fs (loop5): Total free blocks count 0 [ 148.887714][T18549] EXT4-fs (loop5): Free/Dirty block details [ 148.893624][T18549] EXT4-fs (loop5): free_blocks=2415919104 [ 148.899424][T18549] EXT4-fs (loop5): dirty_blocks=2304 [ 148.904734][T18549] EXT4-fs (loop5): Block reservation details [ 148.910851][T18549] EXT4-fs (loop5): i_reserved_data_blocks=152 [ 148.942089][T18576] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 149.013975][T18597] $H: renamed from bond0 [ 149.045766][T18597] $H: entered promiscuous mode [ 149.072620][T18604] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4315'. [ 149.280147][T18616] xt_CT: No such helper "pptp" [ 149.683877][T18646] bridge: RTM_NEWNEIGH with invalid ether address [ 149.835675][T18655] netlink: 'syz.0.4332': attribute type 10 has an invalid length. [ 149.848264][T18655] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 149.904477][T18698] IPVS: Error connecting to the multicast addr [ 150.033829][T18718] loop5: detected capacity change from 0 to 128 [ 150.057581][T18723] loop6: detected capacity change from 0 to 2048 [ 150.095254][T18723] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.141278][T18723] ext4 filesystem being mounted at /710/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.165898][T18733] bio_check_eod: 1 callbacks suppressed [ 150.165911][T18733] syz.5.4347: attempt to access beyond end of device [ 150.165911][T18733] loop5: rw=0, sector=121, nr_sectors = 120 limit=128 [ 150.232199][T18723] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.4349: bg 0: block 345: padding at end of block bitmap is not set [ 150.254163][T18723] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 312 with error 117 [ 150.266768][T18723] EXT4-fs (loop6): This should not happen!! Data will be lost [ 150.266768][T18723] [ 150.283095][ T4381] kworker/u8:53: attempt to access beyond end of device [ 150.283095][ T4381] loop5: rw=1, sector=241, nr_sectors = 800 limit=128 [ 150.420738][ T6004] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.584244][ T1047] kernel write not supported for file /1531/attr/exec (pid: 1047 comm: kworker/0:2) [ 150.864988][T18859] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4383'. [ 150.874103][T18859] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4383'. [ 150.883068][T18859] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4383'. [ 150.894477][T18859] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4383'. [ 150.903470][T18859] netlink: 'syz.5.4383': attribute type 6 has an invalid length. [ 150.957319][ T36] kernel write not supported for file /1706/attr/exec (pid: 36 comm: kworker/1:1) [ 151.050387][T18874] loop5: detected capacity change from 0 to 1024 [ 151.092956][T18874] EXT4-fs: Ignoring removed nobh option [ 151.098666][T18874] EXT4-fs: Ignoring removed bh option [ 151.194876][T18886] loop6: detected capacity change from 0 to 128 [ 151.217739][T18874] EXT4-fs error (device loop5): ext4_orphan_get:1417: comm syz.5.4391: bad orphan inode 32767 [ 151.235094][T18874] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 151.283688][T18886] syz.6.4394: attempt to access beyond end of device [ 151.283688][T18886] loop6: rw=0, sector=121, nr_sectors = 120 limit=128 [ 151.318936][T18874] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 18: block 241:freeing already freed block (bit 15); block bitmap corrupt. [ 151.369072][ T4347] kworker/u8:21: attempt to access beyond end of device [ 151.369072][ T4347] loop6: rw=1, sector=241, nr_sectors = 800 limit=128 [ 151.443545][ T3746] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.476063][ T29] kauditd_printk_skb: 253 callbacks suppressed [ 151.476079][ T29] audit: type=1400 audit(1747883056.045:5165): avc: denied { mount } for pid=18906 comm="syz.6.4399" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 151.530473][ T29] audit: type=1400 audit(1747883056.095:5166): avc: denied { unmount } for pid=6004 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 151.561102][ T29] audit: type=1326 audit(1747883056.125:5167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18942 comm="syz.6.4404" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fe83d0e5927 code=0x0 [ 151.585940][T18939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 151.595589][T18939] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.617924][T18960] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4405'. [ 151.732090][ T29] audit: type=1400 audit(1747883056.295:5168): avc: denied { getopt } for pid=18977 comm="syz.0.4410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 151.804891][T18986] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4413'. [ 151.919138][ T7285] ================================================================== [ 151.927269][ T7285] BUG: KCSAN: data-race in generic_fillattr / inode_add_bytes [ 151.934759][ T7285] [ 151.937093][ T7285] read-write to 0xffff888119c7f270 of 8 bytes by task 19004 on cpu 1: [ 151.945273][ T7285] inode_add_bytes+0x47/0xe0 [ 151.949880][ T7285] __dquot_alloc_space+0x180/0x8a0 [ 151.955022][ T7285] shmem_inode_acct_blocks+0x129/0x240 [ 151.960514][ T7285] shmem_get_folio_gfp+0x5a7/0xd40 [ 151.965639][ T7285] shmem_write_begin+0xa8/0x190 [ 151.970519][ T7285] generic_perform_write+0x181/0x490 [ 151.975873][ T7285] shmem_file_write_iter+0xc5/0xf0 [ 151.981028][ T7285] __kernel_write_iter+0x253/0x4c0 [ 151.986180][ T7285] dump_user_range+0x5f4/0x8d0 [ 151.990972][ T7285] elf_core_dump+0x1dc2/0x1f80 [ 151.995759][ T7285] do_coredump+0x1836/0x1f40 [ 152.000362][ T7285] get_signal+0xd85/0xf70 [ 152.004703][ T7285] arch_do_signal_or_restart+0x97/0x480 [ 152.010290][ T7285] irqentry_exit_to_user_mode+0x5e/0xa0 [ 152.015862][ T7285] irqentry_exit+0x12/0x50 [ 152.020301][ T7285] asm_exc_page_fault+0x26/0x30 [ 152.025199][ T7285] [ 152.027525][ T7285] read to 0xffff888119c7f270 of 8 bytes by task 7285 on cpu 0: [ 152.035079][ T7285] generic_fillattr+0x27d/0x340 [ 152.039960][ T7285] shmem_getattr+0x181/0x200 [ 152.044573][ T7285] vfs_getattr_nosec+0x143/0x1e0 [ 152.049550][ T7285] vfs_statx+0x11a/0x380 [ 152.053829][ T7285] vfs_fstatat+0xe1/0x160 [ 152.058197][ T7285] __se_sys_newfstatat+0x55/0x260 [ 152.063243][ T7285] __x64_sys_newfstatat+0x55/0x70 [ 152.068277][ T7285] x64_sys_call+0x2c22/0x2fb0 [ 152.072966][ T7285] do_syscall_64+0xd0/0x1a0 [ 152.077493][ T7285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.083401][ T7285] [ 152.085737][ T7285] value changed: 0x0000000000002a68 -> 0x0000000000002a70 [ 152.092853][ T7285] [ 152.095188][ T7285] Reported by Kernel Concurrency Sanitizer on: [ 152.101391][ T7285] CPU: 0 UID: 0 PID: 7285 Comm: syz-executor Tainted: G W 6.15.0-rc7-syzkaller-00014-gd608703fcdd9 #0 PREEMPT(voluntary) [ 152.115653][ T7285] Tainted: [W]=WARN [ 152.119468][ T7285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.129535][ T7285] ==================================================================