last executing test programs: 6m43.858803055s ago: executing program 4 (id=536): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000040000"], 0x48) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000340)='cpuset.cpu_exclusive\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x5, 0x12) syz_emit_ethernet(0x1f, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffff000000e8ff00001142"], 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f0000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect(0x4, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r2, 0x0, 0x25, 0x2, @val=@perf_event={0x101}}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x300f000, 0xe, 0x0, &(0x7f0000000080)="0069c2704ade28eddb0000200000", 0x0, 0x48b8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r5 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000300)={0x3, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000c40)={0x1, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}]}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000002000000e27f000001"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r7}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r6}, &(0x7f0000000040), &(0x7f00000001c0)=r7}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) readlinkat(0xffffffffffffffff, 0x0, &(0x7f0000002780)=""/4112, 0x1010) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f00000002c0)={0x1, r5}) r8 = socket$inet(0x2, 0x6, 0x7) shutdown(r8, 0x1) 6m43.178044045s ago: executing program 4 (id=551): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8102, &(0x7f0000000080), 0x7, 0x517, &(0x7f0000000700)="$eJzs3d9rY1kdAPDvvW06v7qmiz6sC67FXeksOkm7dXeLDzsriD4tqOt7LW1aStOmNOnMtAzSwT9AkEEFn3zyRfAPEGT+BBEG9N1fKOLMOA++aCTJjdNkEtupScM0nw+c3nPvufd+z0nJzTk5l9wAxtZsRHwYETcj4u2IyGfb0yzFUSs19nvy+O5qIyVRr3/89ySSbFv7XEm2vJYddjkivvX1iHhUr3fHrR4cbq2Uy6W9bL1Y294tVg8Ob2xur2yUNko7i4sL7y29v/Tu0vyZ23brWH4mIj746p9/+P2ffe2DX33x9u+X/3r9u0nW/uhqxyC1XpNc87Vom4yIvWEEG4GJrD25xsr9UdcGAICTpFkf7nPN/n8+Jpq9OQAAAOAiqd+cbs7d1AEAAIALK42I6UjSQnYvwHSkaaHQuof3U3E1LVeqtS+sV/Z31hplETORS9c3J0rz2b3CM5FL1jfLpYXsHtv2+jtd64sR8WpE3M9faa4XVivltVF/+QEAAABj4lrX+P9pvjX+P5V0yJUDAAAABmdm1BUAAAAAhs74HwAAAC4+438AAAC40L7x0UeNVG8//3rt1sH+VuXWjbVSdauwvb9aWK3s7RY2KpWN5m/2bZ90vnKlsvul2Nm/U6yVqrVi9eBwebuyv1Nb3ux4BDYAAABwjl797IPfJRFx9OUrzRRJxFRWlhtx3YDheqGf8PzTf3NTw6gLcL4mRl0BYGQmR10BYGSM8YHkhPK+N+/8evB1AQAAhmPu013z/2H+H8aFR3jC+DL/D+Orx/y/WwJgTOT0AGDsDX/+v15/oQoBAAADN91MSVrI5gKnI00LhYhXmo8FyCXrm+XSfER8IiJ+m89daqwvNI9MThwzAAAAAAAAAAAAAAAAAAAAAAAAAAAt9XoS9TN4epaDAAAAgJGISP+SZM//msu/Nd39/cBU8s98cxkRt3/y8Y/urNRqewuN7Y/yU9n22o+z7e+c8GWDh40DAADA8Ew+y7bH6e1xPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM0pPHd1fb6Tzj/u0rETHTK/5kXG4uL0cuIq7+I4nJY8clETExgPhH9yLitV7xk0a1YiarRXf8NCKujDj+tQHEh3H2oHH9+bDX+y+N2eay9/tvMkv/r+PXv8bl4Hj89vVvos/175VTxnj94S+KfePfi3h9svf1px0/6RP/zb4RL3Wsfefbh4f99qz/NGKu5+dP0hGrWNveLVYPDm9sbq9slDZKO4uLC+8tvb/07tJ8cX2zXMr+9ozxg8/88t/NTNq7/Vf7xJ85of1v9W1/p389vPP4k61srlf86292xp/Nyl7rEz/NPvs+n+Ub5XPt/FErf9wbP//NG1n2uY+sRvy1Pu0/6f9//ZTtf/ub3/vjKXcFAM5B9eBwa6VcLu0NPTPbu6jdIzqvajyX+cPNiHMP+nJmkgGfcDnf+r9PRGdRu+t/9jM3hlKNM3QWNbqto34NX5rM6K5JAADAcDzr9J9i544J90vDqxQAAAAAAAAAAAAAAAAAAACMmfP4ObHumEejaSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP/0nwAAAP//AEDGvA==") (async) r0 = fspick(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18) (async) syz_clone(0x126400, 0x0, 0x0, 0x0, 0x0, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x10) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) (async, rerun: 32) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async, rerun: 32) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) (async) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) (async) syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0xa0}}, {@errors_remount}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@dmask}, {@gid}, {@dmask={'dmask', 0x3d, 0x1}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'iso8859-2'}}]}, 0x1, 0x152f, &(0x7f0000000880)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=") (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x2a) (async, rerun: 32) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r3) (async, rerun: 32) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0xfd, [0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x2]}}) (async) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 6m43.177680365s ago: executing program 4 (id=552): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e21, @empty}}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f0000000440)=ANY=[@ANYBLOB="b0"], 0xb0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000500)=0x100000001, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x14, 0x0, &(0x7f0000000240)) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r8}, 0x18) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) write$FUSE_INIT(r3, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x4, 0x0, 0x4, 0x400, 0x5, 0x1, 0x0, 0x0, 0x1, 0x74}}, 0x50) r9 = fcntl$dupfd(r6, 0x0, r5) ioctl$BTRFS_IOC_LOGICAL_INO(r9, 0xc0389424, &(0x7f0000000280)={0x1, 0x28, '\x00', 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0]}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) syz_emit_ethernet(0x80, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "fc1046", 0x4a, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x403}, {0x0, 0x0, 0x0, 0x0, 0x100}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0xe, 0x67fe, 0x2]}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x20}, 0x2, {0x5000000}}}}}}}}}, 0x0) 6m43.051711667s ago: executing program 4 (id=553): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x12b) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='configfs\x00', 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) move_mount(r1, &(0x7f0000000080)='./file0/file0\x00', r1, &(0x7f0000000040)='./file0/../file0\x00', 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = add_key$keyring(&(0x7f0000000700), &(0x7f0000000740)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000000580), &(0x7f0000000600)={'syz', 0x3}, &(0x7f0000000680)="d47ff7d9f0f798f14b6c8a05bbfbb6a067bf2031bb715e59be9f3ca52ac90d888366cf815f6594ccc56f8337e9a49f32b17a215626e7c2605186e9ff248791a1c1202f93d6be52f420a90d065f9b751b3c81fc5e873dea48ab1d1f4a08572c4bda46cf84b21e2f4e33716f7430d19acf83", 0x71, r4) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x7, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffc], [0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb27, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240), 0x57) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'team_slave_0\x00'}) dup3(r0, r3, 0x0) rt_sigqueueinfo(0x0, 0x21, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='memory.events\x00', 0x100002, 0x0) pipe(0x0) io_setup(0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 6m42.88217992s ago: executing program 4 (id=555): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r0}, 0x10) epoll_pwait(0xffffffffffffffff, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) 6m42.722198382s ago: executing program 4 (id=558): recvfrom$inet(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) r0 = gettid() r1 = gettid() tkill(r0, 0x12) tkill(r0, 0x1) tkill(r1, 0x14) 6m42.678426173s ago: executing program 32 (id=558): recvfrom$inet(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) r0 = gettid() r1 = gettid() tkill(r0, 0x12) tkill(r0, 0x1) tkill(r1, 0x14) 2.874119277s ago: executing program 3 (id=3045): unshare(0x22020600) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000001640)='kfree\x00', r0}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close_range(r1, 0xffffffffffffffff, 0x2) 2.849820348s ago: executing program 3 (id=3046): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$xdp(0x2c, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000400)={0xa}) epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) 2.513642422s ago: executing program 2 (id=3050): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) listen(r2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r4}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) connect$unix(r1, &(0x7f0000fce000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000001340)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==") sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 1.552845447s ago: executing program 2 (id=3053): socket$packet(0x11, 0xa, 0x300) socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00'}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x5e, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x28, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2={0xe}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_mount_image$exfat(&(0x7f00000005c0), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000780)='./file1\x00', 0x141042, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000280), 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00'}, 0x10) pwritev2(r3, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) 1.506853897s ago: executing program 3 (id=3055): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="876d80ee3f2adb5e", @ANYRES32], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c3405000000000000003871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a2abf6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a31b16ac5fb73fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b6449d51c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9d66ebbc8bab4ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab95435c27167f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a573bdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7436b97bf3825a19d6c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb9b1c63b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0xffffffff}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000100000000000000040000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x2, 0x2}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000440)=ANY=[@ANYBLOB="180000001400010300000000000000001e000000c1"], 0x18}}, 0x0) getcwd(0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYRESDEC=0x0]) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r6, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 1.384527029s ago: executing program 2 (id=3057): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r1}, 0x18) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) sendmsg$tipc(r2, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x2, {0x18}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x20) 1.34537932s ago: executing program 2 (id=3058): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4f, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000840)={&(0x7f0000000200)='kfree_skb\x00', r1}, 0x18) r2 = socket$inet(0x2, 0x4000000805, 0x0) sendmmsg(r2, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}], 0x1, 0x844) 1.30298649s ago: executing program 2 (id=3061): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r0) sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bdf000fbdbdf251000000008000300", @ANYBLOB="080006"], 0x4c}, 0x1, 0x0, 0x0, 0x4800}, 0x0) 961.542466ms ago: executing program 2 (id=3065): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x1f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r1) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010326bd6000000000002d9300000c000180080001"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x20040814) 570.948882ms ago: executing program 3 (id=3077): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0xde76}, 0x18) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r0, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r2, &(0x7f0000002300)={&(0x7f0000000040)=@id={0x1e, 0x3, 0x3, {0x4e20, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44}, 0x4) sendmsg$tipc(r2, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x480c0}, 0x0) accept4(r0, 0x0, 0x0, 0x400000000000000) 570.790551ms ago: executing program 5 (id=3078): unshare(0x68040200) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x2, 0x4, 0x3a8, 0xffffffff, 0x1c0, 0xd0, 0x0, 0xfeffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [0x0, 0x0, 0x0, 0xff], [], 'macsec0\x00', 'bond_slave_0\x00', {0xff}, {0xff}, 0x6, 0x0, 0x1, 0x48}, 0x2f2, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x7, 0x50cc}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x1, 'syz0\x00', {0x42b5}}}}, {{@ipv6={@private2, @mcast1, [0x0, 0xffffffff, 0xffffffff, 0xffffff00], [0x0, 0xffffffff, 0xffffff00], 'macvlan1\x00', 'veth0_to_batadv\x00', {0xff}, {0xff}, 0x6c, 0x6, 0x6}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0x80, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x7, 'syz1\x00', {0x1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) 480.153933ms ago: executing program 5 (id=3079): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffff3e10, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) 480.035413ms ago: executing program 3 (id=3080): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x33fe0}}, 0x0) 479.744033ms ago: executing program 3 (id=3082): r0 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) pipe(&(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x7, 0x9) 479.449593ms ago: executing program 5 (id=3083): syz_emit_ethernet(0x14, &(0x7f0000000240)={@multicast, @multicast, @void, {@llc={0x4, {@llc={0xaa, 0x0, "04", "c67a03"}}}}}, 0x0) 406.204784ms ago: executing program 5 (id=3085): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0xf08, &(0x7f000000c480)={0x0, 0xabd0, 0x400, 0x2, 0x349}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000540)=[{0x0}], 0x1) r2 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x1e28, 0x40, 0x40, 0x89, 0x0, r1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) getrlimit(0x6, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, &(0x7f0000000000)=[r1], 0x1) 406.035094ms ago: executing program 1 (id=3086): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) close(r2) r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$binfmt_register(r3, &(0x7f0000000500)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x6, 0x3a, '@', 0x3a, '\\\x9e\xbd\x1d\r6\xea\x12+(\x03z', 0x3a, './file0', 0x3a, [0x46]}, 0x35) 405.881304ms ago: executing program 5 (id=3087): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x2}, 0x18) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000200)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0xfe37, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x8000000000000001], 0x0, 0x0, 0x100000}}, 0x40) 388.685864ms ago: executing program 1 (id=3088): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r0}, 0x18) capget(&(0x7f00000006c0)={0x20071026}, 0x0) 360.507515ms ago: executing program 1 (id=3089): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x80181, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c230000) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110c230041) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00', r2}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x16, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000184b00000600f90000000000000000008520000003000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0xa1, &(0x7f0000000140)=""/161, 0x40f00, 0x1, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x5, 0x5, 0xce1b, 0xfd}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000480)=[0x1, 0xffffffffffffffff], 0x0, 0x10, 0x2, @void, @value}, 0x94) mkdirat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz0\x00', 0x1ff) close(0x4) 202.057127ms ago: executing program 0 (id=3090): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x80003, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0xe75, 0x55}, {0x8000000000000001, 0x4, 0x6, 0xa78a}, 0xfffffffe, 0x0, 0x1, 0x1}, {{@in6=@private0, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7, 0x7ffffe}}, 0xe8) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 201.660697ms ago: executing program 5 (id=3091): r0 = socket$unix(0x1, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x14, 0x1a, 0x1, 0x0, 0x0, {0x80, 0x0, 0x2}}, 0x14}}, 0x0) dup(r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'}) r2 = socket(0x10, 0x3, 0x9) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b00)=ANY=[@ANYBLOB="14"], 0x28}}, 0x0) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r8, 0x6, 0x1, &(0x7f0000000080)={0x1ff, 0x3, 0x56, 0x4, 0x7, 0x7, 0x8}, 0xc) ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0xffffffffffffffb6) unshare(0x40000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) 201.510907ms ago: executing program 0 (id=3092): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1, 0x0, 0x2}, 0x18) brk(0x8b9) 201.357437ms ago: executing program 0 (id=3093): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f68737200000000140001"], 0xfc}}, 0x20000004) 189.961277ms ago: executing program 0 (id=3094): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e60435e6d62b9d270433b220ed9ff1ff042b8d3d866231c460765"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x1f) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424", 0x21) 113.303408ms ago: executing program 0 (id=3095): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)={0x38, r1, 0x10ada85e65c25359, 0xfffffffd, 0x25dfdbfd, {{0x6b}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x72}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x38}}, 0x0) 45.10151ms ago: executing program 0 (id=3096): fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x100000000}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff85000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) syz_clone(0x400a1400, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) unshare(0x64000600) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2c, r7, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40c0}, 0x4000000) pipe2$9p(&(0x7f0000000040), 0x84000) 44.663989ms ago: executing program 1 (id=3097): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000040)=@framed={{0x18, 0x7}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 10.27228ms ago: executing program 1 (id=3098): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000540)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "2b58ea71e70b7ec40843c97fb62cd171"}]}}}}}}}, 0x0) 0s ago: executing program 1 (id=3099): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x35, 0x0, 0x5}, {}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa0}}, 0x0) kernel console output (not intermixed with test programs): s=4294967295 subj=root:sysadm_r:sysadm_t pid=6059 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fadadbd1929 code=0x7ffc0000 [ 327.328212][ T6074] loop3: detected capacity change from 0 to 1024 [ 327.337301][ T3040] usb 3-1: device descriptor read/64, error -71 [ 327.636955][ T3040] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 329.916293][ T6099] loop5: detected capacity change from 0 to 1024 [ 331.541948][ T6119] overlayfs: failed to clone upperpath [ 331.797567][ T6122] netlink: 'syz.3.1877': attribute type 16 has an invalid length. [ 331.835879][ T6122] netlink: 'syz.3.1877': attribute type 17 has an invalid length. [ 331.889687][ T6112] loop5: detected capacity change from 0 to 40427 [ 331.955515][ T6112] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 331.995575][ T6112] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 332.032309][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 332.032677][ T30] audit: type=1326 audit(2000000124.810:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.053270][ T6112] F2FS-fs (loop5): invalid crc value [ 332.083500][ T30] audit: type=1326 audit(2000000124.810:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.113081][ T30] audit: type=1326 audit(2000000124.810:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.160222][ T30] audit: type=1326 audit(2000000124.810:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.189120][ T30] audit: type=1326 audit(2000000124.810:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.215456][ T30] audit: type=1326 audit(2000000124.810:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.239644][ T30] audit: type=1326 audit(2000000124.810:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.264015][ T30] audit: type=1326 audit(2000000124.810:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.264842][ T6112] F2FS-fs (loop5): Found nat_bits in checkpoint [ 332.298586][ T30] audit: type=1326 audit(2000000124.810:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.358472][ T30] audit: type=1326 audit(2000000124.810:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6129 comm="syz.1.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 332.556038][ T6148] loop3: detected capacity change from 0 to 1024 [ 332.649296][ T6112] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 332.683309][ T6137] netlink: 'syz.0.1880': attribute type 12 has an invalid length. [ 332.696773][ T6112] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 334.692088][ T6154] loop3: detected capacity change from 0 to 40427 [ 334.707021][ T6154] F2FS-fs (loop3): Unrecognized mount option "noflug ՛џݬsh_merge" or missing value [ 334.958172][ T6169] loop5: detected capacity change from 0 to 1024 [ 335.343301][ T6154] loop3: detected capacity change from 0 to 128 [ 335.397124][ T6154] EXT4-fs (loop3): Ignoring removed nobh option [ 335.444358][ T6154] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 335.507262][ T6154] ext4 filesystem being mounted at /358/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 335.933000][ T6191] loop5: detected capacity change from 0 to 1024 [ 336.291920][ T6194] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1898'. [ 336.426030][ T6194] SELinux: Context system_u:object_r:mount_tmp_t:s0 is not valid (left unmapped). [ 337.005024][ T6164] incfs_lookup_dentry err:-14 [ 337.016161][ T6164] incfs: Can't find or create .index dir in ./file0 [ 337.030699][ T6164] incfs: mount failed -14 [ 337.042895][ T6164] 9pnet: bogus RREAD count (3 > 1) [ 337.199194][ T6197] loop3: detected capacity change from 0 to 40427 [ 337.417623][ T30] kauditd_printk_skb: 70 callbacks suppressed [ 337.417653][ T30] audit: type=1400 audit(2000000130.190:1757): avc: denied { bind } for pid=6196 comm="syz.3.1899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 337.708864][ T6216] loop3: detected capacity change from 0 to 256 [ 337.745060][ T6216] FAT-fs (loop3): Directory bread(block 64) failed [ 337.751943][ T6216] FAT-fs (loop3): Directory bread(block 65) failed [ 337.752236][ T6213] loop2: detected capacity change from 0 to 40427 [ 337.758797][ T6216] FAT-fs (loop3): Directory bread(block 66) failed [ 337.772048][ T6216] FAT-fs (loop3): Directory bread(block 67) failed [ 337.778736][ T6216] FAT-fs (loop3): Directory bread(block 68) failed [ 337.785249][ T6216] FAT-fs (loop3): Directory bread(block 69) failed [ 337.791837][ T6216] FAT-fs (loop3): Directory bread(block 70) failed [ 337.798371][ T6216] FAT-fs (loop3): Directory bread(block 71) failed [ 337.804883][ T6216] FAT-fs (loop3): Directory bread(block 72) failed [ 337.811440][ T6216] FAT-fs (loop3): Directory bread(block 73) failed [ 337.844930][ T6213] F2FS-fs (loop2): Unrecognized mount option "noflug ՛џݬsh_merge" or missing value [ 337.975029][ T6222] loop2: detected capacity change from 0 to 4096 [ 337.993349][ T6222] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 338.302407][ T6243] loop2: detected capacity change from 0 to 1024 [ 339.842424][ T6241] incfs_lookup_dentry err:-14 [ 339.853542][ T6241] incfs: Can't find or create .index dir in ./file0 [ 339.860410][ T6241] incfs: mount failed -14 [ 339.866687][ T6241] 9pnet: bogus RREAD count (3 > 1) [ 340.030842][ T6272] loop3: detected capacity change from 0 to 40427 [ 340.040550][ T6272] F2FS-fs (loop3): Unrecognized mount option "noflug ՛џݬsh_merge" or missing value [ 340.565005][ T30] audit: type=1400 audit(2000000133.340:1758): avc: denied { ioctl } for pid=6277 comm="syz.5.1932" path="/dev/loop-control" dev="devtmpfs" ino=115 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 340.671857][ T6279] loop3: detected capacity change from 0 to 40427 [ 340.688100][ T6279] F2FS-fs (loop3): Unrecognized mount option "noflug ՛џݬsh_merge" or missing value [ 341.817523][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 342.382717][ T6323] syz.3.1946[6323] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.382800][ T6323] syz.3.1946[6323] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 342.405142][ T6323] 9pnet: Insufficient options for proto=fd [ 342.730598][ T6308] incfs_lookup_dentry err:-14 [ 342.735374][ T6308] incfs: Can't find or create .index dir in ./file0 [ 342.742632][ T6308] incfs: mount failed -14 [ 342.748874][ T6308] 9pnet: bogus RREAD count (3 > 1) [ 343.154179][ T6348] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1959'. [ 343.207687][ T6353] syz.5.1961[6353] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 343.207775][ T6353] syz.5.1961[6353] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 343.213711][ T6355] incfs_lookup_dentry err:-14 [ 343.236489][ T6355] incfs: Can't find or create .index dir in ./file0 [ 343.243400][ T6355] incfs: mount failed -14 [ 343.248896][ T6353] 9pnet: Insufficient options for proto=fd [ 343.250701][ T6355] 9pnet: bogus RREAD count (3 > 1) [ 343.342871][ T6357] loop5: detected capacity change from 0 to 4096 [ 343.373818][ T6357] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 343.426986][ T3040] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 343.510274][ T6328] incfs_lookup_dentry err:-14 [ 343.515102][ T6328] incfs: Can't find or create .index dir in ./file0 [ 343.522051][ T6328] incfs: mount failed -14 [ 343.528583][ T6328] 9pnet: bogus RREAD count (3 > 1) [ 343.736983][ T3040] usb 4-1: device descriptor read/64, error -71 [ 344.161263][ T6383] overlayfs: failed to resolve './file1': -2 [ 344.333599][ T3040] usb 4-1: device descriptor read/64, error -71 [ 344.426486][ T6388] 9pnet: Insufficient options for proto=fd [ 344.750090][ T6395] loop5: detected capacity change from 0 to 1024 [ 344.757429][ T3040] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 345.117033][ T3040] usb 4-1: device descriptor read/64, error -71 [ 346.047331][ T3040] usb 4-1: device descriptor read/64, error -71 [ 346.155433][ T6416] 9pnet: Insufficient options for proto=fd [ 346.168002][ T3040] usb usb4-port1: attempt power cycle [ 346.656150][ T6425] overlayfs: failed to resolve './file1': -2 [ 347.654758][ T6448] loop3: detected capacity change from 0 to 2048 [ 347.665003][ T6448] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 347.672562][ T6448] EXT4-fs (loop3): Ignoring removed nobh option [ 347.817660][ T6456] overlayfs: failed to resolve './file1': -2 [ 348.130484][ T6448] EXT4-fs (loop3): mounted filesystem without journal. Opts: abort,errors=remount-ro,nomblk_io_submit,stripe=0x000000000004ffff,norecovery,minixdf,nobh,. Quota mode: none. [ 348.616461][ T6457] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 348.636641][ T6457] EXT4-fs (loop3): Remounting filesystem read-only [ 349.663630][ T6472] overlayfs: failed to resolve './file1': -2 [ 350.357033][ T6481] loop5: detected capacity change from 0 to 1024 [ 350.575352][ T6481] overlayfs: missing 'lowerdir' [ 351.031864][ T6494] loop3: detected capacity change from 0 to 8192 [ 351.400852][ T6516] loop5: detected capacity change from 0 to 1024 [ 353.398987][ T6533] loop5: detected capacity change from 0 to 4096 [ 353.476659][ T6533] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 353.638011][ T6545] loop5: detected capacity change from 0 to 4096 [ 353.666999][ T6545] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 353.897641][ T6548] overlayfs: missing 'lowerdir' [ 354.496021][ T6559] loop3: detected capacity change from 0 to 1024 [ 354.892111][ T6564] loop5: detected capacity change from 0 to 4096 [ 354.973156][ T6564] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 355.447040][ T39] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 355.480815][ T6589] loop5: detected capacity change from 0 to 1024 [ 356.476995][ T39] usb 3-1: Using ep0 maxpacket: 32 [ 356.847242][ T39] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 359.366729][ T6612] loop5: detected capacity change from 0 to 2048 [ 360.487199][ T6617] overlayfs: failed to clone upperpath [ 360.529048][ T331] loop5: p1 < > p4 [ 360.540465][ T331] loop5: p4 size 8388608 extends beyond EOD, truncated [ 360.557049][ T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 360.573501][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.587499][ T6621] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2050'. [ 360.665132][ T39] usb 3-1: can't set config #1, error -71 [ 360.675932][ T39] usb 3-1: USB disconnect, device number 28 [ 361.016290][ T6612] loop5: p1 < > p4 [ 361.022256][ T6612] loop5: p4 size 8388608 extends beyond EOD, truncated [ 361.045806][ T30] audit: type=1400 audit(2000000153.820:1759): avc: denied { unmount } for pid=2048 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 365.448414][ T6642] overlayfs: failed to resolve './file1': -2 [ 366.108914][ T331] udevd[331]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 366.119777][ T403] udevd[403]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 366.204463][ T403] udevd[403]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 366.217376][ T331] udevd[331]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 367.387190][ T6674] overlayfs: failed to clone upperpath [ 368.041445][ T6677] loop3: detected capacity change from 0 to 1024 [ 374.201233][ T6732] overlayfs: missing 'lowerdir' [ 374.395127][ T6733] loop5: detected capacity change from 0 to 1024 [ 377.171191][ T30] audit: type=1400 audit(2000000166.980:1760): avc: denied { mount } for pid=6722 comm="syz.1.2091" name="/" dev="pstore" ino=13758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 377.202094][ T30] audit: type=1400 audit(2000000166.980:1761): avc: denied { remount } for pid=6722 comm="syz.1.2091" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 377.997767][ T30] audit: type=1400 audit(2000000170.780:1762): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1 [ 378.143788][ T6744] loop5: detected capacity change from 0 to 40427 [ 378.158809][ T6744] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 378.167080][ T6744] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 378.178962][ T6744] F2FS-fs (loop5): invalid crc value [ 378.205431][ T6744] F2FS-fs (loop5): Found nat_bits in checkpoint [ 378.371014][ T6744] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 378.381348][ T6744] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 378.721183][ T6768] incfs_lookup_dentry err:-5 [ 378.735372][ T6768] incfs: Can't find or create .index dir in ./file0 [ 378.751270][ T6768] incfs: mount failed -5 [ 379.102337][ T6776] loop3: detected capacity change from 0 to 1024 [ 380.046711][ T6792] loop5: detected capacity change from 0 to 40427 [ 380.063410][ T6792] F2FS-fs (loop5): invalid crc value [ 380.078091][ T6792] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109) [ 380.134775][ T6792] F2FS-fs (loop5): Start checkpoint disabled! [ 380.151345][ T6792] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 380.341446][ T6807] attempt to access beyond end of device [ 380.341446][ T6807] loop5: rw=10241, want=45104, limit=40427 [ 380.677126][ T8] attempt to access beyond end of device [ 380.677126][ T8] loop5: rw=1, want=45168, limit=40427 [ 380.692397][ T8] attempt to access beyond end of device [ 380.692397][ T8] loop5: rw=1, want=45104, limit=40427 [ 380.710571][ T8] attempt to access beyond end of device [ 380.710571][ T8] loop5: rw=2049, want=45176, limit=40427 [ 381.615753][ T6830] loop3: detected capacity change from 0 to 40427 [ 381.615753][ T6834] loop5: detected capacity change from 0 to 512 [ 381.668740][ T6834] EXT4-fs (loop5): Test dummy encryption mode enabled [ 381.678000][ T6834] EXT4-fs (loop5): Unrecognized mount option "uid>00000000000000000000" or missing value [ 381.769899][ T6830] F2FS-fs (loop3): Found nat_bits in checkpoint [ 381.814127][ T6830] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 382.054338][ T6852] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2132'. [ 382.137518][ T285] attempt to access beyond end of device [ 382.137518][ T285] loop3: rw=2049, want=45104, limit=40427 [ 384.320746][ T6879] overlayfs: failed to clone upperpath [ 384.644488][ T6884] loop5: detected capacity change from 0 to 8192 [ 384.975230][ T6893] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2143'. [ 386.854136][ T6896] loop3: detected capacity change from 0 to 40427 [ 386.880515][ T6896] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 386.961852][ T6896] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 386.978009][ T6896] F2FS-fs (loop3): invalid crc value [ 387.176024][ T6925] overlayfs: failed to resolve './file1': -2 [ 387.367990][ T6896] F2FS-fs (loop3): Found nat_bits in checkpoint [ 387.491006][ T6921] x_tables: duplicate underflow at hook 4 [ 387.499809][ T6909] loop5: detected capacity change from 0 to 40427 [ 387.519357][ T6896] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 387.526424][ T6896] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 387.535508][ T6921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2155'. [ 387.554267][ T6909] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 387.602618][ T6909] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 387.643253][ T6909] F2FS-fs (loop5): invalid crc value [ 387.683256][ T6909] F2FS-fs (loop5): Found nat_bits in checkpoint [ 387.857394][ T6909] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 387.866768][ T6909] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 388.066434][ T6956] overlayfs: failed to resolve './file1': -2 [ 388.942978][ T30] audit: type=1107 audit(2000000181.720:1763): pid=6971 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 388.968693][ T6963] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2166'. [ 389.153701][ T6979] loop5: detected capacity change from 0 to 256 [ 389.159892][ T6983] loop3: detected capacity change from 0 to 512 [ 389.179159][ T6983] EXT4-fs (loop3): Ignoring removed nobh option [ 389.185885][ T6983] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 389.209845][ T6979] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 389.225962][ T6979] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 389.234724][ T6983] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.2174: invalid indirect mapped block 256 (level 2) [ 389.256551][ T6979] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 389.277698][ T6983] EXT4-fs (loop3): 2 truncates cleaned up [ 389.285647][ T6983] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,nojournal_checksum,dioread_nolock,bsdgroups,nogrpid,,errors=continue. Quota mode: writeback. [ 389.355108][ T30] audit: type=1400 audit(2000000182.130:1764): avc: denied { setattr } for pid=6998 comm="syz.2.2180" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 389.449677][ T30] audit: type=1326 audit(2000000182.230:1765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.489071][ T7000] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.2174: bg 0: block 5: invalid block bitmap [ 389.501662][ T30] audit: type=1326 audit(2000000182.230:1766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.548664][ T30] audit: type=1326 audit(2000000182.250:1767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.574239][ T7000] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 389.596015][ T30] audit: type=1326 audit(2000000182.250:1768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.632671][ T7000] EXT4-fs (loop3): This should not happen!! Data will be lost [ 389.632671][ T7000] [ 389.645405][ T30] audit: type=1326 audit(2000000182.250:1769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.679410][ T7000] EXT4-fs (loop3): Total free blocks count 0 [ 389.692667][ T7000] EXT4-fs (loop3): Free/Dirty block details [ 389.698800][ T30] audit: type=1326 audit(2000000182.250:1770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.724271][ T7000] EXT4-fs (loop3): free_blocks=0 [ 389.730213][ T7000] EXT4-fs (loop3): dirty_blocks=7860 [ 389.736040][ T7000] EXT4-fs (loop3): Block reservation details [ 389.745656][ T7015] loop5: detected capacity change from 0 to 512 [ 389.762196][ T7000] EXT4-fs (loop3): i_reserved_data_blocks=7860 [ 389.768562][ T30] audit: type=1326 audit(2000000182.250:1771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.794089][ T7015] EXT4-fs (loop5): 1 orphan inode deleted [ 389.800036][ T7015] EXT4-fs (loop5): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 389.821023][ T7015] ext4 filesystem being mounted at /264/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 389.832701][ T30] audit: type=1326 audit(2000000182.250:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7003 comm="syz.5.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 389.857144][ T7015] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2186'. [ 389.866430][ T7015] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2186'. [ 389.881708][ T8] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 389.894907][ T8] EXT4-fs (loop3): This should not happen!! Data will be lost [ 389.894907][ T8] [ 391.344655][ T7052] loop5: detected capacity change from 0 to 40427 [ 391.367358][ T7052] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 391.382007][ T7052] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 391.399048][ T7052] F2FS-fs (loop5): invalid crc value [ 391.419721][ T7052] F2FS-fs (loop5): Found nat_bits in checkpoint [ 391.428528][ T7077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2210'. [ 391.470169][ T7052] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 391.477428][ T7052] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 391.876277][ T7095] overlayfs: failed to resolve './file1': -2 [ 392.687535][ T7115] loop3: detected capacity change from 0 to 256 [ 392.778984][ T7115] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 392.790708][ T7115] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 392.822377][ T7115] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 393.504252][ T7137] loop3: detected capacity change from 0 to 40427 [ 393.524645][ T7137] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 393.542970][ T7137] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 393.552753][ T7137] F2FS-fs (loop3): invalid crc value [ 393.562754][ T7137] F2FS-fs (loop3): Found nat_bits in checkpoint [ 393.598892][ T7137] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 393.606057][ T7137] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 394.007430][ T7158] tipc: Enabling of bearer rejected, already enabled [ 394.042541][ T7158] tipc: Bearer : already 2 bearers with priority 10 [ 394.050534][ T7158] tipc: Bearer : trying with adjusted priority [ 394.057730][ T7158] tipc: Enabling of bearer rejected, failed to enable media [ 394.282827][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 394.282845][ T30] audit: type=1400 audit(2000000187.060:1779): avc: denied { associate } for pid=7172 comm="syz.0.2243" name="cpu.stat" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 395.145745][ T7187] loop5: detected capacity change from 0 to 40427 [ 395.180351][ T7187] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 395.190006][ T7187] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 395.200578][ T7187] F2FS-fs (loop5): invalid crc value [ 395.250196][ T7187] F2FS-fs (loop5): Found nat_bits in checkpoint [ 395.309889][ T7187] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 395.327109][ T7187] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 395.884824][ T7210] loop3: detected capacity change from 0 to 256 [ 396.079920][ T7227] 9pnet: Insufficient options for proto=fd [ 397.245501][ T7245] bridge: RTM_NEWNEIGH with invalid ether address [ 397.255787][ T30] audit: type=1400 audit(2000000190.030:1780): avc: denied { relabelfrom } for pid=7240 comm="syz.3.2264" name="NETLINK" dev="sockfs" ino=39725 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 397.290818][ T7243] loop3: detected capacity change from 0 to 256 [ 397.326599][ T30] audit: type=1400 audit(2000000190.030:1781): avc: denied { relabelto } for pid=7240 comm="syz.3.2264" name="NETLINK" dev="sockfs" ino=39725 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=netlink_netfilter_socket permissive=1 [ 397.366394][ T30] audit: type=1400 audit(2000000190.030:1782): avc: denied { ioctl } for pid=7240 comm="syz.3.2264" path="socket:[39725]" dev="sockfs" ino=39725 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=sock_file permissive=1 [ 397.400464][ T7243] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 397.473700][ T7256] loop3: detected capacity change from 0 to 256 [ 397.543597][ T30] audit: type=1326 audit(2000000190.320:1783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7257 comm="syz.1.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 397.567492][ T30] audit: type=1326 audit(2000000190.320:1784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7257 comm="syz.1.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 397.596070][ T30] audit: type=1326 audit(2000000190.340:1785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7257 comm="syz.1.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 397.619827][ T30] audit: type=1326 audit(2000000190.350:1786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7257 comm="syz.1.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 397.644966][ T30] audit: type=1326 audit(2000000190.350:1787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7257 comm="syz.1.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 397.681772][ T30] audit: type=1326 audit(2000000190.350:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7257 comm="syz.1.2271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 397.721763][ T7264] 9pnet: Insufficient options for proto=fd [ 397.728743][ T7256] FAT-fs (loop3): Directory bread(block 64) failed [ 397.735580][ T7256] FAT-fs (loop3): Directory bread(block 65) failed [ 397.742748][ T7256] FAT-fs (loop3): Directory bread(block 66) failed [ 397.749906][ T7256] FAT-fs (loop3): Directory bread(block 67) failed [ 397.757299][ T7256] FAT-fs (loop3): Directory bread(block 68) failed [ 397.764455][ T7256] FAT-fs (loop3): Directory bread(block 69) failed [ 397.771545][ T7256] FAT-fs (loop3): Directory bread(block 70) failed [ 397.778504][ T7256] FAT-fs (loop3): Directory bread(block 71) failed [ 397.788023][ T7256] FAT-fs (loop3): Directory bread(block 72) failed [ 397.794800][ T7256] FAT-fs (loop3): Directory bread(block 73) failed [ 400.621209][ T30] kauditd_printk_skb: 62 callbacks suppressed [ 400.621227][ T30] audit: type=1400 audit(2000000193.400:1851): avc: denied { bind } for pid=7282 comm="syz.1.2280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 400.649044][ T7281] 9pnet: Insufficient options for proto=fd [ 400.661211][ T30] audit: type=1400 audit(2000000193.430:1852): avc: denied { setopt } for pid=7282 comm="syz.1.2280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 400.682248][ T30] audit: type=1326 audit(2000000193.460:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 400.708346][ T30] audit: type=1326 audit(2000000193.460:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 400.753643][ T30] audit: type=1326 audit(2000000193.490:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 400.831468][ T30] audit: type=1326 audit(2000000193.490:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 400.881304][ T30] audit: type=1326 audit(2000000193.490:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 400.917172][ T30] audit: type=1326 audit(2000000193.520:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 400.978572][ T30] audit: type=1326 audit(2000000193.520:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 401.036958][ T30] audit: type=1326 audit(2000000193.520:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7277 comm="syz.5.2279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 401.051272][ T7285] loop3: detected capacity change from 0 to 40427 [ 401.095560][ T7285] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 401.099120][ T7304] loop5: detected capacity change from 0 to 8192 [ 401.115205][ T7285] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 401.125102][ T7285] F2FS-fs (loop3): invalid crc value [ 401.132125][ T7299] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 401.139403][ T7299] IPv6: NLM_F_CREATE should be set when creating new route [ 401.153026][ T7285] F2FS-fs (loop3): Found nat_bits in checkpoint [ 401.189031][ T7285] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 401.196175][ T7285] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 401.688422][ T7337] loop5: detected capacity change from 0 to 128 [ 401.996529][ T7348] loop3: detected capacity change from 0 to 40427 [ 402.007093][ T39] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 402.015361][ T7348] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 402.023478][ T7348] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 402.052799][ T7348] F2FS-fs (loop3): invalid crc value [ 402.077240][ T7348] F2FS-fs (loop3): Found nat_bits in checkpoint [ 402.129431][ T7348] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 402.139706][ T7348] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 402.276927][ T39] usb 6-1: Using ep0 maxpacket: 16 [ 402.391783][ T7384] overlayfs: failed to clone upperpath [ 402.447289][ T39] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.537017][ T39] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.567055][ T39] usb 6-1: config 0 interface 0 has no altsetting 0 [ 402.584212][ T39] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 402.628185][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.660445][ T39] usb 6-1: config 0 descriptor?? [ 403.137801][ T39] hid (null): report_id 0 is invalid [ 403.167390][ T7398] loop3: detected capacity change from 0 to 4096 [ 403.234570][ T7398] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 403.365989][ T39] usb 6-1: USB disconnect, device number 17 [ 403.408230][ T7408] loop3: detected capacity change from 0 to 4096 [ 403.435428][ T7408] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 403.789721][ T7421] loop3: detected capacity change from 0 to 40427 [ 403.798193][ T7421] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 403.807027][ T7421] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 403.817846][ T7421] F2FS-fs (loop3): invalid crc value [ 403.824619][ T7421] F2FS-fs (loop3): Found nat_bits in checkpoint [ 403.861163][ T7421] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 403.868327][ T7421] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 403.920017][ T7427] loop5: detected capacity change from 0 to 256 [ 404.024534][ T7427] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 404.041826][ T7427] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 404.057986][ T7427] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 404.165694][ T7434] overlayfs: failed to clone upperpath [ 404.619444][ T7421] incfs: Can't find or create .index dir in ./file0 [ 404.633794][ T7421] incfs: mount failed -14 [ 404.921526][ T7447] loop3: detected capacity change from 0 to 4096 [ 404.945956][ T7447] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 405.162631][ T7465] loop5: detected capacity change from 0 to 512 [ 405.220098][ T7465] EXT4-fs (loop5): orphan cleanup on readonly fs [ 405.228131][ T7465] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.2339: bg 0: block 248: padding at end of block bitmap is not set [ 405.242929][ T7465] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.2339: Failed to acquire dquot type 1 [ 405.258611][ T7465] EXT4-fs (loop5): 1 truncate cleaned up [ 405.264642][ T7465] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 405.325833][ T7471] netlink: 'syz.1.2342': attribute type 27 has an invalid length. [ 405.679838][ T7479] overlayfs: failed to resolve './file1': -2 [ 406.150812][ T7475] incfs: Can't find or create .index dir in ./file0 [ 406.157682][ T7475] incfs: mount failed -14 [ 406.295312][ T6] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 406.360227][ T7494] loop5: detected capacity change from 0 to 256 [ 406.393963][ T7494] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 406.434383][ T30] kauditd_printk_skb: 126 callbacks suppressed [ 406.434401][ T30] audit: type=1107 audit(2000000199.210:1985): pid=7493 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 406.666986][ T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 406.837090][ T6] usb 4-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d4.fd [ 406.850454][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.866948][ T6] usb 4-1: Product: syz [ 406.876337][ T6] usb 4-1: Manufacturer: syz [ 406.886163][ T6] usb 4-1: SerialNumber: syz [ 406.897071][ T6] usb 4-1: config 0 descriptor?? [ 407.153586][ T6] usb 4-1: USB disconnect, device number 25 [ 407.491210][ T7515] incfs: Can't find or create .index dir in ./file0 [ 407.498098][ T7515] incfs: mount failed -14 [ 407.592364][ T7521] loop5: detected capacity change from 0 to 1024 [ 408.328512][ T30] audit: type=1326 audit(2000000201.070:1986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 408.359582][ T7537] kvm: MWAIT instruction emulated as NOP! [ 408.402001][ T30] audit: type=1326 audit(2000000201.070:1987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 409.280194][ T30] audit: type=1326 audit(2000000201.070:1988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.192224][ T30] audit: type=1326 audit(2000000201.070:1989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.276304][ T30] audit: type=1326 audit(2000000201.070:1990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.300679][ T30] audit: type=1326 audit(2000000201.070:1991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.338762][ T30] audit: type=1326 audit(2000000201.070:1992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.438573][ T30] audit: type=1326 audit(2000000201.070:1993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.476923][ T30] audit: type=1326 audit(2000000201.070:1994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7545 comm="syz.1.2371" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6366f76929 code=0x7ffc0000 [ 410.658380][ T7585] overlayfs: failed to resolve './file1': -2 [ 410.978358][ T7583] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.007060][ T7583] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.046743][ T7583] device bridge_slave_0 entered promiscuous mode [ 411.067867][ T7583] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.099194][ T7583] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.137535][ T7583] device bridge_slave_1 entered promiscuous mode [ 411.371527][ T7583] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.378634][ T7583] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.385954][ T7583] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.393055][ T7583] bridge0: port 1(bridge_slave_0) entered forwarding state [ 411.493496][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 411.545794][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 411.555439][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 411.567114][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 411.576021][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 411.950850][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 411.959914][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 411.974658][ T7583] device veth0_vlan entered promiscuous mode [ 411.982248][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 411.990897][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 412.006827][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 412.014610][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 412.022497][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 412.030939][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 412.040166][ T7583] device veth1_macvtap entered promiscuous mode [ 412.050784][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 412.058961][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 412.067985][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 412.096970][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 412.105369][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 412.320862][ T7607] incfs: Can't find or create .index dir in ./file0 [ 412.335302][ T7607] incfs: mount failed -14 [ 412.576308][ T7634] overlayfs: failed to resolve './file1': -2 [ 413.204616][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 413.204635][ T30] audit: type=1326 audit(2000000205.890:2020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.236668][ T30] audit: type=1326 audit(2000000205.890:2021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.262516][ T30] audit: type=1326 audit(2000000205.890:2022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.359640][ T7657] loop3: detected capacity change from 0 to 1024 [ 413.413983][ T7657] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none. [ 413.434506][ T7657] ext4 filesystem being mounted at /454/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 413.476582][ T30] audit: type=1326 audit(2000000205.890:2023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.580897][ T30] audit: type=1326 audit(2000000205.890:2024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.631499][ T30] audit: type=1326 audit(2000000205.890:2025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.683784][ T30] audit: type=1326 audit(2000000205.890:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.733827][ T30] audit: type=1326 audit(2000000205.890:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.783606][ T30] audit: type=1326 audit(2000000205.890:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 413.850804][ T30] audit: type=1326 audit(2000000205.890:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7647 comm="syz.2.2400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 414.494285][ T7673] loop3: detected capacity change from 0 to 40427 [ 414.548542][ T498] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 414.584090][ T7673] F2FS-fs (loop3): Found nat_bits in checkpoint [ 414.608262][ T7663] incfs: Can't find or create .index dir in ./file0 [ 414.615352][ T7663] incfs: mount failed -14 [ 414.625905][ T7673] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 414.847896][ T285] attempt to access beyond end of device [ 414.847896][ T285] loop3: rw=2049, want=45104, limit=40427 [ 414.917037][ T498] usb 3-1: config 0 has an invalid interface number: 185 but max is 0 [ 414.929911][ T498] usb 3-1: config 0 has an invalid descriptor of length 44, skipping remainder of the config [ 415.001748][ T498] usb 3-1: config 0 has no interface number 0 [ 415.008187][ T7695] tipc: Enabling of bearer rejected, already enabled [ 415.016569][ T498] usb 3-1: too many endpoints for config 0 interface 185 altsetting 59: 188, using maximum allowed: 30 [ 415.019401][ T7695] tipc: Bearer : already 2 bearers with priority 10 [ 415.027815][ T498] usb 3-1: config 0 interface 185 altsetting 59 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 415.058897][ T7695] tipc: Bearer : trying with adjusted priority [ 415.347511][ T498] usb 3-1: config 0 interface 185 has no altsetting 0 [ 415.354585][ T7695] tipc: Enabling of bearer rejected, failed to enable media [ 415.437105][ T498] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 415.456436][ T498] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=34 [ 415.479276][ T498] usb 3-1: SerialNumber: syz [ 415.588018][ T498] usb 3-1: config 0 descriptor?? [ 416.856277][ T7727] loop5: detected capacity change from 0 to 40427 [ 416.872133][ T7734] loop3: detected capacity change from 0 to 128 [ 416.910644][ T7727] F2FS-fs (loop5): Found nat_bits in checkpoint [ 416.942777][ T7727] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 416.959938][ T7719] incfs: Can't find or create .index dir in ./file0 [ 416.967599][ T7719] incfs: mount failed -14 [ 417.057276][ T302] attempt to access beyond end of device [ 417.057276][ T302] loop5: rw=2049, want=45104, limit=40427 [ 417.256262][ T498] usb 3-1: USB disconnect, device number 29 [ 417.330846][ T7750] Illegal XDP return value 4294967274, expect packet loss! [ 417.423446][ T7762] loop5: detected capacity change from 0 to 512 [ 417.438968][ T7762] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 417.468041][ T7762] EXT4-fs (loop5): 1 truncate cleaned up [ 417.478087][ T7762] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback. [ 418.266686][ T7765] incfs: Can't find or create .index dir in ./file0 [ 418.273560][ T7765] incfs: mount failed -14 [ 418.436249][ T7771] incfs: Can't find or create .index dir in ./file0 [ 418.443078][ T7771] incfs: mount failed -14 [ 418.540905][ T30] kauditd_printk_skb: 85 callbacks suppressed [ 418.540923][ T30] audit: type=1400 audit(2000000211.320:2115): avc: denied { append } for pid=7791 comm="syz.0.2447" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 420.634718][ T498] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 420.724895][ T7829] loop3: detected capacity change from 0 to 512 [ 420.759291][ T7829] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,acl,max_dir_size_kb=0x0000000000000001,. Quota mode: writeback. [ 420.774308][ T7829] ext4 filesystem being mounted at /459/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 420.947998][ T498] usb 3-1: device descriptor read/64, error -71 [ 421.895690][ T7859] loop5: detected capacity change from 0 to 4096 [ 422.018969][ T7859] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 423.156982][ T498] usb 3-1: device descriptor read/64, error -71 [ 423.168173][ T30] audit: type=1400 audit(2000000215.950:2116): avc: denied { execute } for pid=7894 comm="syz.5.2482" path="/sys/power/reserved_size" dev="sysfs" ino=1170 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1 [ 423.251574][ T7902] 9pnet: Insufficient options for proto=fd [ 423.477020][ T39] usb 6-1: new low-speed USB device number 18 using dummy_hcd [ 423.767034][ T39] usb 6-1: Invalid ep0 maxpacket: 32 [ 424.337031][ T39] usb 6-1: new low-speed USB device number 19 using dummy_hcd [ 425.784795][ T39] usb 6-1: Invalid ep0 maxpacket: 32 [ 425.791945][ T39] usb usb6-port1: attempt power cycle [ 425.820093][ T7934] 9pnet: Insufficient options for proto=fd [ 425.836273][ T30] audit: type=1326 audit(2000000218.610:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 425.861456][ T30] audit: type=1326 audit(2000000218.610:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 425.890340][ T30] audit: type=1326 audit(2000000218.640:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 425.970791][ T30] audit: type=1326 audit(2000000218.640:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 426.005259][ T30] audit: type=1326 audit(2000000218.640:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 426.046297][ T30] audit: type=1326 audit(2000000218.640:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 426.201299][ T3036] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 426.883133][ T39] usb 6-1: new low-speed USB device number 20 using dummy_hcd [ 427.082812][ T30] audit: type=1326 audit(2000000218.640:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 427.125588][ T30] audit: type=1326 audit(2000000218.640:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 427.155839][ T30] audit: type=1326 audit(2000000218.660:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 427.234717][ T30] audit: type=1326 audit(2000000218.660:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7930 comm="syz.0.2495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7be093a929 code=0x7ffc0000 [ 427.357032][ T3036] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 427.380443][ T7976] syz.2.2511[7976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 427.380519][ T7976] syz.2.2511[7976] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 427.507089][ T39] usb 6-1: device not accepting address 20, error -71 [ 427.526991][ T3036] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 427.541456][ T3036] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.552494][ T3036] usb 4-1: Product: syz [ 427.558627][ T3036] usb 4-1: Manufacturer: syz [ 427.571461][ T3036] usb 4-1: SerialNumber: syz [ 427.847016][ T3037] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 428.327035][ T3037] usb 2-1: Using ep0 maxpacket: 32 [ 428.447296][ T3037] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 428.545497][ T3037] usb 2-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00 [ 428.667130][ T3037] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.699684][ T3037] usb 2-1: config 0 descriptor?? [ 428.858057][ T7936] UDC core: couldn't find an available UDC or it's busy: -16 [ 428.867747][ T7936] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 428.917041][ T3036] cdc_ncm 4-1:1.0: failed to get mac address [ 428.940180][ T3036] cdc_ncm 4-1:1.0: bind() failure [ 428.967021][ T3036] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 428.988741][ T3036] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 428.996350][ T3036] usb 4-1: USB disconnect, device number 26 [ 429.037196][ T3037] usbhid 2-1:0.0: can't add hid device: -71 [ 429.043307][ T3037] usbhid: probe of 2-1:0.0 failed with error -71 [ 429.061775][ T3037] usb 2-1: USB disconnect, device number 16 [ 429.295333][ T8021] loop5: detected capacity change from 0 to 1024 [ 429.359973][ T8021] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 429.439035][ T8030] loop3: detected capacity change from 0 to 4096 [ 429.480023][ T8030] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 429.672684][ T8039] loop3: detected capacity change from 0 to 40427 [ 429.718641][ T8039] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 429.738850][ T8039] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 429.759829][ T8039] F2FS-fs (loop3): invalid crc value [ 429.784241][ T8039] F2FS-fs (loop3): Found nat_bits in checkpoint [ 429.846108][ T8039] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 429.853504][ T8039] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 431.216976][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 431.216998][ T30] audit: type=1400 audit(2000000223.490:2181): avc: denied { setopt } for pid=8048 comm="syz.0.2535" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 433.695192][ T30] audit: type=1400 audit(2000000226.470:2182): avc: denied { lock } for pid=8086 comm="syz.1.2547" path="socket:[43218]" dev="sockfs" ino=43218 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 435.541743][ T8111] loop3: detected capacity change from 0 to 4096 [ 435.587957][ T8111] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 435.826601][ T8139] netlink: 'syz.2.2562': attribute type 12 has an invalid length. [ 435.938198][ T8142] loop5: detected capacity change from 0 to 8192 [ 436.376973][ T8149] loop3: detected capacity change from 0 to 1024 [ 438.367770][ T8152] overlayfs: failed to resolve './file1': -2 [ 439.212803][ T8153] overlayfs: failed to resolve './file1': -2 [ 440.520133][ T331] loop5: p1 p2[DM] p4 [ 440.530070][ T331] loop5: p1 size 196608 extends beyond EOD, truncated [ 440.612648][ T331] loop5: p2 start 4292936063 is beyond EOD, truncated [ 440.624576][ T331] loop5: p4 size 50331648 extends beyond EOD, truncated [ 440.674790][ T8142] loop5: p1 p2[DM] p4 [ 440.679415][ T8142] loop5: p1 size 196608 extends beyond EOD, truncated [ 440.698022][ T8142] loop5: p2 start 4292936063 is beyond EOD, truncated [ 440.725106][ T8142] loop5: p4 size 50331648 extends beyond EOD, truncated [ 440.848446][ T30] audit: type=1400 audit(2000000233.630:2183): avc: denied { map } for pid=8179 comm="syz.1.2576" path="socket:[42904]" dev="sockfs" ino=42904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 440.862928][ T403] udevd[403]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 440.912032][ T8180] netlink: 'syz.1.2576': attribute type 12 has an invalid length. [ 440.923629][ T331] udevd[331]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 440.977781][ T331] udevd[331]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 440.994512][ T30] audit: type=1400 audit(2000000233.650:2184): avc: denied { read accept } for pid=8179 comm="syz.1.2576" path="socket:[42904]" dev="sockfs" ino=42904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 441.013464][ T403] udevd[403]: inotify_add_watch(7, /dev/loop5p4, 10) failed: No such file or directory [ 441.055419][ T30] audit: type=1400 audit(2000000233.680:2185): avc: denied { create } for pid=8179 comm="syz.1.2576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1 [ 442.934714][ T8194] overlayfs: failed to resolve './file1': -2 [ 445.825780][ T8236] overlayfs: failed to resolve './file1': -2 [ 446.254853][ T8235] loop3: detected capacity change from 0 to 4096 [ 446.295390][ T8235] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 446.647396][ T8268] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2605'. [ 446.664463][ T30] audit: type=1400 audit(2000000245.439:2186): avc: denied { read } for pid=8266 comm="syz.5.2605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 447.915267][ T8280] loop5: detected capacity change from 0 to 1024 [ 448.727054][ T8307] incfs: Options parsing error. -22 [ 448.739054][ T8307] incfs: mount failed -22 [ 449.862410][ T8324] tmpfs: Unknown parameter 'fsname' [ 450.010490][ T8330] loop5: detected capacity change from 0 to 4096 [ 450.087829][ T8330] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 450.223161][ T8350] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8350 comm=syz.3.2633 [ 450.435029][ T30] audit: type=1400 audit(2000000249.209:2187): avc: denied { mounton } for pid=8345 comm="syz.0.2634" path="/bus" dev="bpf" ino=44226 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 450.457927][ T8356] overlayfs: failed to clone upperpath [ 450.501976][ T8352] kvm [8351]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0xf12d [ 450.535690][ T8352] kvm [8351]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0xe6ff [ 450.638545][ T8352] kvm [8351]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0xfcaa [ 450.776702][ T8375] loop5: detected capacity change from 0 to 4096 [ 450.823820][ T8375] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 451.272514][ T30] audit: type=1400 audit(2000000250.049:2188): avc: denied { create } for pid=8384 comm="syz.5.2645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 452.604012][ T8398] input: syz0 as /devices/virtual/input/input12 [ 452.695120][ T8424] FAULT_INJECTION: forcing a failure. [ 452.695120][ T8424] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 452.722543][ T8419] loop5: detected capacity change from 0 to 40427 [ 452.729424][ T8424] CPU: 0 PID: 8424 Comm: syz.2.2659 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 452.739601][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 452.749677][ T8424] Call Trace: [ 452.752969][ T8424] [ 452.755915][ T8424] __dump_stack+0x21/0x30 [ 452.760254][ T8424] dump_stack_lvl+0xee/0x150 [ 452.764858][ T8424] ? show_regs_print_info+0x20/0x20 [ 452.770067][ T8424] ? __kernel_text_address+0xa0/0x100 [ 452.775464][ T8424] dump_stack+0x15/0x20 [ 452.779636][ T8424] should_fail+0x3c1/0x510 [ 452.784061][ T8424] should_fail_usercopy+0x1a/0x20 [ 452.789099][ T8424] _copy_from_user+0x20/0xd0 [ 452.793704][ T8424] __copy_msghdr_from_user+0xaf/0x5e0 [ 452.799098][ T8424] ? __ia32_sys_shutdown+0x1e0/0x1e0 [ 452.804482][ T8424] ? kasan_set_track+0x5b/0x70 [ 452.809267][ T8424] ? kasan_set_track+0x4a/0x70 [ 452.814034][ T8424] ? kasan_set_free_info+0x23/0x40 [ 452.819157][ T8424] ? ____kasan_slab_free+0x125/0x160 [ 452.824451][ T8424] ? __kasan_slab_free+0x11/0x20 [ 452.829413][ T8424] ? kmem_cache_free+0x100/0x320 [ 452.829446][ T8424] ___sys_sendmsg+0x156/0x260 [ 452.829465][ T8424] ? _kstrtoull+0x3c0/0x4d0 [ 452.829485][ T8424] ? __sys_sendmsg+0x250/0x250 [ 452.829509][ T8424] ? __fdget+0x1a1/0x230 [ 452.829531][ T8424] __sys_sendmmsg+0x278/0x480 [ 452.829549][ T8424] ? __ia32_sys_sendmsg+0x2a0/0x2a0 [ 452.829573][ T8424] ? __ia32_sys_read+0x90/0x90 [ 452.829592][ T8424] __x64_sys_sendmmsg+0xa0/0xb0 [ 452.829610][ T8424] x64_sys_call+0x6c6/0x9a0 [ 452.829627][ T8424] do_syscall_64+0x4c/0xa0 [ 452.829643][ T8424] ? clear_bhb_loop+0x50/0xa0 [ 452.829662][ T8424] ? clear_bhb_loop+0x50/0xa0 [ 452.829679][ T8424] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 452.829701][ T8424] RIP: 0033:0x7fbfcdb3a929 [ 452.829718][ T8424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.829735][ T8424] RSP: 002b:00007fbfcc1a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 452.829757][ T8424] RAX: ffffffffffffffda RBX: 00007fbfcdd61fa0 RCX: 00007fbfcdb3a929 [ 452.829772][ T8424] RDX: 0000000000000002 RSI: 0000200000003780 RDI: 0000000000000005 [ 452.829785][ T8424] RBP: 00007fbfcc1a3090 R08: 0000000000000000 R09: 0000000000000000 [ 452.829798][ T8424] R10: 0000000024004441 R11: 0000000000000246 R12: 0000000000000001 [ 452.829811][ T8424] R13: 0000000000000000 R14: 00007fbfcdd61fa0 R15: 00007fff5e9b7f88 [ 452.829828][ T8424] [ 452.900948][ T8419] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 452.900978][ T8419] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 452.902479][ T8419] F2FS-fs (loop5): invalid crc value [ 452.921693][ T8431] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 452.928054][ T8419] F2FS-fs (loop5): Found nat_bits in checkpoint [ 453.006950][ T8419] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 453.006980][ T8419] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 453.388616][ T8454] netem: change failed [ 453.653413][ T8465] loop3: detected capacity change from 0 to 128 [ 453.707648][ T8465] FAT-fs (loop3): Unrecognized mount option "s" or missing value [ 453.717689][ T8426] incfs_lookup_dentry err:-14 [ 453.722528][ T8426] incfs: Can't find or create .index dir in ./file0 [ 453.738063][ T8426] incfs: mount failed -14 [ 456.045073][ T8498] loop3: detected capacity change from 0 to 40427 [ 456.097564][ T8498] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 456.105552][ T8498] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 456.115243][ T8498] F2FS-fs (loop3): invalid crc value [ 456.122409][ T8498] F2FS-fs (loop3): Found nat_bits in checkpoint [ 456.463334][ T30] audit: type=1400 audit(2000000255.239:2189): avc: denied { map } for pid=8519 comm="syz.2.2691" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 456.487708][ T8498] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 456.494915][ T30] audit: type=1400 audit(2000000255.239:2190): avc: denied { call } for pid=8519 comm="syz.2.2691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 456.514630][ T8498] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 456.524604][ T8523] fuse: Bad value for 'group_id' [ 456.552063][ T30] audit: type=1326 audit(2000000255.329:2191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 456.595131][ T30] audit: type=1326 audit(2000000255.349:2192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 456.618682][ T30] audit: type=1326 audit(2000000255.349:2193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 456.642421][ T30] audit: type=1326 audit(2000000255.349:2194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 456.666276][ T30] audit: type=1326 audit(2000000255.359:2195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 456.690027][ T30] audit: type=1326 audit(2000000255.359:2196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbfcdb39290 code=0x7ffc0000 [ 456.713964][ T30] audit: type=1326 audit(2000000255.359:2197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbfcdb39290 code=0x7ffc0000 [ 456.737576][ T30] audit: type=1326 audit(2000000255.359:2198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8522 comm="syz.2.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 457.414506][ T8559] incfs_lookup_dentry err:-5 [ 457.423367][ T8559] incfs: Can't find or create .index dir in ./file0 [ 457.430466][ T8559] incfs: mount failed -5 [ 457.569759][ T8572] xt_bpf: check failed: parse error [ 457.731966][ T8569] loop3: detected capacity change from 0 to 40427 [ 457.786986][ T8569] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 457.798847][ T8578] 9pnet: Insufficient options for proto=fd [ 457.804827][ T8569] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 457.823635][ T8578] 9pnet: Insufficient options for proto=fd [ 457.831062][ T8569] F2FS-fs (loop3): invalid crc value [ 457.858911][ T8569] F2FS-fs (loop3): Found nat_bits in checkpoint [ 457.916915][ T8220] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 457.937997][ T8589] loop5: detected capacity change from 0 to 256 [ 457.944780][ T8569] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 457.958941][ T8589] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 457.970121][ T8569] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 457.988103][ T8589] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 458.020360][ T8589] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 458.158569][ T8596] incfs_lookup_dentry err:-5 [ 458.163310][ T8596] incfs: Can't find or create .index dir in ./file0 [ 458.170439][ T8596] incfs: mount failed -5 [ 458.176935][ T8220] usb 2-1: Using ep0 maxpacket: 32 [ 458.312316][ T8220] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 458.337090][ T8220] usb 2-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 458.358227][ T8220] usb 2-1: New USB device found, idVendor=016d, idProduct=c314, bcdDevice= 0.00 [ 458.376018][ T8220] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.473464][ T8606] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2726'. [ 458.584041][ T8617] device batadv_slave_1 entered promiscuous mode [ 458.617786][ T8617] device macsec0 entered promiscuous mode [ 458.624239][ T8616] device batadv_slave_1 left promiscuous mode [ 458.806895][ T3036] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 458.818351][ T8626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2732'. [ 459.046921][ T3036] usb 6-1: Using ep0 maxpacket: 32 [ 459.206949][ T3036] usb 6-1: unable to get BOS descriptor or descriptor too short [ 459.286983][ T3036] usb 6-1: config 1 interface 0 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 8 [ 459.296756][ T3036] usb 6-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 459.309646][ T3036] usb 6-1: config 1 interface 0 has no altsetting 0 [ 459.467003][ T3036] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 459.476161][ T3036] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.484448][ T3036] usb 6-1: Product: syz [ 459.488675][ T3036] usb 6-1: Manufacturer: syz [ 459.493331][ T3036] usb 6-1: SerialNumber: syz [ 459.517004][ T8606] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 459.576948][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 459.777014][ T39] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 459.825271][ T8636] incfs_lookup_dentry err:-14 [ 459.830367][ T8636] incfs: Can't find or create .index dir in ./file0 [ 459.837039][ T8636] incfs: mount failed -14 [ 460.018316][ T8606] UDC core: couldn't find an available UDC or it's busy: -16 [ 460.025744][ T8606] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 460.035284][ T8606] loop5: detected capacity change from 0 to 128 [ 460.051291][ T8606] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 460.062123][ T8606] ext4 filesystem being mounted at /367/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 460.157403][ T39] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 460.169032][ T39] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 460.179648][ T39] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 460.188986][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.679104][ T328] usb 2-1: USB disconnect, device number 17 [ 460.717401][ T39] aiptek 4-1:17.0: Aiptek using 400 ms programming speed [ 460.733669][ T39] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input13 [ 460.750430][ T39] input: failed to attach handler kbd to device input13, error: -5 [ 460.770355][ T39] usb 4-1: USB disconnect, device number 27 [ 461.174625][ T8669] incfs_lookup_dentry err:-14 [ 461.179615][ T8669] incfs: Can't find or create .index dir in ./file0 [ 461.186416][ T8669] incfs: mount failed -14 [ 461.480247][ T8714] netlink: 'syz.2.2765': attribute type 12 has an invalid length. [ 461.514567][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 461.514587][ T30] audit: type=1326 audit(2000000260.289:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.518232][ T3036] usb 6-1: USB disconnect, device number 22 [ 461.525344][ T30] audit: type=1326 audit(2000000260.289:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.595639][ T30] audit: type=1326 audit(2000000260.319:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.619279][ T30] audit: type=1326 audit(2000000260.329:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.644761][ T30] audit: type=1326 audit(2000000260.329:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.681173][ T30] audit: type=1326 audit(2000000260.369:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.710503][ T30] audit: type=1326 audit(2000000260.369:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.734393][ T30] audit: type=1326 audit(2000000260.369:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.782662][ T30] audit: type=1326 audit(2000000260.369:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.798531][ T8719] loop5: detected capacity change from 0 to 40427 [ 461.824710][ T30] audit: type=1326 audit(2000000260.369:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8716 comm="syz.2.2766" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfcdb3a929 code=0x7ffc0000 [ 461.895079][ T8719] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 461.905345][ T8719] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 461.915281][ T8719] F2FS-fs (loop5): invalid crc value [ 461.923913][ T8719] F2FS-fs (loop5): Found nat_bits in checkpoint [ 461.964080][ T8719] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 461.971445][ T8719] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 462.484475][ T8741] overlayfs: failed to resolve './file1': -2 [ 463.136951][ T8719] incfs_lookup_dentry err:-14 [ 463.148641][ T8719] incfs: Can't find or create .index dir in ./file0 [ 463.165509][ T8719] incfs: mount failed -14 [ 463.621147][ T8757] overlayfs: failed to resolve './file1': -2 [ 464.484136][ T8791] loop5: detected capacity change from 0 to 1024 [ 465.116154][ T8803] loop3: detected capacity change from 0 to 1024 [ 465.197024][ T3036] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 465.657261][ T3036] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.676929][ T3036] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.697002][ T3036] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 465.706812][ T3036] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.719482][ T3036] usb 2-1: config 0 descriptor?? [ 465.731454][ T8823] incfs_lookup_dentry err:-5 [ 465.736217][ T8823] incfs: Can't find or create .index dir in ./file0 [ 465.746506][ T8823] incfs: mount failed -5 [ 465.847299][ T8826] incfs: Can't find or create .index dir in ./file0 [ 465.854148][ T8826] incfs: mount failed -5 [ 466.215594][ T3036] hid-steam 0003:28DE:1142.000A: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 466.281938][ T3036] hid-steam 0003:28DE:1142.000B: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 466.407090][ T3036] hid-steam 0003:28DE:1142.000A: Steam wireless receiver connected [ 466.808026][ T328] usb 2-1: USB disconnect, device number 18 [ 466.815403][ T328] hid-steam 0003:28DE:1142.000A: Steam wireless receiver disconnected [ 467.056912][ T498] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 467.133231][ T8867] tipc: Enabled bearer , priority 0 [ 467.140935][ T8866] tipc: Resetting bearer [ 467.152612][ T8866] tipc: Disabling bearer [ 467.284761][ T8874] tipc: Enabled bearer , priority 0 [ 467.292454][ T8873] tipc: Resetting bearer [ 467.302952][ T8873] tipc: Disabling bearer [ 467.306923][ T498] usb 1-1: Using ep0 maxpacket: 32 [ 467.437033][ T498] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 467.606974][ T498] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 467.616133][ T498] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.624196][ T498] usb 1-1: Product: Е [ 467.628327][ T498] usb 1-1: Manufacturer: తฝ [ 467.633195][ T498] usb 1-1: SerialNumber: syz [ 467.877327][ T8852] netlink: 'syz.0.2809': attribute type 12 has an invalid length. [ 467.946970][ T498] cdc_ncm 1-1:1.0: bind() failure [ 467.953354][ T498] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 467.960258][ T498] cdc_ncm 1-1:1.1: bind() failure [ 467.966356][ T498] usb 1-1: USB disconnect, device number 7 [ 468.036080][ T8885] binder: BINDER_SET_CONTEXT_MGR already set [ 468.045892][ T8885] binder: 8878:8885 ioctl 4018620d 2000000000c0 returned -16 [ 468.066678][ T8883] loop3: detected capacity change from 0 to 256 [ 468.120035][ T8883] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 468.136601][ T8883] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 468.147402][ T8883] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 468.367041][ T3036] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 468.778196][ T8917] loop3: detected capacity change from 0 to 40427 [ 468.817607][ T3036] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 468.827401][ T8917] F2FS-fs (loop3): Unrecognized mount option "activh_logs=6" or missing value [ 468.836604][ T3036] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 4 [ 468.983017][ T8926] loop5: detected capacity change from 0 to 4096 [ 469.037050][ T3036] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 469.046208][ T3036] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.054429][ T3036] usb 3-1: Product: syz [ 469.058663][ T3036] usb 3-1: Manufacturer: syz [ 469.063358][ T3036] usb 3-1: SerialNumber: syz [ 469.068627][ T3036] usb 3-1: config 0 descriptor?? [ 469.092414][ T8926] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 469.186932][ T498] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 469.319411][ T3036] usb 3-1: USB disconnect, device number 32 [ 469.342457][ T403] udevd[403]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 469.547026][ T498] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 469.558020][ T498] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 469.568121][ T498] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 469.581423][ T498] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 469.590700][ T498] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.602699][ T498] usb 4-1: config 0 descriptor?? [ 469.667024][ T3037] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 469.916960][ T3037] usb 1-1: Using ep0 maxpacket: 32 [ 470.137281][ T3037] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 470.168505][ T498] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 470.177770][ T498] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 470.357009][ T3037] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 470.366191][ T3037] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.374519][ T3037] usb 1-1: Product: Е [ 470.378926][ T3037] usb 1-1: Manufacturer: తฝ [ 470.383889][ T3037] usb 1-1: SerialNumber: syz [ 470.409603][ T498] usb 4-1: USB disconnect, device number 28 [ 470.627437][ T8934] netlink: 'syz.0.2839': attribute type 12 has an invalid length. [ 470.717004][ T3037] cdc_ncm 1-1:1.0: bind() failure [ 470.723506][ T3037] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 470.730925][ T3037] cdc_ncm 1-1:1.1: bind() failure [ 470.738123][ T3037] usb 1-1: USB disconnect, device number 8 [ 470.951364][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 470.951383][ T30] audit: type=1326 audit(2000000269.729:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 470.964586][ T8982] loop3: detected capacity change from 0 to 128 [ 470.995300][ T30] audit: type=1326 audit(2000000269.729:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.019091][ T30] audit: type=1326 audit(2000000269.739:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.043856][ T30] audit: type=1326 audit(2000000269.739:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.068198][ T30] audit: type=1326 audit(2000000269.739:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.092010][ T30] audit: type=1326 audit(2000000269.739:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.094084][ T8982] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 471.120202][ T30] audit: type=1326 audit(2000000269.739:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.165405][ T30] audit: type=1326 audit(2000000269.739:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.234734][ T30] audit: type=1326 audit(2000000269.739:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 471.314942][ T8982] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 471.337910][ T30] audit: type=1326 audit(2000000269.739:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8981 comm="syz.3.2857" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5061692929 code=0x7ffc0000 [ 472.336354][ T8998] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8998 comm=syz.0.2863 [ 472.407882][ T9004] loop3: detected capacity change from 0 to 4096 [ 472.507245][ T9004] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 473.768138][ T9014] overlayfs: failed to resolve './file1': -2 [ 473.854761][ T9013] loop3: detected capacity change from 0 to 256 [ 473.866324][ T9013] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 473.879199][ T9013] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 473.898532][ T9013] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 474.386911][ T328] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 474.395782][ T9034] tipc: Enabled bearer , priority 0 [ 474.405305][ T9033] tipc: Resetting bearer [ 474.417339][ T9033] tipc: Disabling bearer [ 474.636903][ T328] usb 1-1: Using ep0 maxpacket: 32 [ 474.763210][ T9043] loop5: detected capacity change from 0 to 4096 [ 474.777085][ T328] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 474.792638][ T9043] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 474.864911][ T9048] IPv4: Oversized IP packet from 127.202.26.0 [ 474.947000][ T328] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 474.956222][ T328] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 474.964512][ T328] usb 1-1: Product: Е [ 474.968823][ T328] usb 1-1: Manufacturer: తฝ [ 474.973756][ T328] usb 1-1: SerialNumber: syz [ 475.217340][ T9026] netlink: 'syz.0.2869': attribute type 12 has an invalid length. [ 475.325895][ T328] cdc_ncm 1-1:1.0: bind() failure [ 475.333219][ T328] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 475.340404][ T328] cdc_ncm 1-1:1.1: bind() failure [ 475.346953][ T328] usb 1-1: USB disconnect, device number 9 [ 475.935952][ T9080] loop5: detected capacity change from 0 to 2048 [ 476.203680][ T9080] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 476.214785][ T9080] ext4 filesystem being mounted at /393/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.826953][ T3037] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 476.845810][ T9119] loop5: detected capacity change from 0 to 4096 [ 476.869015][ T9119] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 477.066966][ T3037] usb 4-1: Using ep0 maxpacket: 32 [ 477.076955][ T9126] loop5: detected capacity change from 0 to 256 [ 477.101663][ T9126] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 477.113473][ T9126] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 477.128839][ T9126] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 477.187205][ T3037] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 477.649920][ T3037] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 477.667073][ T3037] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.675107][ T3037] usb 4-1: Product: Е [ 477.680038][ T3037] usb 4-1: Manufacturer: తฝ [ 477.684920][ T3037] usb 4-1: SerialNumber: syz [ 477.937715][ T9104] netlink: 'syz.3.2898': attribute type 12 has an invalid length. [ 478.135964][ T3037] cdc_ncm 4-1:1.0: bind() failure [ 478.142540][ T3037] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 478.149577][ T3037] cdc_ncm 4-1:1.1: bind() failure [ 478.158213][ T3037] usb 4-1: USB disconnect, device number 29 [ 478.574277][ T9148] overlayfs: failed to resolve './file1': -2 [ 479.377324][ T9161] loop5: detected capacity change from 0 to 4096 [ 480.779959][ T9161] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 485.863399][ T9186] overlayfs: failed to resolve './file1': -2 [ 486.560743][ T9204] loop3: detected capacity change from 0 to 4096 [ 486.616060][ T9204] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 486.630628][ T3037] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 486.832135][ T3040] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 487.086880][ T3037] usb 3-1: Using ep0 maxpacket: 32 [ 487.096981][ T3040] usb 6-1: Using ep0 maxpacket: 32 [ 487.207104][ T3037] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 487.217338][ T3040] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 487.407065][ T3037] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 487.416340][ T3040] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 487.425703][ T3037] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.433845][ T3040] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.441876][ T3037] usb 3-1: Product: Е [ 487.446040][ T3040] usb 6-1: Product: Е [ 487.450152][ T3037] usb 3-1: Manufacturer: తฝ [ 487.455018][ T3037] usb 3-1: SerialNumber: syz [ 487.459730][ T3040] usb 6-1: Manufacturer: తฝ [ 487.464595][ T3040] usb 6-1: SerialNumber: syz [ 487.707573][ T9189] netlink: 'syz.2.2926': attribute type 12 has an invalid length. [ 487.717339][ T9195] netlink: 'syz.5.2928': attribute type 12 has an invalid length. [ 487.786905][ T3037] cdc_ncm 3-1:1.0: bind() failure [ 487.792613][ T3037] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 487.799659][ T3040] cdc_ncm 6-1:1.0: bind() failure [ 487.805514][ T3040] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 487.812401][ T3037] cdc_ncm 3-1:1.1: bind() failure [ 487.818402][ T3037] usb 3-1: USB disconnect, device number 33 [ 487.824392][ T3040] cdc_ncm 6-1:1.1: bind() failure [ 487.833965][ T3040] usb 6-1: USB disconnect, device number 23 [ 488.326426][ T9232] overlayfs: failed to resolve './file1': -2 [ 488.627257][ T9242] loop5: detected capacity change from 0 to 256 [ 488.688923][ T9242] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 488.705613][ T9242] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 488.715904][ T9242] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 490.242032][ T8] tipc: Disabling bearer [ 490.292655][ T9266] loop3: detected capacity change from 0 to 1024 [ 490.314452][ T8] tipc: Disabling bearer [ 490.376891][ C0] ------------[ cut here ]------------ [ 490.382406][ C0] refcount_t: addition on 0; use-after-free. [ 490.388503][ C0] WARNING: CPU: 0 PID: 9264 at lib/refcount.c:25 refcount_warn_saturate+0x104/0x1a0 [ 490.397932][ C0] Modules linked in: [ 490.401843][ C0] CPU: 0 PID: 9264 Comm: syz.3.2951 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 490.411990][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 490.422091][ C0] RIP: 0010:refcount_warn_saturate+0x104/0x1a0 [ 490.428317][ C0] Code: 04 01 48 c7 c7 60 ef 62 85 e8 08 9d 50 02 0f 0b eb df e8 5f d6 1c ff c6 05 ba f8 99 04 01 48 c7 c7 a0 ee 62 85 e8 ec 9c 50 02 <0f> 0b eb c3 e8 43 d6 1c ff c6 05 9f f8 99 04 01 48 c7 c7 00 ef 62 [ 490.447980][ C0] RSP: 0018:ffffc900000079e0 EFLAGS: 00010246 [ 490.454137][ C0] RAX: a53dd9819f083300 RBX: 0000000000000002 RCX: ffff888117fa2780 [ 490.462206][ C0] RDX: 0000000000000100 RSI: 0000000080000100 RDI: 0000000000000000 [ 490.470365][ C0] RBP: ffffc900000079f0 R08: dffffc0000000000 R09: fffff52000000e89 [ 490.478417][ C0] R10: fffff52000000e89 R11: 1ffff92000000e88 R12: ffff88811d976808 [ 490.486427][ C0] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc90000007ba0 [ 490.494486][ C0] FS: 00007f505fcda6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 490.503515][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 490.510210][ C0] CR2: 00007f505fcd9f98 CR3: 000000010b479000 CR4: 00000000003506b0 [ 490.518262][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 490.526257][ C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 490.534284][ C0] Call Trace: [ 490.537644][ C0] [ 490.540544][ C0] tipc_crypto_xmit+0x1938/0x2400 [ 490.545606][ C0] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 490.550850][ C0] ? __copy_skb_header+0x437/0x600 [ 490.555997][ C0] tipc_bearer_xmit_skb+0x226/0x360 [ 490.561233][ C0] ? __skb_clone+0x47a/0x790 [ 490.565880][ C0] ? tipc_bearer_mtu+0x160/0x160 [ 490.570859][ C0] ? skb_clone+0x202/0x360 [ 490.575325][ C0] tipc_disc_timeout+0x6a2/0x830 [ 490.580305][ C0] ? update_rq_clock+0x1eb/0x580 [ 490.585295][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 490.590558][ C0] ? __kasan_check_write+0x14/0x20 [ 490.595744][ C0] ? _raw_spin_lock_irqsave+0x110/0x110 [ 490.601342][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 490.606606][ C0] call_timer_fn+0x38/0x290 [ 490.611158][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 490.616417][ C0] __run_timers+0x639/0x9a0 [ 490.620969][ C0] ? calc_index+0x200/0x200 [ 490.625619][ C0] ? sched_clock_cpu+0x18/0x3c0 [ 490.630517][ C0] run_timer_softirq+0x6a/0xf0 [ 490.635352][ C0] handle_softirqs+0x250/0x560 [ 490.640163][ C0] __irq_exit_rcu+0x52/0xf0 [ 490.644725][ C0] irq_exit_rcu+0x9/0x10 [ 490.649015][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 490.655136][ C0] [ 490.658134][ C0] [ 490.661129][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 490.667175][ C0] RIP: 0010:__unix_dgram_recvmsg+0x5d9/0xd50 [ 490.673193][ C0] Code: df e8 5b 4c 8e 00 e9 1a 04 00 00 e8 41 4f 51 fd 49 bc 00 00 00 00 00 fc ff df 49 8d 5f 70 48 89 d8 48 c1 e8 03 48 89 44 24 70 <42> 0f b6 04 20 84 c0 0f 85 7a 05 00 00 48 89 5c 24 40 44 8b 33 8b [ 490.692859][ C0] RSP: 0018:ffffc90000987700 EFLAGS: 00000a02 [ 490.698972][ C0] RAX: 1ffff110226258ae RBX: ffff88811312c570 RCX: 0000000000080000 [ 490.707144][ C0] RDX: ffffc90003b34000 RSI: 000000000007ffff RDI: 0000000000080000 [ 490.715136][ C0] RBP: ffffc90000987890 R08: dffffc0000000000 R09: ffffed10226258be [ 490.723188][ C0] R10: ffffed10226258be R11: 1ffff110226258bd R12: dffffc0000000000 [ 490.731211][ C0] R13: ffffc90000987d20 R14: ffff888129780368 R15: ffff88811312c500 [ 490.739292][ C0] ? __kasan_check_read+0x11/0x20 [ 490.744404][ C0] ? unix_unhash+0x10/0x10 [ 490.748877][ C0] ? irqentry_exit+0x37/0x40 [ 490.753506][ C0] unix_dgram_recvmsg+0xc2/0xe0 [ 490.758424][ C0] ? unix_dgram_sendmsg+0x1880/0x1880 [ 490.763823][ C0] ____sys_recvmsg+0x291/0x580 [ 490.768668][ C0] ? asm_sysvec_call_function_single+0x1b/0x20 [ 490.774851][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 490.779967][ C0] ? memset+0x35/0x40 [ 490.784000][ C0] ? import_iovec+0x7c/0xb0 [ 490.788562][ C0] ___sys_recvmsg+0x1af/0x4f0 [ 490.793273][ C0] ? memcpy+0x56/0x70 [ 490.797346][ C0] ? __sys_recvmsg+0x250/0x250 [ 490.802137][ C0] ? __fdget+0x1a1/0x230 [ 490.806423][ C0] ? do_recvmmsg+0x164/0x780 [ 490.811116][ C0] do_recvmmsg+0x344/0x780 [ 490.815597][ C0] ? do_user_addr_fault+0xa64/0x1180 [ 490.820951][ C0] ? __sys_recvmmsg+0x280/0x280 [ 490.825830][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 490.830932][ C0] ? do_recvmmsg+0x780/0x780 [ 490.835552][ C0] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 490.841682][ C0] x64_sys_call+0x297/0x9a0 [ 490.846242][ C0] do_syscall_64+0x4c/0xa0 [ 490.850740][ C0] ? clear_bhb_loop+0x50/0xa0 [ 490.855431][ C0] ? clear_bhb_loop+0x50/0xa0 [ 490.860166][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 490.866093][ C0] RIP: 0033:0x7f5061692929 [ 490.870595][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.890260][ C0] RSP: 002b:00007f505fcda038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 490.898762][ C0] RAX: ffffffffffffffda RBX: 00007f50618ba080 RCX: 00007f5061692929 [ 490.906756][ C0] RDX: 03fffffffffffeda RSI: 00002000000000c0 RDI: 0000000000000004 [ 490.914772][ C0] RBP: 00007f5061714b39 R08: 0000000000000000 R09: 0000000000000000 [ 490.922872][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 490.930901][ C0] R13: 0000000000000001 R14: 00007f50618ba080 R15: 00007ffe90b0bf38 [ 490.938966][ C0] [ 490.942027][ C0] ---[ end trace e44c2382658dde5a ]--- [ 490.947580][ C0] ------------[ cut here ]------------ [ 490.953067][ C0] refcount_t: underflow; use-after-free. [ 490.958871][ C0] WARNING: CPU: 0 PID: 9264 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0 [ 490.968349][ C0] Modules linked in: [ 490.972314][ C0] CPU: 0 PID: 9264 Comm: syz.3.2951 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 490.983645][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 490.993748][ C0] RIP: 0010:refcount_warn_saturate+0x120/0x1a0 [ 490.999962][ C0] Code: 04 01 48 c7 c7 a0 ee 62 85 e8 ec 9c 50 02 0f 0b eb c3 e8 43 d6 1c ff c6 05 9f f8 99 04 01 48 c7 c7 00 ef 62 85 e8 d0 9c 50 02 <0f> 0b eb a7 e8 27 d6 1c ff c6 05 80 f8 99 04 01 48 c7 c7 40 ee 62 [ 491.019854][ C0] RSP: 0018:ffffc900000079e0 EFLAGS: 00010246 [ 491.026043][ C0] RAX: a53dd9819f083300 RBX: 0000000000000003 RCX: ffff888117fa2780 [ 491.034084][ C0] RDX: 0000000000000100 RSI: 0000000000000100 RDI: 0000000000000000 [ 491.042117][ C0] RBP: ffffc900000079f0 R08: dffffc0000000000 R09: fffff52000000e89 [ 491.050149][ C0] R10: fffff52000000e89 R11: 1ffff92000000e88 R12: ffff88811d976808 [ 491.058203][ C0] R13: dffffc0000000000 R14: 0000000000000003 R15: 00000000c0000000 [ 491.066260][ C0] FS: 00007f505fcda6c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 491.075249][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 491.081908][ C0] CR2: 00007f505fcd9f98 CR3: 000000010b479000 CR4: 00000000003506b0 [ 491.089972][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 491.098067][ C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 491.106196][ C0] Call Trace: [ 491.109570][ C0] [ 491.112454][ C0] tipc_crypto_xmit+0x1a82/0x2400 [ 491.117642][ C0] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 491.122916][ C0] ? __copy_skb_header+0x437/0x600 [ 491.128091][ C0] tipc_bearer_xmit_skb+0x226/0x360 [ 491.133436][ C0] ? __skb_clone+0x47a/0x790 [ 491.138162][ C0] ? tipc_bearer_mtu+0x160/0x160 [ 491.143155][ C0] ? skb_clone+0x202/0x360 [ 491.147883][ C0] tipc_disc_timeout+0x6a2/0x830 [ 491.152897][ C0] ? update_rq_clock+0x1eb/0x580 [ 491.157964][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 491.163293][ C0] ? __kasan_check_write+0x14/0x20 [ 491.168517][ C0] ? _raw_spin_lock_irqsave+0x110/0x110 [ 491.174104][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 491.179381][ C0] call_timer_fn+0x38/0x290 [ 491.183922][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 491.189257][ C0] __run_timers+0x639/0x9a0 [ 491.193793][ C0] ? calc_index+0x200/0x200 [ 491.198354][ C0] ? sched_clock_cpu+0x18/0x3c0 [ 491.203241][ C0] run_timer_softirq+0x6a/0xf0 [ 491.208092][ C0] handle_softirqs+0x250/0x560 [ 491.212890][ C0] __irq_exit_rcu+0x52/0xf0 [ 491.217450][ C0] irq_exit_rcu+0x9/0x10 [ 491.221737][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 491.227501][ C0] [ 491.230511][ C0] [ 491.233513][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 491.239538][ C0] RIP: 0010:__unix_dgram_recvmsg+0x5d9/0xd50 [ 491.245547][ C0] Code: df e8 5b 4c 8e 00 e9 1a 04 00 00 e8 41 4f 51 fd 49 bc 00 00 00 00 00 fc ff df 49 8d 5f 70 48 89 d8 48 c1 e8 03 48 89 44 24 70 <42> 0f b6 04 20 84 c0 0f 85 7a 05 00 00 48 89 5c 24 40 44 8b 33 8b [ 491.265219][ C0] RSP: 0018:ffffc90000987700 EFLAGS: 00000a02 [ 491.271347][ C0] RAX: 1ffff110226258ae RBX: ffff88811312c570 RCX: 0000000000080000 [ 491.279387][ C0] RDX: ffffc90003b34000 RSI: 000000000007ffff RDI: 0000000000080000 [ 491.287467][ C0] RBP: ffffc90000987890 R08: dffffc0000000000 R09: ffffed10226258be [ 491.295528][ C0] R10: ffffed10226258be R11: 1ffff110226258bd R12: dffffc0000000000 [ 491.303680][ C0] R13: ffffc90000987d20 R14: ffff888129780368 R15: ffff88811312c500 [ 491.311701][ C0] ? __kasan_check_read+0x11/0x20 [ 491.316790][ C0] ? unix_unhash+0x10/0x10 [ 491.321273][ C0] ? irqentry_exit+0x37/0x40 [ 491.325956][ C0] unix_dgram_recvmsg+0xc2/0xe0 [ 491.330919][ C0] ? unix_dgram_sendmsg+0x1880/0x1880 [ 491.336370][ C0] ____sys_recvmsg+0x291/0x580 [ 491.341251][ C0] ? asm_sysvec_call_function_single+0x1b/0x20 [ 491.347447][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 491.352486][ C0] ? memset+0x35/0x40 [ 491.356481][ C0] ? import_iovec+0x7c/0xb0 [ 491.361078][ C0] ___sys_recvmsg+0x1af/0x4f0 [ 491.365778][ C0] ? memcpy+0x56/0x70 [ 491.369812][ C0] ? __sys_recvmsg+0x250/0x250 [ 491.374609][ C0] ? __fdget+0x1a1/0x230 [ 491.378985][ C0] ? do_recvmmsg+0x164/0x780 [ 491.383602][ C0] do_recvmmsg+0x344/0x780 [ 491.388121][ C0] ? do_user_addr_fault+0xa64/0x1180 [ 491.393513][ C0] ? __sys_recvmmsg+0x280/0x280 [ 491.398453][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 491.403528][ C0] ? do_recvmmsg+0x780/0x780 [ 491.408155][ C0] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 491.414285][ C0] x64_sys_call+0x297/0x9a0 [ 491.418827][ C0] do_syscall_64+0x4c/0xa0 [ 491.423276][ C0] ? clear_bhb_loop+0x50/0xa0 [ 491.428029][ C0] ? clear_bhb_loop+0x50/0xa0 [ 491.432782][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 491.438740][ C0] RIP: 0033:0x7f5061692929 [ 491.443188][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.462985][ C0] RSP: 002b:00007f505fcda038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 491.471471][ C0] RAX: ffffffffffffffda RBX: 00007f50618ba080 RCX: 00007f5061692929 [ 491.479484][ C0] RDX: 03fffffffffffeda RSI: 00002000000000c0 RDI: 0000000000000004 [ 491.487651][ C0] RBP: 00007f5061714b39 R08: 0000000000000000 R09: 0000000000000000 [ 491.495654][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 491.503717][ C0] R13: 0000000000000001 R14: 00007f50618ba080 R15: 00007ffe90b0bf38 [ 491.511756][ C0] [ 491.514816][ C0] ---[ end trace e44c2382658dde5b ]--- [ 493.041608][ T8] tipc: Left network mode [ 493.095561][ T9270] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.125179][ T9270] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.151426][ T9270] device bridge_slave_0 entered promiscuous mode [ 493.194437][ T9270] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.219134][ T9270] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.254568][ T9270] device bridge_slave_1 entered promiscuous mode [ 493.433513][ T9287] loop3: detected capacity change from 0 to 256 [ 493.445918][ T9270] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.453016][ T9270] bridge0: port 2(bridge_slave_1) entered forwarding state [ 493.460366][ T9270] bridge0: port 1(bridge_slave_0) entered blocking state [ 493.467421][ T9270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 493.477427][ T9287] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 493.499523][ T9287] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 493.513018][ T9287] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 493.595786][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.605008][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.613590][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 493.621809][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 493.637522][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 494.786097][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.793270][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.878883][ T9309] loop5: detected capacity change from 0 to 1024 [ 496.091575][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 496.137273][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.144573][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 496.383456][ T9321] loop3: detected capacity change from 0 to 40427 [ 496.406076][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 496.423776][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 496.479449][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 496.500071][ T9321] F2FS-fs (loop3): Found nat_bits in checkpoint [ 496.535708][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 496.543012][ T9321] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 496.583541][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 496.597668][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 496.613465][ T9270] device veth0_vlan entered promiscuous mode [ 496.620066][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 496.630583][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 496.638989][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 496.646439][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 496.661383][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 496.670032][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 496.679178][ T9270] device veth1_macvtap entered promiscuous mode [ 496.689949][ T285] attempt to access beyond end of device [ 496.689949][ T285] loop3: rw=2049, want=45104, limit=40427 [ 496.781722][ T8] ------------[ cut here ]------------ [ 496.787305][ T8] refcount_t: saturated; leaking memory. [ 496.793029][ T8] WARNING: CPU: 1 PID: 8 at lib/refcount.c:19 refcount_warn_saturate+0x13c/0x1a0 [ 496.802326][ T8] Modules linked in: [ 496.806239][ T8] CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 496.820540][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 496.831857][ T8] Workqueue: netns cleanup_net [ 496.836701][ T8] RIP: 0010:refcount_warn_saturate+0x13c/0x1a0 [ 496.843231][ T8] Code: 04 01 48 c7 c7 00 ef 62 85 e8 d0 9c 50 02 0f 0b eb a7 e8 27 d6 1c ff c6 05 80 f8 99 04 01 48 c7 c7 40 ee 62 85 e8 b4 9c 50 02 <0f> 0b eb 8b e8 0b d6 1c ff c6 05 65 f8 99 04 01 48 c7 c7 40 ee 62 [ 496.863707][ T8] RSP: 0018:ffffc900000873a0 EFLAGS: 00010246 [ 496.876989][ T8] RAX: d7be32cf7495df00 RBX: 0000000000000000 RCX: ffff888100260000 [ 496.885155][ T8] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 496.893530][ T8] RBP: ffffc900000873b0 R08: dffffc0000000000 R09: ffffed103ee24e93 [ 496.903678][ T9337] loop3: detected capacity change from 0 to 256 [ 496.910046][ T8] R10: ffffed103ee24e93 R11: 1ffff1103ee24e92 R12: ffff8881201ba08c [ 496.919121][ T8] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88811d305650 [ 496.927188][ T8] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 496.936173][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 496.937478][ T9337] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 496.953809][ T9337] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 496.965537][ T9337] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 496.998957][ T8] CR2: 00007f50578fa000 CR3: 00000001302d6000 CR4: 00000000003506a0 [ 497.007109][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 497.015119][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 497.023214][ T8] Call Trace: [ 497.026511][ T8] [ 497.029697][ T8] u32_clear_hnode+0x60a/0x7a0 [ 497.036905][ T8] ? u32_destroy_hnode+0x4c0/0x4c0 [ 497.042458][ T8] ? ____kasan_slab_free+0x130/0x160 [ 497.050680][ T8] ? tcf_block_unbind+0x307/0x320 [ 497.055821][ T8] u32_destroy_hnode+0xf0/0x4c0 [ 497.061571][ T8] ? flow_indr_dev_setup_offload+0x48b/0x620 [ 497.067870][ T8] ? u32_dump+0xcb0/0xcb0 [ 497.072365][ T8] ? flow_indr_dev_setup_offload+0x536/0x620 [ 497.078688][ T8] ? tcf_block_setup+0x770/0x770 [ 497.083660][ T8] u32_destroy+0xc6/0x360 [ 498.228601][ T8] ? __kasan_check_write+0x14/0x20 [ 498.233791][ T8] tcf_proto_destroy+0x86/0x260 [ 498.238777][ T8] ? tcf_proto_signal_destroying+0x1f7/0x260 [ 498.244788][ T8] tcf_chain_flush+0x2d9/0x370 [ 498.260873][ T8] __tcf_block_put+0x503/0x770 [ 498.265748][ T8] tcf_block_put_ext+0x146/0x250 [ 498.271014][ T8] tcf_block_put+0x68/0x90 [ 498.275685][ T8] multiq_destroy+0x4f/0x1a0 [ 498.643628][ T8] ? multiq_reset+0x180/0x180 [ 498.664214][ T8] qdisc_destroy+0xa0/0x270 [ 498.691927][ T8] dev_shutdown+0x459/0x580 [ 498.696540][ T8] unregister_netdevice_many+0x95d/0x1990 [ 498.702400][ T8] ? alloc_netdev_mqs+0xc90/0xc90 [ 498.710290][ T8] ? unregister_netdevice_queue+0x1aa/0x360 [ 498.716416][ T8] ? list_netdevice+0x4c0/0x4c0 [ 498.721556][ T8] ? br_dev_delete+0xfc/0x110 [ 498.726261][ T8] ? default_device_exit_batch+0x28e/0x390 [ 498.732423][ T8] default_device_exit_batch+0x330/0x390 [ 498.820478][ T8] ? default_device_exit+0x360/0x360 [ 498.825826][ T8] ? wait_woken+0x170/0x170 [ 498.830671][ T8] ? rtnl_unlock+0xe/0x10 [ 498.835041][ T8] ? default_device_exit+0x360/0x360 [ 498.847825][ T8] cleanup_net+0x602/0xad0 [ 498.852349][ T8] ? ops_init+0x4a0/0x4a0 [ 498.856730][ T8] ? __schedule+0xb76/0x14c0 [ 498.861888][ T8] process_one_work+0x6be/0xba0 [ 499.111747][ T9360] loop5: detected capacity change from 0 to 1024 [ 499.215354][ T8] worker_thread+0xa59/0x1200 [ 499.389144][ T8] kthread+0x411/0x500 [ 499.600443][ T8] ? worker_clr_flags+0x190/0x190 [ 499.618289][ T8] ? kthread_blkcg+0xd0/0xd0 [ 499.627044][ T8] ret_from_fork+0x1f/0x30 [ 499.631537][ T8] [ 499.666345][ T8] ---[ end trace e44c2382658dde5c ]--- [ 499.995949][ T9368] loop3: detected capacity change from 0 to 1024 [ 500.866923][ T3040] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 500.894410][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 500.902263][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 500.910940][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 500.919427][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 500.928311][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 501.116991][ T3040] usb 2-1: Using ep0 maxpacket: 32 [ 501.236979][ T3040] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 501.347212][ T9386] loop3: detected capacity change from 0 to 40427 [ 501.365746][ T9386] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 501.386294][ T9386] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 501.407309][ T9386] F2FS-fs (loop3): invalid crc value [ 501.426249][ T9386] F2FS-fs (loop3): Found nat_bits in checkpoint [ 501.432736][ T3040] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 501.452168][ T3040] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.482459][ T3040] usb 2-1: Product: Е [ 501.486571][ T3040] usb 2-1: Manufacturer: తฝ [ 501.506955][ T3040] usb 2-1: SerialNumber: syz [ 501.593729][ T9379] incfs_lookup_dentry err:-5 [ 501.598743][ T9379] incfs: Can't find or create .index dir in ./file0 [ 501.605562][ T9379] incfs: mount failed -5 [ 501.607925][ T9386] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 501.617226][ T9386] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 501.867516][ T9402] overlayfs: failed to resolve './file1': -2 [ 501.939590][ T9373] netlink: 'syz.1.2952': attribute type 12 has an invalid length. [ 502.106980][ T3040] cdc_ncm 2-1:1.0: bind() failure [ 502.114502][ T3040] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 502.131093][ T3040] cdc_ncm 2-1:1.1: bind() failure [ 502.158831][ T3040] usb 2-1: USB disconnect, device number 19 [ 503.050132][ T9417] loop5: detected capacity change from 0 to 1024 [ 506.246888][ T3040] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 507.383231][ T9442] loop3: detected capacity change from 0 to 4096 [ 507.479255][ T9442] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 507.621894][ T9455] loop5: detected capacity change from 0 to 1024 [ 509.225512][ T9455] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 509.236653][ T9455] EXT4-fs (loop5): orphan cleanup on readonly fs [ 509.248391][ T9455] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:476: comm syz.5.3007: Invalid block bitmap block 0 in block_group 0 [ 509.341618][ T9455] __quota_error: 83 callbacks suppressed [ 509.341655][ T9455] Quota error (device loop5): write_blk: dquota write failed [ 509.354809][ T9455] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 509.364921][ T9455] EXT4-fs error (device loop5): ext4_acquire_dquot:6195: comm syz.5.3007: Failed to acquire dquot type 0 [ 509.377908][ T9455] EXT4-fs error (device loop5): ext4_free_blocks:6223: comm syz.5.3007: Freeing blocks not in datazone - block = 0, count = 4096 [ 509.392307][ T9455] EXT4-fs error (device loop5): ext4_read_inode_bitmap:140: comm syz.5.3007: Invalid inode bitmap blk 0 in block_group 0 [ 509.405332][ T10] Quota error (device loop5): remove_tree: Getting block too big (0 >= 9) [ 509.414411][ T9455] EXT4-fs error (device loop5) in ext4_free_inode:362: Corrupt filesystem [ 509.423504][ T9455] EXT4-fs (loop5): 1 orphan inode deleted [ 509.529249][ T10] EXT4-fs error (device loop5): ext4_release_dquot:6231: comm kworker/u4:1: Failed to release dquot type 0 [ 509.815372][ T9455] EXT4-fs (loop5): mounted filesystem without journal. Opts: ; max_batch_time=0x0000000000000006,i_version,,errors=continue. Quota mode: writeback. [ 509.899444][ T9467] loop3: detected capacity change from 0 to 16 [ 510.047360][ T9469] syz.2.3013[9469] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 510.047446][ T9469] syz.2.3013[9469] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 510.070031][ T9467] erofs: (device loop3): mounted with root inode @ nid 36. [ 510.179617][ T3040] usb 3-1: device descriptor read/all, error -71 [ 511.323877][ T9484] loop3: detected capacity change from 0 to 256 [ 511.438177][ T9484] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 511.455943][ T9484] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 511.508117][ T9484] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 511.970379][ T9502] syz.3.3025[9502] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 511.970462][ T9502] syz.3.3025[9502] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 512.707238][ T9513] IPv4: Oversized IP packet from 127.202.26.0 [ 512.990674][ T9526] netlink: 'syz.1.3034': attribute type 9 has an invalid length. [ 512.992483][ T9523] loop3: detected capacity change from 0 to 256 [ 513.150397][ T9523] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 513.294959][ T9523] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 513.435154][ T9523] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 513.486996][ T3040] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 513.806963][ T3040] usb 2-1: Using ep0 maxpacket: 16 [ 513.933374][ T9533] syz.3.3036[9533] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 513.933460][ T9533] syz.3.3036[9533] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 513.946193][ T9534] syz.5.3035[9534] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 513.957684][ T9534] syz.5.3035[9534] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 514.034665][ T9541] loop3: detected capacity change from 0 to 4096 [ 514.048847][ T3040] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 514.096691][ T3040] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 514.136403][ T9541] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 514.532313][ T9549] overlayfs: failed to resolve './file1': -2 [ 514.637153][ T3040] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 514.722601][ T30] audit: type=1400 audit(2000000313.499:2340): avc: denied { setopt } for pid=9535 comm="syz.2.3037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 514.745005][ T3040] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.790853][ T3040] usb 2-1: Product: syz [ 514.810408][ T3040] usb 2-1: Manufacturer: syz [ 514.839288][ T3040] usb 2-1: SerialNumber: syz [ 514.930183][ T9552] IPv4: Oversized IP packet from 127.202.26.0 [ 515.186952][ T3040] usb 2-1: 0:2 : does not exist [ 515.206174][ T3040] usb 2-1: USB disconnect, device number 20 [ 515.845320][ T9577] syz.2.3049[9577] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 515.845401][ T9577] syz.2.3049[9577] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 516.915286][ T9593] IPv4: Oversized IP packet from 127.202.26.0 [ 517.249611][ T30] audit: type=1326 audit(2000000316.029:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.371275][ T30] audit: type=1326 audit(2000000316.069:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.405389][ T30] audit: type=1326 audit(2000000316.069:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.475426][ T30] audit: type=1326 audit(2000000316.079:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.511056][ T30] audit: type=1326 audit(2000000316.079:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.538408][ T30] audit: type=1326 audit(2000000316.079:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.601839][ T30] audit: type=1326 audit(2000000316.099:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.628310][ T9369] tipc: Disabling bearer [ 517.633958][ T9369] tipc: Disabling bearer [ 517.646173][ T9369] tipc: Left network mode [ 517.661059][ T30] audit: type=1326 audit(2000000316.109:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.699964][ T30] audit: type=1326 audit(2000000316.119:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9609 comm="syz.5.3062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcab24e929 code=0x7ffc0000 [ 517.755348][ T9628] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.768737][ T9628] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.776352][ T9628] device bridge_slave_0 entered promiscuous mode [ 517.805246][ T9628] bridge0: port 2(bridge_slave_1) entered blocking state [ 517.812492][ T9628] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.826817][ T9644] syz.3.3077[9644] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 517.826936][ T9644] syz.3.3077[9644] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 517.834156][ T9628] device bridge_slave_1 entered promiscuous mode [ 517.991769][ T9666] loop5: detected capacity change from 0 to 512 [ 518.054779][ T9670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3089'. [ 518.067287][ T9666] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 518.091777][ T9666] EXT4-fs (loop5): 1 truncate cleaned up [ 518.095623][ T9628] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.097572][ T9666] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,quota,. Quota mode: writeback. [ 518.104611][ T9628] bridge0: port 2(bridge_slave_1) entered forwarding state [ 518.132008][ T9628] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.139090][ T9628] bridge0: port 1(bridge_slave_0) entered forwarding state [ 518.171613][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 518.190068][ T9680] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=9680 comm=syz.5.3091 [ 518.205942][ T408] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.213776][ T408] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.238393][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 518.247078][ T408] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.254173][ T408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 518.270516][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 518.279873][ T408] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.286949][ T408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 518.329618][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 518.339027][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 518.347661][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 518.359758][ T9628] device veth0_vlan entered promiscuous mode [ 518.381616][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 518.397345][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 518.404970][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 518.416642][ T9628] device veth1_macvtap entered promiscuous mode [ 518.750313][ T9696] ================================================================== [ 518.758416][ T9696] BUG: KASAN: use-after-free in tcp_metrics_flush_all+0xd3/0x210 [ 518.766159][ T9696] Read of size 4 at addr ffff8881201ba08c by task syz.0.3096/9696 [ 518.773975][ T9696] [ 518.776303][ T9696] CPU: 1 PID: 9696 Comm: syz.0.3096 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 518.787592][ T9696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.797656][ T9696] Call Trace: [ 518.800948][ T9696] [ 518.803883][ T9696] __dump_stack+0x21/0x30 [ 518.808233][ T9696] dump_stack_lvl+0xee/0x150 [ 518.812839][ T9696] ? show_regs_print_info+0x20/0x20 [ 518.818047][ T9696] ? load_image+0x3a0/0x3a0 [ 518.822564][ T9696] ? call_rcu+0xf60/0xf60 [ 518.826893][ T9696] print_address_description+0x7f/0x2c0 [ 518.832447][ T9696] ? tcp_metrics_flush_all+0xd3/0x210 [ 518.837813][ T9696] kasan_report+0xf1/0x140 [ 518.842228][ T9696] ? _raw_spin_lock_bh+0x8e/0xe0 [ 518.847170][ T9696] ? tcp_metrics_flush_all+0xd3/0x210 [ 518.852539][ T9696] kasan_check_range+0x280/0x290 [ 518.857471][ T9696] __kasan_check_read+0x11/0x20 [ 518.862320][ T9696] tcp_metrics_flush_all+0xd3/0x210 [ 518.867521][ T9696] ? tcp_net_metrics_init+0x150/0x150 [ 518.872918][ T9696] tcp_net_metrics_exit_batch+0x10/0x20 [ 518.878736][ T9696] setup_net+0x731/0xa90 [ 518.882989][ T9696] ? copy_net_ns+0x5c0/0x5c0 [ 518.887578][ T9696] copy_net_ns+0x355/0x5c0 [ 518.892101][ T9696] create_new_namespaces+0x3a2/0x660 [ 518.897383][ T9696] copy_namespaces+0x1d1/0x220 [ 518.902143][ T9696] ? copy_signal+0x4cb/0x600 [ 518.906729][ T9696] copy_process+0x118d/0x3210 [ 518.911402][ T9696] ? __kasan_check_write+0x14/0x20 [ 518.916639][ T9696] ? push_rt_task+0x35f/0x5b0 [ 518.921357][ T9696] ? __pidfd_prepare+0x150/0x150 [ 518.926503][ T9696] ? finish_task_switch+0x16b/0x780 [ 518.931734][ T9696] ? __switch_to_asm+0x3a/0x60 [ 518.936517][ T9696] kernel_clone+0x23f/0x940 [ 518.941029][ T9696] ? create_io_thread+0x130/0x130 [ 518.946146][ T9696] __x64_sys_clone+0x176/0x1d0 [ 518.950921][ T9696] ? __ia32_sys_vfork+0xf0/0xf0 [ 518.955779][ T9696] x64_sys_call+0x41f/0x9a0 [ 518.960278][ T9696] do_syscall_64+0x4c/0xa0 [ 518.965041][ T9696] ? clear_bhb_loop+0x50/0xa0 [ 518.969721][ T9696] ? clear_bhb_loop+0x50/0xa0 [ 518.974487][ T9696] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 518.980384][ T9696] RIP: 0033:0x7f7be093a929 [ 518.984797][ T9696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 519.004421][ T9696] RSP: 002b:00007f7bdef60fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 519.012832][ T9696] RAX: ffffffffffffffda RBX: 00007f7be0b62160 RCX: 00007f7be093a929 [ 519.020800][ T9696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000400a1400 [ 519.028770][ T9696] RBP: 00007f7be09bcb39 R08: 0000000000000000 R09: 0000000000000000 [ 519.036920][ T9696] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 519.044887][ T9696] R13: 0000000000000000 R14: 00007f7be0b62160 R15: 00007ffc3c31bdb8 [ 519.052887][ T9696] [ 519.055995][ T9696] [ 519.058400][ T9696] Allocated by task 284: [ 519.062717][ T9696] __kasan_slab_alloc+0xbd/0xf0 [ 519.067563][ T9696] slab_post_alloc_hook+0x4f/0x2b0 [ 519.072686][ T9696] kmem_cache_alloc+0xf7/0x260 [ 519.077445][ T9696] copy_net_ns+0x145/0x5c0 [ 519.081865][ T9696] create_new_namespaces+0x3a2/0x660 [ 519.087165][ T9696] unshare_nsproxy_namespaces+0x120/0x170 [ 519.092881][ T9696] ksys_unshare+0x4ac/0x7b0 [ 519.097387][ T9696] __x64_sys_unshare+0x38/0x40 [ 519.102145][ T9696] x64_sys_call+0x442/0x9a0 [ 519.106641][ T9696] do_syscall_64+0x4c/0xa0 [ 519.111052][ T9696] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 519.116959][ T9696] [ 519.119291][ T9696] Freed by task 8: [ 519.123023][ T9696] kasan_set_track+0x4a/0x70 [ 519.127637][ T9696] kasan_set_free_info+0x23/0x40 [ 519.132576][ T9696] ____kasan_slab_free+0x125/0x160 [ 519.137684][ T9696] __kasan_slab_free+0x11/0x20 [ 519.142664][ T9696] slab_free_freelist_hook+0xc2/0x190 [ 519.148055][ T9696] kmem_cache_free+0x100/0x320 [ 519.152828][ T9696] cleanup_net+0xa2d/0xad0 [ 519.157249][ T9696] process_one_work+0x6be/0xba0 [ 519.162098][ T9696] worker_thread+0xa59/0x1200 [ 519.166774][ T9696] kthread+0x411/0x500 [ 519.170838][ T9696] ret_from_fork+0x1f/0x30 [ 519.175254][ T9696] [ 519.177572][ T9696] The buggy address belongs to the object at ffff8881201ba000 [ 519.177572][ T9696] which belongs to the cache net_namespace of size 3968 [ 519.191891][ T9696] The buggy address is located 140 bytes inside of [ 519.191891][ T9696] 3968-byte region [ffff8881201ba000, ffff8881201baf80) [ 519.205266][ T9696] The buggy address belongs to the page: [ 519.210899][ T9696] page:ffffea0004806e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881201bf000 pfn:0x1201b8 [ 519.222439][ T9696] head:ffffea0004806e00 order:3 compound_mapcount:0 compound_pincount:0 [ 519.230789][ T9696] flags: 0x4000000000010200(slab|head|zone=1) [ 519.237049][ T9696] raw: 4000000000010200 0000000000000000 0000000100000001 ffff8881001c4f00 [ 519.245637][ T9696] raw: ffff8881201bf000 0000000080080003 00000001ffffffff 0000000000000000 [ 519.254224][ T9696] page dumped because: kasan: bad access detected [ 519.260625][ T9696] page_owner tracks the page as allocated [ 519.266331][ T9696] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 284, ts 23009762426, free_ts 22917260245 [ 519.285342][ T9696] post_alloc_hook+0x192/0x1b0 [ 519.290116][ T9696] prep_new_page+0x1c/0x110 [ 519.294612][ T9696] get_page_from_freelist+0x2cc5/0x2d50 [ 519.300154][ T9696] __alloc_pages+0x18f/0x440 [ 519.304741][ T9696] new_slab+0xa1/0x4d0 [ 519.308808][ T9696] ___slab_alloc+0x381/0x810 [ 519.313490][ T9696] __slab_alloc+0x49/0x90 [ 519.317815][ T9696] kmem_cache_alloc+0x138/0x260 [ 519.322675][ T9696] copy_net_ns+0x145/0x5c0 [ 519.327131][ T9696] create_new_namespaces+0x3a2/0x660 [ 519.332420][ T9696] unshare_nsproxy_namespaces+0x120/0x170 [ 519.338332][ T9696] ksys_unshare+0x4ac/0x7b0 [ 519.342832][ T9696] __x64_sys_unshare+0x38/0x40 [ 519.347595][ T9696] x64_sys_call+0x442/0x9a0 [ 519.352093][ T9696] do_syscall_64+0x4c/0xa0 [ 519.356514][ T9696] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 519.362406][ T9696] page last free stack trace: [ 519.367068][ T9696] free_unref_page_prepare+0x542/0x550 [ 519.372532][ T9696] free_unref_page+0xa2/0x550 [ 519.377311][ T9696] free_compound_page+0x78/0xa0 [ 519.382176][ T9696] __put_compound_page+0x77/0xb0 [ 519.387128][ T9696] __put_page+0xbc/0xe0 [ 519.391294][ T9696] skb_release_data+0x3d3/0xa10 [ 519.396139][ T9696] __kfree_skb+0x50/0x70 [ 519.400372][ T9696] tcp_recvmsg_locked+0x14ac/0x2640 [ 519.405564][ T9696] tcp_recvmsg+0x21b/0x720 [ 519.409972][ T9696] inet_recvmsg+0x134/0x470 [ 519.414494][ T9696] sock_read_iter+0x2a2/0x340 [ 519.419167][ T9696] vfs_read+0x68b/0xbe0 [ 519.423325][ T9696] ksys_read+0x140/0x240 [ 519.427560][ T9696] __x64_sys_read+0x7b/0x90 [ 519.432059][ T9696] x64_sys_call+0x96d/0x9a0 [ 519.436555][ T9696] do_syscall_64+0x4c/0xa0 [ 519.440969][ T9696] [ 519.443287][ T9696] Memory state around the buggy address: [ 519.448911][ T9696] ffff8881201b9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 519.456963][ T9696] ffff8881201ba000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.465014][ T9696] >ffff8881201ba080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.473064][ T9696] ^ [ 519.477382][ T9696] ffff8881201ba100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.485434][ T9696] ffff8881201ba180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 519.493482][ T9696] ================================================================== [ 519.501533][ T9696] Disabling lock debugging due to kernel taint [ 519.527888][ T408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 519.559511][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 519.568177][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 519.576685][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 519.587472][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready