last executing test programs: 1m9.276863612s ago: executing program 2 (id=1109): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r0, &(0x7f0000000040), 0x10) listen(r0, 0x0) r1 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r2 = accept4$unix(r0, 0x0, 0x0, 0x0) recvfrom$unix(r2, &(0x7f0000000140)=""/263, 0x40000, 0x0, 0x0, 0x0) 1m9.245170183s ago: executing program 2 (id=1112): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r3 = syz_io_uring_setup(0x497, &(0x7f00000004c0)={0x0, 0xd34d, 0x800, 0x3, 0x20e}, &(0x7f0000000540)=0x0, &(0x7f0000000680)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) io_uring_enter(r3, 0x40f9, 0x217, 0xa5, 0x0, 0x0) 1m9.172786354s ago: executing program 2 (id=1114): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0x474a, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r0, &(0x7f0000002f40)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x45833af96e4b39ff, 0x0) 1m9.060475466s ago: executing program 2 (id=1117): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x40, 0x7ffc1ffb}]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') 1m9.033960466s ago: executing program 2 (id=1118): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079d}) socketpair(0x1, 0x1, 0x1, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x308) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000080)) 1m7.369800524s ago: executing program 2 (id=1160): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f00000004c0)="3912c1d03d9f66103940872256d8995b00c720af0cfa51b2b3b1448411fe107e64af467c85a200ebafdbee2c35b8ad1677fe7bb27ca22acbe83c449484972354b3baa1809633e690474a9154f95bd6874f20a0b290c590d44a9f5cd01414544ad719b82a550f2a7215e33e2dfdc1ce61a75637323b8828c5e5ef1f77b3d93114d46ceddb9d976eea7e20bb95e24e1e8b9974397bb8d73856a38618eac0ab333267fc833503b4df7838f5e522192252f4fd72ae45d21b55414a82ec84ff620a1ee2", 0xc1}], 0x1}}], 0x1, 0xc010) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20"], 0xd6) 1m7.269528326s ago: executing program 32 (id=1160): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f00000004c0)="3912c1d03d9f66103940872256d8995b00c720af0cfa51b2b3b1448411fe107e64af467c85a200ebafdbee2c35b8ad1677fe7bb27ca22acbe83c449484972354b3baa1809633e690474a9154f95bd6874f20a0b290c590d44a9f5cd01414544ad719b82a550f2a7215e33e2dfdc1ce61a75637323b8828c5e5ef1f77b3d93114d46ceddb9d976eea7e20bb95e24e1e8b9974397bb8d73856a38618eac0ab333267fc833503b4df7838f5e522192252f4fd72ae45d21b55414a82ec84ff620a1ee2", 0xc1}], 0x1}}], 0x1, 0xc010) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b110000000000000000000000000000000000ff0200000000000000000000000000014f1c4e20"], 0xd6) 3.629130039s ago: executing program 0 (id=2311): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3, 0x0, 0x8, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}, 0x100002, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) cachestat(0xffffffffffffffff, 0x0, 0x0, 0x0) 3.59913777s ago: executing program 0 (id=2312): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000004c0)='sys_enter\x00', r2, 0x0, 0xfffffffffffffffe}, 0x18) sendmmsg$unix(r0, 0x0, 0x0, 0x20000000) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x39) r3 = inotify_init1(0x0) r4 = inotify_add_watch(r3, &(0x7f0000000200)='.\x00', 0x10000a0) r5 = dup(r3) inotify_rm_watch(r5, r4) 2.709787555s ago: executing program 0 (id=2330): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') r0 = getpgrp(0xffffffffffffffff) kcmp(r0, r0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000004c0)) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x200000000000000, 0x0, 0x1) 1.869645709s ago: executing program 0 (id=2331): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r2, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r3}, 0x38) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0x2}, 0x18) 1.82517064s ago: executing program 4 (id=2335): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[], 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) 1.740483611s ago: executing program 1 (id=2336): r0 = gettid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.533584565s ago: executing program 3 (id=2337): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2}}, 0x2e) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000008c0), 0x1, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r3, 0x0, 0x2}, 0x18) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x1}}, 0x26) close_range(r1, 0xffffffffffffffff, 0x0) 1.533267505s ago: executing program 3 (id=2338): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='mm_page_alloc\x00', r1}, 0x18) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) bind$xdp(r2, &(0x7f0000000100)={0x2c, 0x0, r4}, 0x10) 1.502604085s ago: executing program 3 (id=2339): r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40000100, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x7}, 0x0, 0x800, 0xfffffffc, 0x7, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x20000000000002b8, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x8000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @remote}]}}}]}, 0x40}}, 0x0) r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$selinux_load(r4, &(0x7f00000002c0)={0xf97cff8c, 0x8}, 0x10) 1.337079458s ago: executing program 3 (id=2341): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000e40)=@delchain={0x40, 0x2c, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xfff3}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x0, 0xfff3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 1.21802981s ago: executing program 4 (id=2343): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @link_local}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r4}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='qdisc_destroy\x00', r2}, 0x10) close(r1) 1.129654661s ago: executing program 3 (id=2344): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000380)='sched_switch\x00', r2}, 0x18) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 1.096205912s ago: executing program 4 (id=2345): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) syz_io_uring_setup(0x110d, &(0x7f0000000380)={0x0, 0x5f51, 0x2, 0xfffffffc, 0x334}, &(0x7f0000000400)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000500)=ANY=[@ANYRESDEC=r0], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2010008, &(0x7f0000000540)={[{@errors_continue}]}, 0xff, 0x531, &(0x7f0000000640)="$eJzs3cFvI1cZAPBvnDib7GabFDhApZZCi7IVrJ00tI04lCIhOFVClPsSEieK4sRR7LSbqILsX4CEECBxggsXJP4AJLQSF44IqRKcQSoCIdiCBAfoINvjJDjjxFuceNf5/aTZeW/GM9/3vHnjGc/TOIAr69mIeC0i3k/T9IWImMmWF7IpDttT83XvPXh7pTklkaZv/DWJJFvW2VeSzW9km01GxFe/HPGN5HTc+v7B5nK1WtnN6uXG1k65vn9we2Nreb2yXtleXFx4eemVpZeW5gfSzpsR8eoX//i9b//kS6/+4jNv/eHOn299s5nWdLb+ZDse0vhZK9tNL16b7Npg9wMGexQ121PsVKb62+beBeYDAEBvzXP8D0XEJyPihZiJsbNPZwEAAIDHUPr56fh3EpHmm+ixHAAAAHiMFFpjYJNCKRsLMB2FQqnUHsP7kbheqNbqjU+v1fa2V9tjZWejWFjbqFbms7HCs1FMmvWFVvm4/mJXfTEinoyI785MteqllVp1ddhffgAAAMAVcaPr+v8fM+3rfwAAAGDEzA47AQAAAODCuf4HAACA0ef6HwAAAEbaV15/vTmlnd+/Xn1zf2+z9ubt1Up9s7S1t1Jaqe3ulNZrtfXWM/u2zttftVbb+Wxs790tNyr1Rrm+f3Bnq7a33bizEZOX0iAAAADglCc/fv93SUQcfm6qNTVNDDsp4FKMH5WSbJ7T+3//RHv+7iUlBVyKsT5e8+61/OXOE+DxNt69oEdfB0ZPcdgJAEOXnLO+5+CdX2fzTww2HwAAYPDmPpZ///+864GIw8IlpAdcIJ0Yrq6u+//pzLASAS5d6/5/vwN5nCzASCn2NQIQGGX/9/3/c6XpQyUEAAAM3HRrSgql7Ou96SgUSqWIm62fBSgmaxvVynxEPBERv50pXmvWF1pbJn2MEQAAAAAAAAAAAAAAAAAAAAAAAAAAovVU7iRSAAAAYKRFFP6U/LL9LP+5meenu78fmEj+1fpJ4ImIeOuHb3z/7nKjsbvQXP63o+WNH2TLXxzGNxgAAABAt851emv+z2FnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCoee/B2yudqY+XTw0q7l++EBGzefHHY7I1n4xiRFz/exLjJ7ZLImJsAPEP70XER/PiJ820jkLmxR/Em3BO/JjN3oW8+DcGEB+usvvN489ref2vEM+25vn9bzzif+ofVO/jXxwd/8Z69P+bfcZ46p2flXvGvxfx1Hj+8acTP+kR/7k+43/9awcHvdalP4qY63z+tI54JyMcl8qNrZ1yff/g9sbW8nplvbK9uLjw8tIrSy8tzZfXNqqV7N/cGN95+ufvn9X+67mff0mWTe/2P5+zv7zPpP+8c/fBhzuVw9Pxbz2XE/9XP85ecTp+IYvzqazcXD/XKR+2yyc989PfPHNW+1eP2198mP//W7122u1UR3m63z8dAOAC1PcPNper1cruyBaaV+mPQBoKj2DhWwPdYZqmabNP5ay6HxH97CeJAbe0kJ/PcaHnEWDYRyYAAGDQjk/6h50JAAAAAAAAAAAAAAAAAAAAXF2X8ZS17pjHj0BOBvEIbQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAgfhvAAAA//89e9P5") socket$nl_generic(0x10, 0x3, 0x10) inotify_init1(0x0) socket(0x400000000010, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d1400bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r2, 0x2000012, 0xffe, 0x0, &(0x7f0000000c40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.024227223s ago: executing program 1 (id=2347): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="0000186df4b1768c36153d42", @ANYRES32, @ANYBLOB="0a3f000000a3f500950004000000010045"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89f1, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f2, &(0x7f0000000080)) 992.348354ms ago: executing program 0 (id=2348): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000009b, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffdc6) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) rt_sigpending(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sync() sync() 921.640245ms ago: executing program 1 (id=2349): perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x482, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={0x0, 0xf}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x45, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x74}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x2021) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x42}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 920.912895ms ago: executing program 1 (id=2350): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) bpf$MAP_CREATE(0x0, 0x0, 0x48) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) semtimedop(0x0, &(0x7f0000000480)=[{0x4, 0xfff6}], 0x1, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x630c1100, 0x0, 0x0, 0x0, 0x0, 0x0) 920.183985ms ago: executing program 5 (id=2351): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000000000000081, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r2, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f00000000c0)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x801}, 0x4000045) accept4(r2, 0x0, 0x0, 0x0) 690.477829ms ago: executing program 3 (id=2352): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000)=0x10000000000000, 0xffffff6a) io_setup(0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x8) 689.869029ms ago: executing program 4 (id=2353): r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f00000002c0)={&(0x7f0000000180)=@qipcrtr={0x2a, 0x4, 0x8003}, 0x80, 0x0, 0x0, &(0x7f0000000740)=[{0x10, 0x10d, 0x7c}, {0x58, 0x0, 0x7, "9167863aae5f5cfe11ade1f0ac7704c7b66405d141302019679a7faa064f075bd980f062c90e2ceda08787b88d891f04180740195a6428514de90a005a09000a87f22b46167a11"}], 0x68}, 0x8041) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40305829, &(0x7f0000000040)) bpf$ITER_CREATE(0x21, &(0x7f0000000700)={r2}, 0x8) r3 = socket$kcm(0x10, 0x2, 0x0) socketpair(0x18, 0x2, 0x9, &(0x7f0000000000)) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73f72cc9f0ba1f8483c0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 689.563359ms ago: executing program 5 (id=2362): creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000380)='./file0\x00', 0x100000) 621.20382ms ago: executing program 5 (id=2354): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)) socket$packet(0x11, 0x2, 0x300) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 539.199341ms ago: executing program 0 (id=2355): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f00000005c0)={[{@discard}, {@bh}, {@nomblk_io_submit}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x12) write(r1, &(0x7f0000004200)='t', 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r3}, 0x10) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 538.831821ms ago: executing program 4 (id=2356): r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x1}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0x20, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r6, {0xd, 0xf}, {}, {0x7, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) 512.800132ms ago: executing program 5 (id=2357): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000540)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff303030303031373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e58fd37cea6623dc422c2ddbcefe94e5c255b5e8c90613e6b598b3b7a2c05de53dab7"], 0x1, 0x291, &(0x7f0000000280)="$eJzs3M9r034YwPGn6dZ0+7Ifpy/oxQe96CXMelQPVTYQC0q3inoQMpZpaG1HErQVwZw97e8YHr0J4j+w/8LbEGSnnYyszbKs+4Wza2f7fkHJkzz5tE8SUp5PId16uv66uupbq3YgRl7FEAllR2RWXNmTiZe5dpxLtsvdgoRyY+7N9sfFZ88fFkul+bLqQnHpVkFVp698ffv+09VvwX9PPk+bpmzOvtj6Wfi++f/mpa1fS69cX11f641AbV1uNAJ7ueboiutXLdXHNcf2HXXrvuMdyK/WGmtrLbXrK1OTa57j+2rXW2pIS4OG5uOq6mpZlk5N7sZ5GSG5Px5R2SiX7eK5FIMLw/OKdlZEJg7dDZWNwVQEAAAG6fj+30j22ev/je7+X+SU/v9DvNf0l573/1lJ+v+q0+7/A6+l9kvbTff/ONHZ+n/jfIrB38iEqZV7B1KeV5w4ehD9PwAAAAAAAAAAAAAAAAAAAAAA/4KdKJqJomhmd2mISBSvmyKSTa0fMXSknq0fVunrH6VeZnyBT7j+GAKpB/fyIj/CZqVZybSXnfzCg9L8nLalHvzbbjYr2SR/s5PXg/lxmYzzhSPzObl+rZPfzd1/VErn15uVCVk5sfKwV6cAAAAAAIChZ2liNtmYl2R+b1lqSne+PX/vROH+7wNd8/sxuTzWv+MAAAAAAADH81vvqnat5nj9CbJ9/KwzByJnG347MntSRlZETtmnvCgy+BN1KDDlQpQxzMGdnr1hlBHpbBmPvwy67gIAAAAAw2V/PjDoSgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF39+OuyQR8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFH8DgAA//8sg70h") sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f687372000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c0003801400010076657468305f746f5f6873720000000014000100"], 0xfc}}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000040)={r4, 0x1, 0x6, @local}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r4, 0x11, 0x6, @broadcast}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001b00)=@getchain={0x6c, 0x11, 0x1, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x10}, {0x0, 0x6}}, [{0x8, 0xb, 0x5}, {0x8, 0xb, 0x1b}, {0x8, 0xb, 0xb}, {0x8, 0xb, 0x6}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x7}, {0x8}, {0x8, 0xb, 0x7ead}, {0x8, 0xb, 0x80000401}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008050) 445.103763ms ago: executing program 1 (id=2358): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x400, &(0x7f0000000680)={[{@rodir}, {@shortname_win95}, {@utf8}, {@fat=@dmask={'dmask', 0x3d, 0x1ec}}, {@numtail}, {@fat=@check_strict}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@shortname_mixed}, {@uni_xlateno}]}, 0x0, 0x27c, &(0x7f00000002c0)="$eJzs3EFrHGUYB/DHbG3SlHZzEEFBfNGLXpY2foJFWhAXlNgt6kGYmo0uGXfDzhJZEZuLePVzFI/eBPUL5CJevHsLguClB3GlO7t20241qUmzbX4/CO8zed8/8w6ZhGcCO3vvfv3J5kZR28j6sbCUYiFiJ25HrNypxp4ajwuj+mxM24lXz//xywvvvPf+m/VG48paSlfr115bTSldfPH7Tz//5qUf++evf3vxu8XYXflg7/fVX3ef3X1u769rH7eL1C5Sp9tPWbrR7fazG3krrbeLzVpKb+etrGildqdo9fbNb+Tdra1ByjrrF5a3eq2iSFlnkDZbg9Tvpn5vkLKPsnYn1Wq1dGE5TrczB1jTvLW2ltUfOD2sHOmOOHbnZn2z16tnlZmTzVuPYlMAwHz59/6/7PUf3P83rpej/v9xsbPv6D/6f54Id/r/5fHv7376fwAAAAAAAAAAAAAAeBzcHg6rw+GwOhknX4sRsRQRk+OT3ifHw8//dJv64N5SRP7VdnO7WY7lfH0j2pFHKy5FNf4c3Q9jZX31jcaVS2lkJX7Ib47zN7eblVic5CdWZucvl/m0P/90LE+ffzWq8czs/OrM/Nl45eWpfC2q8dOH0Y081kf39d38F5dTev2txj35c6N1AAAA8CSopX/c9/w+mh8tWIr758v8If4/cM/z9Zl4/iCvqAQAAAD+t2Lw2WaW562e4qiKSszFNhRlkR4m9VtEHCI1nIsrPdripP8yAQAAR+1u03+I0M9fHuOOAAAAAAAAAAAAAAAAAAAA4PQ56PvAJusf5nViU6ernMxVAgAAAAAAAAAAAAAAAAAAAAAAwHz4OwAA///1IirV") r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) accept4$unix(r0, 0x0, 0x0, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000002340)={0x28, 0x0, 0x0, @local}, 0x10) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="2800000014001901000000000000000228"], 0x28}}, 0x48c0) 407.998983ms ago: executing program 4 (id=2359): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x9, 0x0) fcntl$setlease(r2, 0x400, 0x0) mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r3}, 0x38) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4, 0x0, 0x2}, 0x18) 213.742977ms ago: executing program 1 (id=2360): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0) 175.601587ms ago: executing program 5 (id=2361): r0 = syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_procs(r1, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000005c0)=r0, 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000040)=0x1, 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f0000000280)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000040)=0x1, 0x12) 0s ago: executing program 5 (id=2363): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) clock_nanosleep(0xfffffff2, 0xca9a3b, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x14) fcntl$setsig(r1, 0xa, 0x13) fcntl$setlease(r1, 0x400, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): port in use) [ 91.304146][ T7494] xt_CT: You must specify a L4 protocol and not use inversions on it [ 91.800465][ T7520] loop4: detected capacity change from 0 to 256 [ 91.940662][ T29] kauditd_printk_skb: 102 callbacks suppressed [ 91.940678][ T29] audit: type=1326 audit(2000000049.560:1959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7523 comm="syz.5.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 92.008848][ T7526] netlink: 332 bytes leftover after parsing attributes in process `syz.4.1237'. [ 92.032609][ T7528] netlink: 'syz.0.1238': attribute type 12 has an invalid length. [ 92.049913][ T7526] netlink: 'syz.4.1237': attribute type 9 has an invalid length. [ 92.058373][ T7526] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1237'. [ 92.067842][ T7526] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1237'. [ 92.090809][ T29] audit: type=1326 audit(2000000049.590:1960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7523 comm="syz.5.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 92.308343][ T29] audit: type=1326 audit(2000000049.750:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7523 comm="syz.5.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 92.331904][ T29] audit: type=1326 audit(2000000049.750:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7523 comm="syz.5.1236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 92.355349][ T29] audit: type=1400 audit(2000000049.900:1963): avc: denied { map } for pid=7534 comm="syz.1.1241" path="socket:[17181]" dev="sockfs" ino=17181 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 92.506448][ T7546] xt_CT: You must specify a L4 protocol and not use inversions on it [ 92.596685][ T7554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1257'. [ 92.648641][ T7552] lo speed is unknown, defaulting to 1000 [ 92.666586][ T29] audit: type=1400 audit(2000000050.280:1964): avc: denied { ioctl } for pid=7557 comm="syz.0.1260" path="/dev/usbmon7" dev="devtmpfs" ino=163 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 92.698937][ T7554] bond2: entered promiscuous mode [ 92.704010][ T7554] bond2: entered allmulticast mode [ 92.717861][ T7554] 8021q: adding VLAN 0 to HW filter on device bond2 [ 92.747893][ T7552] lo speed is unknown, defaulting to 1000 [ 92.797391][ T29] audit: type=1326 audit(2000000050.410:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7570 comm="syz.1.1264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 92.821006][ T29] audit: type=1326 audit(2000000050.410:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7570 comm="syz.1.1264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 92.844542][ T29] audit: type=1326 audit(2000000050.410:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7570 comm="syz.1.1264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 92.867987][ T29] audit: type=1326 audit(2000000050.410:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7570 comm="syz.1.1264" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 92.995633][ T7587] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1255'. [ 93.014096][ T7587] netlink: 'syz.0.1255': attribute type 9 has an invalid length. [ 93.024969][ T7587] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1255'. [ 93.096945][ T4101] bridge_slave_1: left allmulticast mode [ 93.102659][ T4101] bridge_slave_1: left promiscuous mode [ 93.108501][ T4101] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.133651][ T4101] bridge_slave_0: left allmulticast mode [ 93.139527][ T4101] bridge_slave_0: left promiscuous mode [ 93.145199][ T4101] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.190928][ T4101] bond0 (unregistering): (slave gretap1): Releasing active interface [ 93.203692][ T4101] gretap1 (unregistering): left allmulticast mode [ 93.221164][ T4101] team0: Port device geneve1 removed [ 93.230553][ T7612] xt_CT: You must specify a L4 protocol and not use inversions on it [ 93.309322][ T4101] bond0 (unregistering): Released all slaves [ 93.317786][ T4101] bond1 (unregistering): Released all slaves [ 93.407777][ T4101] hsr_slave_0: left promiscuous mode [ 93.422618][ T4101] hsr_slave_1: left promiscuous mode [ 93.434588][ T4101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.444233][ T4101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.533650][ T4101] team0 (unregistering): Port device team_slave_1 removed [ 93.560126][ T4101] team0 (unregistering): Port device team_slave_0 removed [ 93.631830][ T7644] dummy0: left allmulticast mode [ 93.636833][ T7644] dummy0: left promiscuous mode [ 93.641892][ T7644] bridge0: port 3(dummy0) entered disabled state [ 93.650781][ T7644] wg2: left promiscuous mode [ 93.655466][ T7644] wg2: left allmulticast mode [ 93.662942][ T7644] bridge_slave_0: left allmulticast mode [ 93.668631][ T7644] bridge_slave_0: left promiscuous mode [ 93.674309][ T7644] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.684331][ T7644] bridge_slave_1: left allmulticast mode [ 93.690061][ T7644] bridge_slave_1: left promiscuous mode [ 93.695780][ T7644] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.697271][ T7654] netlink: 'syz.5.1272': attribute type 9 has an invalid length. [ 93.714014][ T7644] team0: Port device team_slave_0 removed [ 93.721217][ T7644] team0: Port device team_slave_1 removed [ 93.727632][ T7644] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 93.738344][ T7644] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 93.750979][ T7644] vxlan0: left promiscuous mode [ 93.756400][ T7644] bond2: left promiscuous mode [ 93.761242][ T7644] bridge1: left promiscuous mode [ 93.766265][ T7644] bond2: left allmulticast mode [ 93.771260][ T7644] bridge1: left allmulticast mode [ 93.778298][ T7644] bond2: (slave bridge1): Removing an active aggregator [ 93.785807][ T7644] bond2: (slave bridge1): Releasing backup interface [ 93.795473][ T7644] bond0: (slave gretap1): Releasing active interface [ 93.803422][ T7644] gretap1: left allmulticast mode [ 93.813498][ T23] lo speed is unknown, defaulting to 1000 [ 93.813647][ T7650] pim6reg1: entered promiscuous mode [ 93.819269][ T23] syz2: Port: 1 Link DOWN [ 93.829097][ T7650] pim6reg1: entered allmulticast mode [ 93.869590][ T7658] loop5: detected capacity change from 0 to 512 [ 93.876426][ T7658] EXT4-fs: inline encryption not supported [ 93.905302][ T7666] netlink: 'syz.4.1277': attribute type 27 has an invalid length. [ 93.917761][ T7658] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.933992][ T7666] wg2: left promiscuous mode [ 93.938665][ T7666] wg2: left allmulticast mode [ 93.969086][ T7658] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #2: comm syz.5.1274: corrupted inode contents [ 93.986553][ T7669] loop3: detected capacity change from 0 to 8192 [ 94.006987][ T7658] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #2: comm syz.5.1274: mark_inode_dirty error [ 94.021019][ T7658] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #2: comm syz.5.1274: corrupted inode contents [ 94.021198][ T7658] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.1274: mark_inode_dirty error [ 94.026604][ T7666] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.030863][ T7666] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.041583][ T7666] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 94.041639][ T5223] lo speed is unknown, defaulting to 1000 [ 94.041655][ T5223] syz0: Port: 1 Link ACTIVE [ 94.124818][ T7674] vhci_hcd: default hub control req: 2317 v0040 i0002 l0 [ 94.400250][ T5223] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 94.400558][ T5223] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 94.648446][ T7719] loop4: detected capacity change from 0 to 128 [ 94.661822][ T7719] bio_check_eod: 98 callbacks suppressed [ 94.661854][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.661854][ T7719] loop4: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 94.662010][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662010][ T7719] loop4: rw=2049, sector=169, nr_sectors = 16 limit=128 [ 94.662054][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662054][ T7719] loop4: rw=2049, sector=193, nr_sectors = 8 limit=128 [ 94.662119][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662119][ T7719] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128 [ 94.662173][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662173][ T7719] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128 [ 94.662215][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662215][ T7719] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128 [ 94.662258][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662258][ T7719] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128 [ 94.662367][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662367][ T7719] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128 [ 94.662408][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.662408][ T7719] loop4: rw=2049, sector=289, nr_sectors = 9 limit=128 [ 94.665184][ T7719] syz.4.1301: attempt to access beyond end of device [ 94.665184][ T7719] loop4: rw=2049, sector=305, nr_sectors = 1 limit=128 [ 94.739337][ T7722] __nla_validate_parse: 6 callbacks suppressed [ 94.739422][ T7722] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1312'. [ 94.749219][ T7719] Buffer I/O error on dev loop4, logical block 305, lost async page write [ 94.805180][ T7725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1312'. [ 94.851808][ T7727] sch_tbf: burst 19872 is lower than device lo mtu (39799) ! [ 94.894156][ T7729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1304'. [ 94.894203][ T7729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1304'. [ 94.894254][ T7729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1304'. [ 94.937950][ T7731] netlink: 'syz.0.1305': attribute type 1 has an invalid length. [ 94.939447][ T7735] xt_hashlimit: size too large, truncated to 1048576 [ 94.956181][ T7731] 8021q: adding VLAN 0 to HW filter on device bond3 [ 94.977031][ T7731] 8021q: adding VLAN 0 to HW filter on device bond3 [ 94.977686][ T7731] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 94.980460][ T7731] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 95.143696][ T7742] ip6erspan0: entered promiscuous mode [ 95.145455][ T7742] bond3: (slave ip6erspan0): making interface the new active one [ 95.145732][ T7742] bond3: (slave ip6erspan0): Enslaving as an active interface with an up link [ 95.156987][ T7738] tipc: Enabled bearer , priority 0 [ 95.188416][ T7737] tipc: Resetting bearer [ 95.227510][ T7746] loop0: detected capacity change from 0 to 1024 [ 95.235852][ T7737] tipc: Disabling bearer [ 95.278542][ T7748] lo speed is unknown, defaulting to 1000 [ 95.284671][ T7748] lo speed is unknown, defaulting to 1000 [ 95.291005][ T7746] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm +}[@: Allocating blocks 449-513 which overlap fs metadata [ 95.340840][ T7745] EXT4-fs (loop0): pa ffff888106a51a80: logic 48, phys. 177, len 21 [ 95.349077][ T7745] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4 [ 95.359863][ T7757] netlink: 'syz.3.1315': attribute type 11 has an invalid length. [ 95.460788][ T7766] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 95.475172][ T7755] lo speed is unknown, defaulting to 1000 [ 95.483906][ T7755] lo speed is unknown, defaulting to 1000 [ 95.736287][ T7784] tipc: Enabled bearer , priority 0 [ 95.736882][ T7782] tipc: Resetting bearer [ 95.742273][ T7782] tipc: Disabling bearer [ 95.891889][ T7792] vhci_hcd: invalid port number 236 [ 95.891909][ T7792] vhci_hcd: invalid port number 236 [ 96.001054][ T7799] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1332'. [ 96.312541][ T7815] 9pnet: p9_errstr2errno: server reported unknown error [ 96.320039][ T7813] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1335'. [ 96.333274][ T7816] loop3: detected capacity change from 0 to 512 [ 96.342062][ T7816] ext4 filesystem being mounted at /284/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.182784][ T29] kauditd_printk_skb: 138 callbacks suppressed [ 97.182803][ T29] audit: type=1326 audit(2000000054.800:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7851 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 97.280507][ T7855] loop0: detected capacity change from 0 to 164 [ 97.297037][ T29] audit: type=1326 audit(2000000054.830:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7851 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 97.320518][ T29] audit: type=1326 audit(2000000054.830:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7851 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 97.320605][ T29] audit: type=1326 audit(2000000054.830:2110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7851 comm="syz.1.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 97.462428][ T7864] netlink: 'syz.0.1360': attribute type 10 has an invalid length. [ 97.470456][ T7864] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1360'. [ 97.483280][ T7864] dummy0: entered promiscuous mode [ 98.229175][ T7894] loop5: detected capacity change from 0 to 512 [ 98.274831][ T7894] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1372: bg 0: block 5: invalid block bitmap [ 98.329924][ T7894] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 98.370476][ T7894] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1372: invalid indirect mapped block 3 (level 2) [ 98.444639][ T7894] EXT4-fs (loop5): 2 truncates cleaned up [ 98.484172][ T7894] EXT4-fs mount: 17 callbacks suppressed [ 98.484198][ T7894] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.657362][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.717029][ T7912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1378'. [ 98.747176][ T7908] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.765077][ T7914] SELinux: +}[@ (7914) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 98.785205][ T7917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.794018][ T7917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 98.828659][ T7919] lo speed is unknown, defaulting to 1000 [ 98.834654][ T7919] lo speed is unknown, defaulting to 1000 [ 98.866001][ T7908] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.940577][ T7908] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.002846][ T7908] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.054778][ T7908] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.065895][ T7908] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.077965][ T7908] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.089188][ T7908] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.124569][ T7924] netlink: '+}[@': attribute type 12 has an invalid length. [ 100.440617][ T29] audit: type=1400 audit(2000000057.970:2111): avc: denied { setattr } for pid=7941 comm="syz.0.1387" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 100.780509][ T7967] syz_tun: entered allmulticast mode [ 100.813632][ T7965] syz_tun: left allmulticast mode [ 100.849332][ T7972] bond3: entered promiscuous mode [ 100.854420][ T7972] bond3: entered allmulticast mode [ 100.892876][ T7972] 8021q: adding VLAN 0 to HW filter on device bond3 [ 100.913485][ T7972] bond3 (unregistering): Released all slaves [ 101.003758][ T29] audit: type=1326 audit(2000000058.620:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7987 comm="syz.0.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 101.028150][ T29] audit: type=1326 audit(2000000058.620:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7987 comm="syz.0.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 101.059237][ T29] audit: type=1326 audit(2000000058.670:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7987 comm="syz.0.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 101.082743][ T29] audit: type=1326 audit(2000000058.670:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7987 comm="syz.0.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 101.106166][ T29] audit: type=1326 audit(2000000058.670:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7987 comm="syz.0.1400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 101.241847][ T8004] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1406'. [ 101.256177][ T8012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1409'. [ 101.474571][ T8032] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.1417'. [ 101.496110][ T8023] loop5: detected capacity change from 0 to 8192 [ 101.587614][ T8023] loop5: p3 [ 101.772350][ T8053] dummy0: entered promiscuous mode [ 101.780435][ T8053] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1425'. [ 101.818763][ T8053] dummy0 (unregistering): left promiscuous mode [ 101.925199][ T8063] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.1429'. [ 101.942424][ T8065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1430'. [ 101.952040][ T8065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1430'. [ 102.256524][ T29] kauditd_printk_skb: 100 callbacks suppressed [ 102.256539][ T29] audit: type=1400 audit(2000000059.870:2217): avc: denied { create } for pid=8083 comm="syz.3.1439" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 102.266299][ T8084] IPv6: Can't replace route, no match found [ 102.315462][ T8087] netlink: 'syz.3.1440': attribute type 13 has an invalid length. [ 102.434021][ T8094] lo speed is unknown, defaulting to 1000 [ 102.440205][ T8094] lo speed is unknown, defaulting to 1000 [ 102.631958][ T8106] loop0: detected capacity change from 0 to 512 [ 102.639030][ T8106] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 102.649247][ T8106] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.1448: invalid block [ 102.662723][ T8106] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1448: invalid indirect mapped block 4294967295 (level 1) [ 102.677113][ T8106] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.1448: invalid indirect mapped block 4294967295 (level 1) [ 102.691852][ T8106] EXT4-fs (loop0): 2 truncates cleaned up [ 102.698261][ T8106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.712249][ T8106] EXT4-fs (loop0): shut down requested (2) [ 102.726663][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.830476][ T29] audit: type=1326 audit(2000000060.450:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 102.855767][ T29] audit: type=1326 audit(2000000060.450:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 102.885262][ T29] audit: type=1326 audit(2000000060.470:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 102.908800][ T29] audit: type=1326 audit(2000000060.470:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 102.932244][ T29] audit: type=1326 audit(2000000060.470:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 102.955763][ T29] audit: type=1326 audit(2000000060.470:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 102.979366][ T29] audit: type=1326 audit(2000000060.500:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 103.002892][ T29] audit: type=1326 audit(2000000060.500:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fae7cbc58e7 code=0x7ffc0000 [ 103.026261][ T29] audit: type=1326 audit(2000000060.500:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8118 comm="syz.4.1453" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fae7cb6ab19 code=0x7ffc0000 [ 103.266708][ T8151] netlink: 'syz.1.1465': attribute type 1 has an invalid length. [ 103.304065][ T8157] loop4: detected capacity change from 0 to 1024 [ 103.314831][ T8157] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 103.326875][ T8151] 8021q: adding VLAN 0 to HW filter on device bond3 [ 103.334625][ T8157] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 103.342908][ T8155] loop5: detected capacity change from 0 to 2048 [ 103.352713][ T8157] EXT4-fs (loop4): orphan cleanup on readonly fs [ 103.360409][ T8155] EXT4-fs (loop5): failed to initialize system zone (-117) [ 103.360955][ T8163] bond3 (unregistering): Released all slaves [ 103.368776][ T8155] EXT4-fs (loop5): mount failed [ 103.378805][ T8157] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.1467: Invalid inode table block 0 in block_group 0 [ 103.392959][ T8157] EXT4-fs (loop4): Remounting filesystem read-only [ 103.405647][ T8157] EXT4-fs (loop4): 1 truncate cleaned up [ 103.413890][ T8157] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 103.445565][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.515003][ T8185] loop4: detected capacity change from 0 to 256 [ 103.529278][ T8185] msdos: Bad value for 'gid' [ 103.534163][ T8185] msdos: Bad value for 'gid' [ 103.534294][ T8192] loop3: detected capacity change from 0 to 512 [ 103.549977][ T8192] EXT4-fs: inline encryption not supported [ 103.556119][ T8192] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 103.709593][ T8224] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1473'. [ 104.077684][ T8267] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 104.099004][ T8268] loop5: detected capacity change from 0 to 256 [ 104.110642][ T8268] msdos: Bad value for 'gid' [ 104.115382][ T8268] msdos: Bad value for 'gid' [ 104.147159][ T8270] syzkaller0: entered promiscuous mode [ 104.152830][ T8270] syzkaller0: entered allmulticast mode [ 104.276977][ T8276] loop1: detected capacity change from 0 to 2048 [ 104.289206][ T8276] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.304987][ T8276] Invalid ELF header magic: != ELF [ 104.351495][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.476159][ T8301] tipc: Started in network mode [ 104.481290][ T8301] tipc: Node identity 3aed6b65054b, cluster identity 4711 [ 104.488655][ T8301] tipc: Enabled bearer , priority 0 [ 104.509655][ T8291] tipc: Resetting bearer [ 104.540961][ T8291] tipc: Disabling bearer [ 104.710566][ T8324] ip6gre1: entered allmulticast mode [ 104.921485][ T8350] pim6reg1: entered promiscuous mode [ 104.926919][ T8350] pim6reg1: entered allmulticast mode [ 104.950663][ T8341] loop4: detected capacity change from 0 to 8192 [ 104.984128][ T8359] pim6reg1: entered promiscuous mode [ 104.989575][ T8359] pim6reg1: entered allmulticast mode [ 105.015218][ T8341] loop4: p3 [ 105.083167][ T8372] bridge: RTM_NEWNEIGH with invalid ether address [ 105.231857][ T8385] macvlan1: entered promiscuous mode [ 105.267254][ T8385] ipvlan0: entered promiscuous mode [ 105.323266][ T8389] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1516'. [ 105.355410][ T8389] netlink: zone id is out of range [ 105.369811][ T8389] netlink: zone id is out of range [ 105.375048][ T8389] netlink: zone id is out of range [ 105.380310][ T8389] netlink: zone id is out of range [ 105.385435][ T8389] netlink: zone id is out of range [ 105.390647][ T8389] netlink: zone id is out of range [ 105.444033][ T8389] netlink: zone id is out of range [ 105.461299][ T8389] netlink: del zone limit has 8 unknown bytes [ 105.536967][ T8385] ipvlan0: left promiscuous mode [ 105.551651][ T8385] macvlan1: left promiscuous mode [ 105.598420][ T8400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1518'. [ 106.243944][ T8436] macvlan1: entered promiscuous mode [ 106.278117][ T8436] ipvlan0: entered promiscuous mode [ 106.284025][ T8436] ipvlan0: left promiscuous mode [ 106.304125][ T8436] macvlan1: left promiscuous mode [ 106.456035][ T8448] loop4: detected capacity change from 0 to 512 [ 106.493541][ T8448] EXT4-fs (loop4): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 106.576944][ T8457] loop3: detected capacity change from 0 to 1024 [ 106.584484][ T8457] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 106.598153][ T8450] lo speed is unknown, defaulting to 1000 [ 106.606589][ T8450] lo speed is unknown, defaulting to 1000 [ 106.619476][ T3316] EXT4-fs (loop4): unmounting filesystem 00800000-0000-0000-0000-000000000000. [ 106.629046][ T8457] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 106.637188][ T8457] EXT4-fs (loop3): orphan cleanup on readonly fs [ 106.650448][ T8457] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.1540: Invalid inode table block 0 in block_group 0 [ 106.684029][ T8457] EXT4-fs (loop3): Remounting filesystem read-only [ 106.715849][ T8457] EXT4-fs (loop3): 1 truncate cleaned up [ 106.746812][ T8457] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 106.797590][ T8467] tipc: New replicast peer: 255.255.255.255 [ 106.803685][ T8467] tipc: Enabled bearer , priority 10 [ 106.842673][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.922660][ T8473] __nla_validate_parse: 2 callbacks suppressed [ 106.922676][ T8473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1548'. [ 106.941446][ T8473] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1548'. [ 107.362053][ T8490] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1563'. [ 107.389331][ T8491] netlink: 'syz.4.1552': attribute type 1 has an invalid length. [ 107.413015][ T8491] 8021q: adding VLAN 0 to HW filter on device bond2 [ 107.436241][ T8491] bond2 (unregistering): Released all slaves [ 107.509566][ T29] kauditd_printk_skb: 197 callbacks suppressed [ 107.509582][ T29] audit: type=1326 audit(2000000065.130:2420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.4.1554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 107.539297][ T29] audit: type=1326 audit(2000000065.130:2421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.4.1554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 107.576634][ T29] audit: type=1326 audit(2000000065.130:2422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.4.1554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 107.600236][ T29] audit: type=1326 audit(2000000065.130:2423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.4.1554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 107.623889][ T29] audit: type=1326 audit(2000000065.130:2424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8495 comm="syz.4.1554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 107.665989][ T8502] netlink: 'syz.1.1557': attribute type 12 has an invalid length. [ 107.911383][ T8521] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1575'. [ 107.927462][ T5223] tipc: Node number set to 1328101790 [ 108.001931][ T8527] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1566'. [ 108.013445][ T5238] kernel write not supported for file /714/attr/exec (pid: 5238 comm: kworker/1:9) [ 108.025932][ T8527] bond0: (slave bond_slave_0): Releasing backup interface [ 108.045071][ T8527] bond_slave_0 (unregistering): left allmulticast mode [ 108.053652][ T29] audit: type=1400 audit(2000000064.662:2425): avc: denied { execute } for pid=8528 comm="syz.0.1567" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=20151 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 108.174191][ T8530] loop3: detected capacity change from 0 to 1024 [ 108.187835][ T8530] EXT4-fs: Ignoring removed nobh option [ 108.193484][ T8530] EXT4-fs: Ignoring removed nobh option [ 108.211940][ T8530] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 108.233956][ T8530] EXT4-fs error (device loop3): ext4_get_journal_inode:5796: comm syz.3.1565: inode #4294967295: comm syz.3.1565: iget: illegal inode # [ 108.257355][ T8530] EXT4-fs (loop3): no journal found [ 108.260928][ T8541] loop1: detected capacity change from 0 to 2048 [ 108.262719][ T8530] EXT4-fs (loop3): can't get journal size [ 108.278886][ T8541] EXT4-fs (loop1): failed to initialize system zone (-117) [ 108.286675][ T8541] EXT4-fs (loop1): mount failed [ 108.286714][ T8530] EXT4-fs (loop3): failed to initialize system zone (-22) [ 108.308226][ T8530] EXT4-fs (loop3): mount failed [ 108.357522][ T29] audit: type=1326 audit(2000000064.962:2426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8547 comm="syz.1.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 108.381089][ T29] audit: type=1326 audit(2000000064.962:2427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8547 comm="syz.1.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 108.405912][ T29] audit: type=1326 audit(2000000064.972:2428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8547 comm="syz.1.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 108.429461][ T29] audit: type=1326 audit(2000000064.972:2429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8547 comm="syz.1.1577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 108.594808][ T8552] tipc: Started in network mode [ 108.599826][ T8552] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 108.609863][ T8552] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 108.618364][ T8552] tipc: Enabled bearer , priority 10 [ 108.821529][ T8522] syz.3.1565 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 108.832558][ T8522] CPU: 0 UID: 0 PID: 8522 Comm: syz.3.1565 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 108.832613][ T8522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.832624][ T8522] Call Trace: [ 108.832630][ T8522] [ 108.832636][ T8522] __dump_stack+0x1d/0x30 [ 108.832664][ T8522] dump_stack_lvl+0xe8/0x140 [ 108.832756][ T8522] dump_stack+0x15/0x1b [ 108.832778][ T8522] dump_header+0x81/0x220 [ 108.832822][ T8522] oom_kill_process+0x334/0x3f0 [ 108.832946][ T8522] out_of_memory+0x979/0xb80 [ 108.832989][ T8522] try_charge_memcg+0x5e6/0x9e0 [ 108.833094][ T8522] charge_memcg+0x51/0xc0 [ 108.833214][ T8522] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 108.833251][ T8522] __read_swap_cache_async+0x1df/0x350 [ 108.833335][ T8522] swap_cluster_readahead+0x277/0x3e0 [ 108.833386][ T8522] swapin_readahead+0xde/0x6f0 [ 108.833495][ T8522] ? __filemap_get_folio+0x49f/0x650 [ 108.833531][ T8522] ? swap_cache_get_folio+0x77/0x200 [ 108.833573][ T8522] do_swap_page+0x301/0x2430 [ 108.833601][ T8522] ? css_rstat_updated+0xcd/0x5b0 [ 108.833739][ T8522] ? __pfx_default_wake_function+0x10/0x10 [ 108.833772][ T8522] handle_mm_fault+0x9a5/0x2be0 [ 108.833803][ T8522] ? mas_walk+0xf2/0x120 [ 108.833856][ T8522] do_user_addr_fault+0x636/0x1090 [ 108.833885][ T8522] ? fpregs_restore_userregs+0xe2/0x1d0 [ 108.833912][ T8522] ? switch_fpu_return+0xe/0x20 [ 108.833953][ T8522] ? fpregs_assert_state_consistent+0xb4/0xe0 [ 108.834003][ T8522] exc_page_fault+0x62/0xa0 [ 108.834038][ T8522] asm_exc_page_fault+0x26/0x30 [ 108.834055][ T8522] RIP: 0033:0x7f37f5e21193 [ 108.834068][ T8522] Code: df 08 00 48 8d 3d 76 df 08 00 e8 f8 48 f6 ff 0f 1f 84 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 <80> 3d 9e 43 1c 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 c3 66 2e 0f [ 108.834103][ T8522] RSP: 002b:00007fff3fb7c938 EFLAGS: 00010293 [ 108.834121][ T8522] RAX: 00000000fffffffa RBX: 00007f37f6015fa0 RCX: 0000000000000000 [ 108.834161][ T8522] RDX: 00007fff3fb7c950 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.834181][ T8522] RBP: 00007f37f6017ba0 R08: 000000002c0e9a83 R09: 7fffffffffffffff [ 108.834195][ T8522] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001a8c7 [ 108.834206][ T8522] R13: 00007f37f6016080 R14: ffffffffffffffff R15: 00007fff3fb7ca90 [ 108.834228][ T8522] [ 108.834235][ T8522] memory: usage 307200kB, limit 307200kB, failcnt 280 [ 109.067659][ T8522] memory+swap: usage 307772kB, limit 9007199254740988kB, failcnt 0 [ 109.075579][ T8522] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 109.082936][ T8522] Memory cgroup stats for /syz3: [ 109.083423][ T8565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1585'. [ 109.088496][ T8522] cache 0 [ 109.088507][ T8522] rss 0 [ 109.088515][ T8522] shmem 0 [ 109.098966][ T8565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1585'. [ 109.100356][ T8522] mapped_file 0 [ 109.100367][ T8522] dirty 0 [ 109.100375][ T8522] writeback 12288 [ 109.125493][ T8522] workingset_refault_anon 246 [ 109.130210][ T8522] workingset_refault_file 323 [ 109.134889][ T8522] swap 585728 [ 109.138233][ T8522] swapcached 20480 [ 109.141957][ T8522] pgpgin 105286 [ 109.145418][ T8522] pgpgout 105280 [ 109.149066][ T8522] pgfault 89636 [ 109.152610][ T8522] pgmajfault 99 [ 109.156079][ T8522] inactive_anon 12288 [ 109.160108][ T8522] active_anon 8192 [ 109.163887][ T8522] inactive_file 0 [ 109.167568][ T8522] active_file 4096 [ 109.171287][ T8522] unevictable 0 [ 109.174744][ T8522] hierarchical_memory_limit 314572800 [ 109.180154][ T8522] hierarchical_memsw_limit 9223372036854771712 [ 109.186724][ T8522] total_cache 0 [ 109.190213][ T8522] total_rss 0 [ 109.193542][ T8522] total_shmem 0 [ 109.197017][ T8522] total_mapped_file 0 [ 109.201214][ T8522] total_dirty 0 [ 109.204692][ T8522] total_writeback 12288 [ 109.208867][ T8522] total_workingset_refault_anon 246 [ 109.214087][ T8522] total_workingset_refault_file 323 [ 109.219328][ T8522] total_swap 585728 [ 109.223208][ T8522] total_swapcached 20480 [ 109.227526][ T8522] total_pgpgin 105286 [ 109.231512][ T8522] total_pgpgout 105280 [ 109.235580][ T8522] total_pgfault 89636 [ 109.239581][ T8522] total_pgmajfault 99 [ 109.243565][ T8522] total_inactive_anon 12288 [ 109.248121][ T8522] total_active_anon 8192 [ 109.252375][ T8522] total_inactive_file 0 [ 109.256523][ T8522] total_active_file 4096 [ 109.260790][ T8522] total_unevictable 0 [ 109.264832][ T8522] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.1565,pid=8522,uid=0 [ 109.279667][ T8522] Memory cgroup out of memory: Killed process 8522 (syz.3.1565) total-vm:95932kB, anon-rss:936kB, file-rss:22332kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 109.737465][ T5238] tipc: Node number set to 1 [ 109.767302][ T8593] loop3: detected capacity change from 0 to 128 [ 109.770593][ T8591] lo speed is unknown, defaulting to 1000 [ 109.781263][ T8591] lo speed is unknown, defaulting to 1000 [ 109.813349][ T8593] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 109.864436][ T8593] ext4 filesystem being mounted at /331/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 110.007495][ T8610] vlan2: entered allmulticast mode [ 110.012703][ T8610] bridge_slave_0: entered allmulticast mode [ 110.033420][ T8612] loop1: detected capacity change from 0 to 512 [ 110.048464][ T8612] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 110.065639][ T3307] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 110.076714][ T8612] EXT4-fs (loop1): mount failed [ 110.279027][ T8636] loop0: detected capacity change from 0 to 1024 [ 110.323512][ T8636] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.384467][ T8636] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.1612: Allocating blocks 385-513 which overlap fs metadata [ 110.443483][ T8636] EXT4-fs (loop0): pa ffff888106a074d0: logic 16, phys. 129, len 24 [ 110.451594][ T8636] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 110.498546][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.545105][ T8667] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1622'. [ 110.614427][ T8677] loop1: detected capacity change from 0 to 512 [ 110.622578][ T8677] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 110.634509][ T8677] EXT4-fs (loop1): 1 truncate cleaned up [ 110.640688][ T8677] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.706427][ T8681] loop3: detected capacity change from 0 to 8192 [ 110.714859][ T8681] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 110.795780][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.819688][ T8687] pim6reg1: entered promiscuous mode [ 110.825090][ T8687] pim6reg1: entered allmulticast mode [ 110.839463][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.848361][ T8681] FAT-fs (loop3): Filesystem has been set read-only [ 110.855198][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.864185][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.873071][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.882095][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.891030][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.900804][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.909662][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.919812][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 110.928956][ T8681] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 111.019420][ T8707] loop3: detected capacity change from 0 to 2048 [ 111.039433][ T8707] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.069014][ T8710] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1638'. [ 111.687169][ T8724] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1645'. [ 112.196928][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.317774][ T8736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1651'. [ 112.351993][ T8739] loop3: detected capacity change from 0 to 512 [ 112.369826][ T8739] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 112.383314][ T8739] EXT4-fs (loop3): 1 truncate cleaned up [ 112.390237][ T8739] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.828618][ T29] kauditd_printk_skb: 152 callbacks suppressed [ 112.828631][ T29] audit: type=1326 audit(2000000069.442:2581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8738 comm="syz.3.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 112.858555][ T29] audit: type=1326 audit(2000000069.442:2582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8738 comm="syz.3.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 112.928753][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.951208][ T8748] loop4: detected capacity change from 0 to 256 [ 112.986297][ T8751] syzkaller0: entered promiscuous mode [ 112.991965][ T8751] syzkaller0: entered allmulticast mode [ 113.155403][ T8767] netlink: 'syz.0.1662': attribute type 1 has an invalid length. [ 113.175194][ T8763] 9pnet: p9_errstr2errno: server reported unknown error [ 113.178977][ T8767] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 113.195433][ T8767] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1662'. [ 113.211628][ T8767] bond4 (unregistering): (slave ip6gretap1): Releasing backup interface [ 113.222809][ T8767] bond4 (unregistering): Released all slaves [ 113.243378][ T8765] lo speed is unknown, defaulting to 1000 [ 113.253374][ T8765] lo speed is unknown, defaulting to 1000 [ 113.349325][ T29] audit: type=1400 audit(2000000069.962:2583): avc: denied { read } for pid=8775 comm="syz.0.1665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 113.524176][ T29] audit: type=1400 audit(2000000070.132:2584): avc: denied { watch watch_reads } for pid=8783 comm="syz.1.1669" path="/383/file0" dev="tmpfs" ino=2042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 113.604585][ T29] audit: type=1326 audit(2000000070.192:2585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8787 comm="syz.1.1670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 113.628138][ T29] audit: type=1326 audit(2000000070.192:2586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8787 comm="syz.1.1670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 113.651633][ T29] audit: type=1326 audit(2000000070.192:2587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8787 comm="syz.1.1670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 113.675664][ T29] audit: type=1326 audit(2000000070.192:2588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8787 comm="syz.1.1670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 113.699187][ T29] audit: type=1326 audit(2000000070.192:2589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8787 comm="syz.1.1670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 113.722615][ T29] audit: type=1326 audit(2000000070.192:2590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8787 comm="syz.1.1670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 113.850741][ T8803] netlink: 'syz.4.1677': attribute type 21 has an invalid length. [ 113.887743][ T8803] netlink: 'syz.4.1677': attribute type 1 has an invalid length. [ 113.895673][ T8803] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1677'. [ 113.998225][ T8816] loop4: detected capacity change from 0 to 128 [ 114.156476][ T8827] loop5: detected capacity change from 0 to 128 [ 114.186755][ T8824] lo speed is unknown, defaulting to 1000 [ 114.197815][ T8827] bio_check_eod: 3 callbacks suppressed [ 114.197829][ T8827] syz.5.1689: attempt to access beyond end of device [ 114.197829][ T8827] loop5: rw=34817, sector=97, nr_sectors = 32 limit=128 [ 114.239594][ T8824] lo speed is unknown, defaulting to 1000 [ 114.455988][ T8845] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1695'. [ 114.485856][ T8845] 8021q: adding VLAN 0 to HW filter on device bond4 [ 114.509983][ T8850] loop1: detected capacity change from 0 to 512 [ 114.534027][ T8850] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.546731][ T8850] ext4 filesystem being mounted at /390/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.622860][ T8862] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1699'. [ 114.736924][ T8873] team0: Mode changed to "loadbalance" [ 114.761443][ T8876] loop4: detected capacity change from 0 to 764 [ 114.768059][ T8876] iso9660: Unknown parameter 'igmo5U҅F6' [ 114.831501][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.843205][ T8880] lo speed is unknown, defaulting to 1000 [ 114.858998][ T8880] lo speed is unknown, defaulting to 1000 [ 115.195283][ T8901] delete_channel: no stack [ 115.199741][ T8905] syzkaller0: entered promiscuous mode [ 115.205305][ T8905] syzkaller0: entered allmulticast mode [ 115.361304][ T8916] loop4: detected capacity change from 0 to 512 [ 115.385523][ T8916] SELinux: security_context_str_to_sid (unconfined_u,errors=continue) failed with errno=-22 [ 115.399754][ T8916] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1723'. [ 116.532797][ T8970] loop4: detected capacity change from 0 to 2048 [ 116.594834][ T8970] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.617702][ T8972] loop3: detected capacity change from 0 to 512 [ 116.629530][ T8970] Invalid ELF header magic: != ELF [ 116.635136][ T8972] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 116.649481][ T8972] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.1746: invalid block [ 116.662209][ T8972] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1746: invalid indirect mapped block 4294967295 (level 1) [ 116.680098][ T8972] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1746: invalid indirect mapped block 4294967295 (level 1) [ 116.721690][ T8972] EXT4-fs (loop3): 2 truncates cleaned up [ 116.731564][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.739270][ T8972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.770305][ T8983] loop0: detected capacity change from 0 to 512 [ 116.819943][ T8983] EXT4-fs: Ignoring removed orlov option [ 116.826436][ T8972] EXT4-fs (loop3): shut down requested (2) [ 116.851606][ T8983] ext4: Unknown parameter 'uid>00000000000000000000' [ 116.895517][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.041357][ T8992] pim6reg1: entered promiscuous mode [ 117.046851][ T8992] pim6reg1: entered allmulticast mode [ 117.205105][ T8998] lo speed is unknown, defaulting to 1000 [ 117.235592][ T8998] lo speed is unknown, defaulting to 1000 [ 117.388415][ T9004] lo speed is unknown, defaulting to 1000 [ 117.425720][ T9004] lo speed is unknown, defaulting to 1000 [ 117.499457][ T9018] loop5: detected capacity change from 0 to 512 [ 117.525235][ T9018] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.547958][ T9018] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.790920][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.228727][ T9043] loop4: detected capacity change from 0 to 1024 [ 118.236068][ T9043] EXT4-fs: Ignoring removed bh option [ 118.241564][ T9043] EXT4-fs: Ignoring removed nomblk_io_submit option [ 118.261215][ T9043] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.313539][ T9048] netlink: 'syz.1.1772': attribute type 4 has an invalid length. [ 118.325778][ T9048] netlink: 'syz.1.1772': attribute type 4 has an invalid length. [ 118.615968][ T9056] loop5: detected capacity change from 0 to 1024 [ 118.630218][ T9056] EXT4-fs: Ignoring removed nobh option [ 118.635865][ T9056] EXT4-fs: Ignoring removed nobh option [ 118.651457][ T9058] loop1: detected capacity change from 0 to 512 [ 118.658197][ T9058] EXT4-fs: Ignoring removed orlov option [ 118.664979][ T9058] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 118.687214][ T9058] EXT4-fs (loop1): orphan cleanup on readonly fs [ 118.701821][ T9058] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.1774: bg 0: block 248: padding at end of block bitmap is not set [ 118.841262][ T29] kauditd_printk_skb: 386 callbacks suppressed [ 118.841276][ T29] audit: type=1326 audit(2000000075.302:2977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 118.871153][ T29] audit: type=1326 audit(2000000075.302:2978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 118.894971][ T29] audit: type=1326 audit(2000000075.452:2979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 118.918509][ T29] audit: type=1326 audit(2000000075.452:2980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 118.941916][ T29] audit: type=1326 audit(2000000075.452:2981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 118.965360][ T29] audit: type=1326 audit(2000000075.452:2982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 118.988763][ T29] audit: type=1326 audit(2000000075.452:2983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 119.004238][ T9058] Quota error (device loop1): write_blk: dquota write failed [ 119.012138][ T29] audit: type=1326 audit(2000000075.452:2984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9060 comm="syz.3.1776" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 119.019565][ T9058] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 119.019584][ T9058] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1774: Failed to acquire dquot type 1 [ 119.021519][ T9056] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 119.084575][ T9056] EXT4-fs error (device loop5): ext4_get_journal_inode:5796: comm syz.5.1770: inode #4294967295: comm syz.5.1770: iget: illegal inode # [ 119.127581][ T9058] EXT4-fs (loop1): 1 truncate cleaned up [ 119.161643][ T9058] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 119.201075][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.202536][ T9056] EXT4-fs (loop5): no journal found [ 119.215393][ T9056] EXT4-fs (loop5): can't get journal size [ 119.228213][ T9056] EXT4-fs (loop5): failed to initialize system zone (-22) [ 119.243117][ T9056] EXT4-fs (loop5): mount failed [ 119.687537][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.768218][ T9088] loop1: detected capacity change from 0 to 2048 [ 119.952634][ T9106] loop4: detected capacity change from 0 to 128 [ 119.964888][ T9106] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 119.978434][ T9106] ext4 filesystem being mounted at /358/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 120.009499][ T3316] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 120.019027][ T9110] loop0: detected capacity change from 0 to 2048 [ 120.039691][ T9110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.095412][ T9121] loop3: detected capacity change from 0 to 512 [ 120.102157][ T9121] EXT4-fs: Ignoring removed orlov option [ 120.118952][ T9121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.219292][ T9132] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1802'. [ 120.272537][ T9121] ext4 filesystem being mounted at /362/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 120.296197][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.343952][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.422102][ T9136] lo speed is unknown, defaulting to 1000 [ 120.430263][ T9136] lo speed is unknown, defaulting to 1000 [ 120.729401][ T9151] pim6reg1: entered promiscuous mode [ 120.735230][ T9151] pim6reg1: entered allmulticast mode [ 120.788905][ T9147] tipc: Started in network mode [ 120.793858][ T9147] tipc: Node identity aac8ea8bdb96, cluster identity 4711 [ 120.801092][ T9147] tipc: Enabled bearer , priority 0 [ 120.816930][ T9146] tipc: Resetting bearer [ 120.842232][ T9146] tipc: Disabling bearer [ 120.922710][ T9166] 9pnet_fd: Insufficient options for proto=fd [ 120.930062][ T5223] IPVS: starting estimator thread 0... [ 120.965334][ T9171] loop5: detected capacity change from 0 to 2048 [ 120.980234][ T9171] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.011161][ T9177] netlink: 'syz.0.1820': attribute type 13 has an invalid length. [ 121.019137][ T9168] IPVS: using max 2448 ests per chain, 122400 per kthread [ 121.050226][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.099389][ T9182] loop4: detected capacity change from 0 to 2048 [ 121.119379][ T9182] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.148852][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.179854][ T9184] lo speed is unknown, defaulting to 1000 [ 121.189167][ T9184] lo speed is unknown, defaulting to 1000 [ 121.377157][ T9201] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1828'. [ 121.395605][ T9196] tipc: Enabled bearer , priority 0 [ 122.099934][ T9195] tipc: Resetting bearer [ 122.145397][ T9195] tipc: Disabling bearer [ 122.147673][ T9209] loop5: detected capacity change from 0 to 512 [ 122.169818][ T9209] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.173190][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1830'. [ 122.184895][ T9209] ext4 filesystem being mounted at /100/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 122.247307][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.341672][ T9227] pim6reg1: entered promiscuous mode [ 122.347003][ T9227] pim6reg1: entered allmulticast mode [ 122.458335][ T9229] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 122.491817][ T9229] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 122.530602][ T9242] loop1: detected capacity change from 0 to 512 [ 122.555117][ T9242] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.579211][ T9242] ext4 filesystem being mounted at /423/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 122.751352][ T9254] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #18: comm syz.1.1847: corrupted inode contents [ 122.808025][ T9254] EXT4-fs error (device loop1): ext4_dirty_inode:6459: inode #18: comm syz.1.1847: mark_inode_dirty error [ 122.867660][ T9254] EXT4-fs error (device loop1): ext4_do_update_inode:5568: inode #18: comm syz.1.1847: corrupted inode contents [ 122.891438][ T9260] loop0: detected capacity change from 0 to 128 [ 122.897456][ T9254] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2991: inode #18: comm syz.1.1847: mark_inode_dirty error [ 122.911881][ T9254] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2994: inode #18: comm syz.1.1847: mark inode dirty (error -117) [ 122.930518][ T9254] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117) [ 122.931374][ T9260] netlink: 'syz.0.1851': attribute type 6 has an invalid length. [ 122.987957][ T9251] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1848'. [ 123.007079][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.057393][ T9267] loop1: detected capacity change from 0 to 512 [ 123.119722][ T9267] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.159420][ T9279] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1856'. [ 123.175658][ T9267] ext4 filesystem being mounted at /424/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.208498][ T4070] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 123.216167][ T4070] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 123.237407][ T5223] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 123.347354][ T9] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 123.436203][ T9290] loop4: detected capacity change from 0 to 512 [ 123.462065][ T9290] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 123.473743][ T9290] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 123.490179][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.497451][ T9290] EXT4-fs (loop4): 1 truncate cleaned up [ 123.505630][ T9290] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.580330][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.603743][ T9298] loop5: detected capacity change from 0 to 512 [ 123.617105][ T9298] EXT4-fs: Ignoring removed orlov option [ 123.623438][ T9298] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 123.635330][ T9298] EXT4-fs (loop5): orphan cleanup on readonly fs [ 123.642466][ T9298] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.1868: bg 0: block 248: padding at end of block bitmap is not set [ 123.659668][ T9298] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1868: Failed to acquire dquot type 1 [ 123.681921][ T9300] lo speed is unknown, defaulting to 1000 [ 123.689982][ T9300] lo speed is unknown, defaulting to 1000 [ 123.802939][ T9298] EXT4-fs (loop5): 1 truncate cleaned up [ 123.828395][ T9298] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 123.847490][ T9306] loop0: detected capacity change from 0 to 128 [ 123.856520][ T9306] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 123.877525][ T9309] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1871'. [ 123.887546][ T9306] ext4 filesystem being mounted at /367/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 123.956396][ T3315] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 123.965839][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.981229][ T9317] loop4: detected capacity change from 0 to 512 [ 123.999530][ T9317] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.031248][ T9317] ext4 filesystem being mounted at /379/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.081947][ T9321] loop5: detected capacity change from 0 to 2048 [ 124.127753][ T9] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 124.137066][ T9321] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.183637][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.261326][ T29] kauditd_printk_skb: 100 callbacks suppressed [ 124.261341][ T29] audit: type=1400 audit(2000000080.872:3083): avc: denied { append } for pid=9340 comm="syz.3.1883" name="vsock" dev="devtmpfs" ino=257 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 124.309772][ T9341] SELinux: security_context_str_to_sid () failed with errno=-22 [ 124.318015][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.365075][ T29] audit: type=1400 audit(2000000080.972:3084): avc: denied { bind } for pid=9347 comm="syz.4.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 124.721051][ T9359] loop3: detected capacity change from 0 to 1024 [ 124.740775][ T9359] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.770754][ T9359] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.1889: Allocating blocks 385-513 which overlap fs metadata [ 124.791909][ T9359] EXT4-fs (loop3): pa ffff888106a07770: logic 16, phys. 129, len 24 [ 124.799969][ T9359] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 124.824775][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.996438][ T29] audit: type=1400 audit(2000000081.602:3085): avc: denied { read write } for pid=3315 comm="syz-executor" name="loop0" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 125.022059][ T29] audit: type=1400 audit(2000000081.602:3086): avc: denied { open } for pid=3315 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 125.045330][ T29] audit: type=1400 audit(2000000081.602:3087): avc: denied { ioctl } for pid=3315 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=624 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 125.070195][ T29] audit: type=1326 audit(2000000081.632:3088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9367 comm="syz.3.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 125.093913][ T29] audit: type=1326 audit(2000000081.632:3089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9367 comm="syz.3.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f37f5ded290 code=0x7ffc0000 [ 125.117382][ T29] audit: type=1326 audit(2000000081.632:3090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9367 comm="syz.3.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f37f5df0157 code=0x7ffc0000 [ 125.141014][ T29] audit: type=1326 audit(2000000081.632:3091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9367 comm="syz.3.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f37f5dee929 code=0x7ffc0000 [ 125.164595][ T29] audit: type=1326 audit(2000000081.632:3092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9367 comm="syz.3.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f37f5df0157 code=0x7ffc0000 [ 125.197131][ T9348] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 125.245147][ T9378] loop0: detected capacity change from 0 to 512 [ 125.252310][ T9378] journal_path: Non-blockdev passed as './file0' [ 125.258854][ T9378] EXT4-fs: error: could not find journal device path [ 125.271403][ T9378] tmpfs: Bad value for 'mpol' [ 125.292967][ T9382] loop0: detected capacity change from 0 to 128 [ 125.302257][ T9382] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 125.314840][ T9382] ext4 filesystem being mounted at /373/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 125.395743][ T3315] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 125.425398][ T9391] netlink: 'syz.1.1901': attribute type 10 has an invalid length. [ 125.433299][ T9391] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1901'. [ 125.641093][ T9394] loop0: detected capacity change from 0 to 512 [ 125.684156][ T9400] loop5: detected capacity change from 0 to 512 [ 125.692685][ T9394] ext4 filesystem being mounted at /374/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 125.715038][ T9400] EXT4-fs warning (device loop5): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 125.751700][ T9400] EXT4-fs (loop5): mount failed [ 125.855451][ T9411] loop5: detected capacity change from 0 to 1024 [ 125.883671][ T9411] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.1910: Allocating blocks 385-513 which overlap fs metadata [ 125.917659][ T9411] EXT4-fs (loop5): pa ffff888106a077e0: logic 16, phys. 129, len 24 [ 125.925796][ T9411] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 126.045326][ T9417] lo speed is unknown, defaulting to 1000 [ 126.069627][ T9417] lo speed is unknown, defaulting to 1000 [ 126.093156][ T9429] loop5: detected capacity change from 0 to 128 [ 126.120127][ T9429] ext4 filesystem being mounted at /114/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 126.306276][ T9443] loop1: detected capacity change from 0 to 512 [ 126.318120][ T9443] journal_path: Non-blockdev passed as './file0' [ 126.324514][ T9443] EXT4-fs: error: could not find journal device path [ 126.343862][ T9443] tmpfs: Bad value for 'mpol' [ 126.372548][ T9441] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1919'. [ 126.389548][ T9441] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1919'. [ 126.437187][ T9453] loop5: detected capacity change from 0 to 512 [ 126.459002][ T9453] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 126.548635][ T9467] loop0: detected capacity change from 0 to 512 [ 126.571643][ T9465] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #18: comm syz.5.1926: corrupted inode contents [ 126.586001][ T9465] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #18: comm syz.5.1926: mark_inode_dirty error [ 126.601777][ T9467] ext4 filesystem being mounted at /381/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 126.617387][ T9465] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #18: comm syz.5.1926: corrupted inode contents [ 126.658261][ T9465] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2991: inode #18: comm syz.5.1926: mark_inode_dirty error [ 126.679458][ T9465] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2994: inode #18: comm syz.5.1926: mark inode dirty (error -117) [ 126.693209][ T9465] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -117) [ 126.761556][ T9475] loop1: detected capacity change from 0 to 128 [ 126.780754][ T9471] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 126.793298][ T9471] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error [ 126.807001][ T9475] ext4 filesystem being mounted at /444/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 126.840364][ T9471] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 126.852000][ T9471] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error [ 126.864597][ T9471] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117) [ 126.882917][ T9471] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117) [ 126.927993][ T9480] pim6reg1: entered promiscuous mode [ 126.933379][ T9480] pim6reg1: entered allmulticast mode [ 127.089749][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1937'. [ 127.102302][ T9489] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1937'. [ 127.112094][ T9484] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1935'. [ 127.126177][ T4085] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 127.133815][ T4085] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 127.147190][ T9493] loop3: detected capacity change from 0 to 512 [ 127.154866][ T9493] journal_path: Non-blockdev passed as './file0' [ 127.157462][ T5238] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 127.161429][ T9493] EXT4-fs: error: could not find journal device path [ 127.196852][ T9493] tmpfs: Bad value for 'mpol' [ 127.205776][ T9491] pim6reg1: entered promiscuous mode [ 127.211237][ T9491] pim6reg1: entered allmulticast mode [ 127.260565][ T9499] pim6reg1: entered promiscuous mode [ 127.265970][ T9499] pim6reg1: entered allmulticast mode [ 127.318503][ T9495] lo speed is unknown, defaulting to 1000 [ 127.329549][ T9495] lo speed is unknown, defaulting to 1000 [ 127.375663][ T9507] loop3: detected capacity change from 0 to 512 [ 127.388237][ T9509] netlink: 100 bytes leftover after parsing attributes in process `syz.5.1947'. [ 127.400121][ T9504] pim6reg1: entered promiscuous mode [ 127.400415][ T9507] ext4 filesystem being mounted at /386/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 127.405440][ T9504] pim6reg1: entered allmulticast mode [ 127.477588][ T5238] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 127.567380][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 127.578803][ T9514] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #18: comm syz.3.1946: corrupted inode contents [ 127.597547][ T9516] wireguard0: entered promiscuous mode [ 127.603583][ T9516] wireguard0: entered allmulticast mode [ 127.616188][ T9514] EXT4-fs error (device loop3): ext4_dirty_inode:6459: inode #18: comm syz.3.1946: mark_inode_dirty error [ 127.650532][ T9514] EXT4-fs error (device loop3): ext4_do_update_inode:5568: inode #18: comm syz.3.1946: corrupted inode contents [ 127.663027][ T9514] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2991: inode #18: comm syz.3.1946: mark_inode_dirty error [ 127.676060][ T9523] xt_hashlimit: size too large, truncated to 1048576 [ 127.676274][ T9514] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2994: inode #18: comm syz.3.1946: mark inode dirty (error -117) [ 127.696987][ T9514] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117) [ 127.714717][ T9521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1951'. [ 127.724309][ T9521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1951'. [ 127.923692][ T9530] loop3: detected capacity change from 0 to 8192 [ 127.935073][ T9532] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.985750][ T9537] netlink: 'syz.5.1955': attribute type 10 has an invalid length. [ 127.993716][ T9537] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1955'. [ 128.039701][ T9532] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.103022][ T9537] team0: Failed to send port change of device geneve1 via netlink (err -105) [ 128.127413][ T9537] team0: Failed to send options change via netlink (err -105) [ 128.134933][ T9537] team0: Port device geneve1 added [ 128.145599][ T9532] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.215838][ T9532] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.294189][ T9532] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.335271][ T9532] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.354083][ T9532] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.365686][ T9532] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.432176][ T9555] loop5: detected capacity change from 0 to 512 [ 128.457434][ T9555] ext4 filesystem being mounted at /124/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 128.543734][ T9559] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 128.555583][ T9559] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error [ 128.566639][ T9559] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 128.579183][ T9559] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error [ 128.591010][ T9559] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117) [ 128.603990][ T9559] EXT4-fs warning (device loop5): ext4_evict_inode:274: xattr delete (err -117) [ 128.629474][ T7295] EXT4-fs unmount: 15 callbacks suppressed [ 128.629490][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.638817][ T9561] loop3: detected capacity change from 0 to 512 [ 128.651571][ T9561] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 128.665617][ T9561] EXT4-fs (loop3): 1 truncate cleaned up [ 128.674944][ T9561] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.687716][ T9563] loop4: detected capacity change from 0 to 8192 [ 128.801698][ T9566] lo speed is unknown, defaulting to 1000 [ 128.819213][ T9566] lo speed is unknown, defaulting to 1000 [ 129.198477][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.276706][ T29] kauditd_printk_skb: 915 callbacks suppressed [ 129.276723][ T29] audit: type=1326 audit(2000000085.882:4007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f66b6f358e7 code=0x7ffc0000 [ 129.306500][ T29] audit: type=1326 audit(2000000085.882:4008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f66b6edab19 code=0x7ffc0000 [ 129.382568][ T29] audit: type=1326 audit(2000000085.882:4009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 129.406297][ T29] audit: type=1326 audit(2000000085.892:4010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f66b6f358e7 code=0x7ffc0000 [ 129.429943][ T29] audit: type=1326 audit(2000000085.892:4011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f66b6edab19 code=0x7ffc0000 [ 129.453327][ T29] audit: type=1326 audit(2000000085.892:4012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 129.476753][ T29] audit: type=1326 audit(2000000085.902:4013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f66b6f358e7 code=0x7ffc0000 [ 129.500136][ T29] audit: type=1326 audit(2000000085.902:4014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f66b6edab19 code=0x7ffc0000 [ 129.523508][ T29] audit: type=1326 audit(2000000085.902:4015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f66b6f3e929 code=0x7ffc0000 [ 129.546955][ T29] audit: type=1326 audit(2000000085.912:4016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9575 comm="syz.0.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f66b6f358e7 code=0x7ffc0000 [ 129.653922][ T9593] loop5: detected capacity change from 0 to 1024 [ 129.660624][ T9593] EXT4-fs: Ignoring removed bh option [ 129.666110][ T9593] EXT4-fs: Ignoring removed nomblk_io_submit option [ 129.677714][ T9593] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.846449][ T9602] loop4: detected capacity change from 0 to 512 [ 129.879653][ T9602] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.894925][ T9602] ext4 filesystem being mounted at /392/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 130.092867][ T9612] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 130.107691][ T9612] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #19: comm +}[@: mark_inode_dirty error [ 130.142533][ T9612] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #19: comm +}[@: corrupted inode contents [ 130.161929][ T9612] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2991: inode #19: comm +}[@: mark_inode_dirty error [ 130.176830][ T9612] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2994: inode #19: comm +}[@: mark inode dirty (error -117) [ 130.198222][ T9620] loop1: detected capacity change from 0 to 512 [ 130.204833][ T9612] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117) [ 130.237651][ T9620] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.250241][ T9620] ext4 filesystem being mounted at /452/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.289523][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.300787][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.435476][ T9634] syzkaller0: entered promiscuous mode [ 130.441116][ T9634] syzkaller0: entered allmulticast mode [ 130.625043][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.725796][ T9643] loop5: detected capacity change from 0 to 256 [ 130.943432][ T9648] __nla_validate_parse: 4 callbacks suppressed [ 130.943453][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1993'. [ 131.000214][ T9648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1993'. [ 131.024419][ T9650] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1994'. [ 131.474836][ T9667] loop0: detected capacity change from 0 to 512 [ 131.492289][ T9667] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 131.504940][ T9667] ext4 filesystem being mounted at /398/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 131.567358][ C1] ip6_tnl_xmit_ctl: 1 callbacks suppressed [ 131.567386][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 131.620868][ T9681] netlink: 'syz.3.2005': attribute type 1 has an invalid length. [ 131.654538][ T9681] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 131.674298][ T9681] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2005'. [ 131.688140][ T9678] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #18: comm syz.0.2000: corrupted inode contents [ 131.700312][ T9678] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #18: comm syz.0.2000: mark_inode_dirty error [ 131.724969][ T9681] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface [ 131.746981][ T9681] bond3 (unregistering): Released all slaves [ 131.762780][ T9678] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #18: comm syz.0.2000: corrupted inode contents [ 131.825499][ T9688] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2007'. [ 131.835691][ T9678] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2991: inode #18: comm syz.0.2000: mark_inode_dirty error [ 131.838892][ T9688] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2007'. [ 131.869130][ T9678] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2994: inode #18: comm syz.0.2000: mark inode dirty (error -117) [ 131.901766][ T9678] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117) [ 131.936196][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.932353][ T9705] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2016'. [ 132.948306][ T9705] 8021q: adding VLAN 0 to HW filter on device bond3 [ 133.006653][ T9708] loop1: detected capacity change from 0 to 8192 [ 133.090215][ T9722] loop4: detected capacity change from 0 to 512 [ 133.109305][ T9723] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2020'. [ 133.128515][ T9722] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 133.139509][ T9723] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2020'. [ 133.156998][ T9725] lo speed is unknown, defaulting to 1000 [ 133.163224][ T9725] lo speed is unknown, defaulting to 1000 [ 133.169246][ T9722] EXT4-fs (loop4): 1 truncate cleaned up [ 133.177783][ T9722] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.254363][ T9737] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.267824][ T9737] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.299733][ T9745] loop1: detected capacity change from 0 to 1024 [ 133.306534][ T9745] EXT4-fs: Ignoring removed bh option [ 133.312076][ T9745] EXT4-fs: Ignoring removed nomblk_io_submit option [ 133.321564][ T9739] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2027'. [ 133.332600][ T9745] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.575484][ T9755] loop5: detected capacity change from 0 to 8192 [ 133.743419][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.893468][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.922615][ T9768] loop1: detected capacity change from 0 to 256 [ 133.987891][ T9766] loop4: detected capacity change from 0 to 8192 [ 133.998121][ T9766] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 134.107371][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.116305][ T9766] FAT-fs (loop4): Filesystem has been set read-only [ 134.124092][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.133060][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.142026][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.151768][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.161733][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.170596][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.180617][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.189903][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.199836][ T9766] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 134.272754][ T9780] netlink: 'syz.3.2039': attribute type 10 has an invalid length. [ 134.290692][ T23] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 134.302837][ T23] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 134.519835][ T9788] loop3: detected capacity change from 0 to 512 [ 134.547393][ T29] kauditd_printk_skb: 493 callbacks suppressed [ 134.547409][ T29] audit: type=1326 audit(2000000091.162:4510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.588646][ T9788] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.597779][ T29] audit: type=1326 audit(2000000091.192:4511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.624883][ T29] audit: type=1326 audit(2000000091.192:4512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.627922][ T9790] lo speed is unknown, defaulting to 1000 [ 134.648414][ T29] audit: type=1326 audit(2000000091.192:4513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.648443][ T29] audit: type=1326 audit(2000000091.192:4514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.648471][ T29] audit: type=1326 audit(2000000091.192:4515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.648566][ T29] audit: type=1326 audit(2000000091.192:4516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9789 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 134.650731][ T9788] ext4 filesystem being mounted at /410/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.710213][ T9790] lo speed is unknown, defaulting to 1000 [ 134.766142][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.810488][ T29] audit: type=1326 audit(2000000091.422:4517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9799 comm="syz.1.2050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 134.834012][ T29] audit: type=1326 audit(2000000091.422:4518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9799 comm="syz.1.2050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 134.857712][ T29] audit: type=1326 audit(2000000091.422:4519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9803 comm="syz.4.2046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fae7cc011e5 code=0x7ffc0000 [ 134.903052][ T9807] xt_hashlimit: size too large, truncated to 1048576 [ 134.927137][ T9805] loop5: detected capacity change from 0 to 8192 [ 134.935731][ T9805] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 135.122729][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.131630][ T9805] FAT-fs (loop5): Filesystem has been set read-only [ 135.154595][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.163771][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.174554][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.185192][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.194135][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.203253][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.213267][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.222510][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.232723][ T9805] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 135.405210][ T9820] lo speed is unknown, defaulting to 1000 [ 135.413136][ T9820] lo speed is unknown, defaulting to 1000 [ 135.910661][ T9827] loop1: detected capacity change from 0 to 512 [ 135.925008][ T9827] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 135.956228][ T9827] EXT4-fs (loop1): 1 truncate cleaned up [ 135.963687][ T9827] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 136.047341][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 136.089426][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.214762][ T23] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 136.239085][ T23] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 136.363181][ T9842] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=9842 comm=syz.0.2062 [ 136.736319][ T9849] loop3: detected capacity change from 0 to 256 [ 136.751160][ T9847] tipc: Enabling of bearer rejected, failed to enable media [ 136.807985][ T9854] netlink: 'syz.5.2078': attribute type 1 has an invalid length. [ 136.863432][ T9854] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 136.875226][ T9854] __nla_validate_parse: 1 callbacks suppressed [ 136.875239][ T9854] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2078'. [ 136.892982][ T9854] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 136.902527][ T9854] bond1 (unregistering): Released all slaves [ 137.091457][ T9861] loop3: detected capacity change from 0 to 128 [ 137.141628][ T9859] loop1: detected capacity change from 0 to 8192 [ 137.150377][ T9859] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 137.161089][ T9863] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2080'. [ 137.203647][ T9863] lo speed is unknown, defaulting to 1000 [ 137.215402][ T9863] lo speed is unknown, defaulting to 1000 [ 137.266676][ T9876] loop0: detected capacity change from 0 to 128 [ 137.289383][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.298237][ T9859] FAT-fs (loop1): Filesystem has been set read-only [ 137.305320][ T9877] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 137.315037][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.324393][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.362164][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.372150][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.387202][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.418201][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.438579][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.447641][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.487296][ T9859] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 137.505805][ T9881] loop0: detected capacity change from 0 to 8192 [ 137.671751][ T9895] lo speed is unknown, defaulting to 1000 [ 137.686780][ T9895] lo speed is unknown, defaulting to 1000 [ 137.762675][ T9897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2086'. [ 137.797541][ T9897] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.829975][ T9897] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.849642][ T9902] loop9: detected capacity change from 0 to 7 [ 137.856258][ T9902] Buffer I/O error on dev loop9, logical block 0, async page read [ 137.864958][ T9902] Buffer I/O error on dev loop9, logical block 0, async page read [ 137.872855][ T9902] loop9: unable to read partition table [ 137.895870][ T9902] loop_reread_partitions: partition scan of loop9 (被ڬdƤݡ [ 137.895870][ T9902] U) failed (rc=-5) [ 137.947942][ T9904] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9904 comm=syz.5.2088 [ 138.250753][ T9917] loop5: detected capacity change from 0 to 1024 [ 138.291284][ T9917] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.307788][ T9917] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.434947][ T4085] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 138.480536][ T4085] EXT4-fs (loop5): Remounting filesystem read-only [ 138.503948][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.631224][ T9934] batadv_slave_0: entered promiscuous mode [ 138.834789][ T9942] loop0: detected capacity change from 0 to 256 [ 138.862363][ T9942] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 138.954331][ T9939] lo speed is unknown, defaulting to 1000 [ 138.983782][ T9939] lo speed is unknown, defaulting to 1000 [ 139.018577][ T9947] netlink: 'syz.1.2104': attribute type 39 has an invalid length. [ 139.053379][ T9952] loop3: detected capacity change from 0 to 1024 [ 139.069058][ T9952] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.083280][ T9952] sctp: [Deprecated]: syz.3.2106 (pid 9952) Use of int in max_burst socket option. [ 139.083280][ T9952] Use struct sctp_assoc_value instead [ 139.177432][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.192473][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2109'. [ 139.208374][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2109'. [ 139.245057][ T9962] loop3: detected capacity change from 0 to 1024 [ 139.260039][ T9962] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.272457][ T9962] ext4 filesystem being mounted at /421/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.300552][ T4115] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 139.315764][ T4115] EXT4-fs (loop3): Remounting filesystem read-only [ 139.324210][ T3307] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.371951][ T9968] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2110'. [ 139.530840][ T9968] lo speed is unknown, defaulting to 1000 [ 139.584912][ T9968] lo speed is unknown, defaulting to 1000 [ 139.771459][ T9979] loop5: detected capacity change from 0 to 512 [ 139.778209][ T9979] EXT4-fs: Ignoring removed mblk_io_submit option [ 139.793453][ T9979] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -13 [ 139.825613][ T9979] EXT4-fs error (device loop5): ext4_clear_blocks:876: inode #13: comm syz.5.2115: attempt to clear invalid blocks 2 len 1 [ 139.848501][ T9979] EXT4-fs (loop5): Remounting filesystem read-only [ 139.855191][ T9988] loop4: detected capacity change from 0 to 128 [ 139.865767][ T9979] EXT4-fs (loop5): 1 truncate cleaned up [ 139.865841][ T9984] lo speed is unknown, defaulting to 1000 [ 139.878612][ T9984] lo speed is unknown, defaulting to 1000 [ 139.887711][ T9979] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.896705][ T9988] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 139.908075][ T9988] FAT-fs (loop4): Filesystem has been set read-only [ 139.915980][ T9979] EXT4-fs (loop5): Quota file not on filesystem root. Journaled quota will not work [ 139.918349][ T9988] syz.4.2119: attempt to access beyond end of device [ 139.918349][ T9988] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 139.926385][ T29] kauditd_printk_skb: 263 callbacks suppressed [ 139.926419][ T29] audit: type=1400 audit(2000000096.542:4783): avc: denied { quotaon } for pid=9978 comm="syz.5.2115" name="file0" dev="loop5" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 139.958202][ T9988] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 139.976239][ T9988] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 140.006783][ T9988] syz.4.2119: attempt to access beyond end of device [ 140.006783][ T9988] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 140.022062][ T9988] syz.4.2119: attempt to access beyond end of device [ 140.022062][ T9988] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 140.036070][ T7295] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.104768][ T9998] loop4: detected capacity change from 0 to 1024 [ 140.121820][ T29] audit: type=1400 audit(2000000096.722:4784): avc: denied { accept } for pid=9999 comm="syz.1.2124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 140.183683][ T9998] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.196758][ T9997] loop0: detected capacity change from 0 to 8192 [ 140.205560][T10002] loop3: detected capacity change from 0 to 8192 [ 140.206121][ T9998] ext4 filesystem being mounted at /422/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.227222][ T9997] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 140.242684][T10002] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 140.286344][ T4115] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 140.338100][ T4115] EXT4-fs (loop4): Remounting filesystem read-only [ 140.347746][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.364817][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.373673][ T9997] FAT-fs (loop0): Filesystem has been set read-only [ 140.389775][T10012] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2137'. [ 140.418154][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.447300][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.466405][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.488186][T10016] loop5: detected capacity change from 0 to 128 [ 140.497720][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.507310][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.537383][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.546225][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.567798][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.576602][ T9997] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 1051) [ 140.636052][T10022] loop5: detected capacity change from 0 to 128 [ 140.658696][T10024] loop0: detected capacity change from 0 to 128 [ 140.719343][ T29] audit: type=1326 audit(2000000097.332:4785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.727654][T10024] syz.0.2141: attempt to access beyond end of device [ 140.727654][T10024] loop0: rw=0, sector=121, nr_sectors = 920 limit=128 [ 140.770075][ T29] audit: type=1326 audit(2000000097.332:4786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.794330][ T29] audit: type=1326 audit(2000000097.372:4787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.804748][T10019] lo speed is unknown, defaulting to 1000 [ 140.817906][ T29] audit: type=1326 audit(2000000097.372:4788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.826294][T10019] lo speed is unknown, defaulting to 1000 [ 140.847848][ T29] audit: type=1326 audit(2000000097.372:4789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.877451][ T29] audit: type=1326 audit(2000000097.382:4790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.901760][ T29] audit: type=1326 audit(2000000097.382:4791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 140.925412][ T29] audit: type=1326 audit(2000000097.382:4792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10026 comm="syz.5.2131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8fa53de929 code=0x7ffc0000 [ 141.167326][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 141.329909][T10043] lo speed is unknown, defaulting to 1000 [ 141.338342][T10043] lo speed is unknown, defaulting to 1000 [ 141.692283][T10049] tipc: Enabling of bearer rejected, failed to enable media [ 141.816478][T10051] loop5: detected capacity change from 0 to 8192 [ 141.938018][T10063] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2144'. [ 141.961544][T10063] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.970824][T10063] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.996158][T10060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2145'. [ 142.039950][T10072] loop1: detected capacity change from 0 to 128 [ 142.054355][T10074] loop0: detected capacity change from 0 to 256 [ 142.102643][ T9] IPVS: starting estimator thread 0... [ 142.197363][T10078] IPVS: using max 2400 ests per chain, 120000 per kthread [ 142.237091][T10085] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2154'. [ 142.248518][T10088] loop4: detected capacity change from 0 to 128 [ 142.309771][T10085] lo speed is unknown, defaulting to 1000 [ 142.316315][T10085] lo speed is unknown, defaulting to 1000 [ 142.763281][T10096] lo speed is unknown, defaulting to 1000 [ 142.769489][T10096] lo speed is unknown, defaulting to 1000 [ 142.780344][T10099] lo speed is unknown, defaulting to 1000 [ 142.854610][T10099] lo speed is unknown, defaulting to 1000 [ 142.869037][T10105] loop4: detected capacity change from 0 to 512 [ 142.896446][T10105] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.918873][T10105] ext4 filesystem being mounted at /429/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 143.243422][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.389164][T10131] loop1: detected capacity change from 0 to 2048 [ 143.439190][T10131] Alternate GPT is invalid, using primary GPT. [ 143.445596][T10131] loop1: p1 p2 p3 [ 145.087023][T10170] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2188'. [ 145.102419][T10177] loop1: detected capacity change from 0 to 128 [ 145.119010][T10170] lo speed is unknown, defaulting to 1000 [ 145.125318][T10170] lo speed is unknown, defaulting to 1000 [ 145.163626][T10182] syz.1.2187: attempt to access beyond end of device [ 145.163626][T10182] loop1: rw=2049, sector=145, nr_sectors = 16 limit=128 [ 145.171859][T10180] lo speed is unknown, defaulting to 1000 [ 145.181999][T10182] syz.1.2187: attempt to access beyond end of device [ 145.181999][T10182] loop1: rw=2049, sector=169, nr_sectors = 8 limit=128 [ 145.185731][T10180] lo speed is unknown, defaulting to 1000 [ 145.197430][T10182] syz.1.2187: attempt to access beyond end of device [ 145.197430][T10182] loop1: rw=2049, sector=185, nr_sectors = 8 limit=128 [ 145.219388][T10184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2190'. [ 145.228465][T10184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2190'. [ 145.234266][T10182] syz.1.2187: attempt to access beyond end of device [ 145.234266][T10182] loop1: rw=2049, sector=201, nr_sectors = 8 limit=128 [ 145.254967][T10182] syz.1.2187: attempt to access beyond end of device [ 145.254967][T10182] loop1: rw=2049, sector=217, nr_sectors = 8 limit=128 [ 145.268711][T10182] syz.1.2187: attempt to access beyond end of device [ 145.268711][T10182] loop1: rw=2049, sector=233, nr_sectors = 8 limit=128 [ 145.283104][T10182] syz.1.2187: attempt to access beyond end of device [ 145.283104][T10182] loop1: rw=2049, sector=249, nr_sectors = 8 limit=128 [ 145.307095][T10182] syz.1.2187: attempt to access beyond end of device [ 145.307095][T10182] loop1: rw=2049, sector=265, nr_sectors = 8 limit=128 [ 145.332916][ T29] kauditd_printk_skb: 504 callbacks suppressed [ 145.332929][ T29] audit: type=1400 audit(2000000101.942:5297): avc: denied { listen } for pid=10187 comm="syz.0.2191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 145.346707][T10182] syz.1.2187: attempt to access beyond end of device [ 145.346707][T10182] loop1: rw=2049, sector=281, nr_sectors = 8 limit=128 [ 145.386861][T10182] syz.1.2187: attempt to access beyond end of device [ 145.386861][T10182] loop1: rw=2049, sector=297, nr_sectors = 8 limit=128 [ 145.417958][ T29] audit: type=1400 audit(2000000102.022:5298): avc: denied { create } for pid=10191 comm="syz.5.2194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 145.438169][ T29] audit: type=1400 audit(2000000102.022:5299): avc: denied { ioctl } for pid=10191 comm="syz.5.2194" path="socket:[25313]" dev="sockfs" ino=25313 ioctlcmd=0x89ec scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 145.509596][T10202] tipc: New replicast peer: 0.0.255.255 [ 145.515244][T10202] tipc: Enabled bearer , priority 10 [ 145.621268][T10211] loop1: detected capacity change from 0 to 512 [ 145.634485][T10211] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 145.687777][T10211] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.719711][T10211] ext4 filesystem being mounted at /498/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.732577][T10221] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2204'. [ 145.762306][T10221] lo speed is unknown, defaulting to 1000 [ 145.768493][T10221] lo speed is unknown, defaulting to 1000 [ 145.771306][T10223] lo speed is unknown, defaulting to 1000 [ 145.797399][T10223] lo speed is unknown, defaulting to 1000 [ 145.833795][ T29] audit: type=1400 audit(2000000102.442:5300): avc: denied { map } for pid=10210 comm="syz.1.2202" path="/498/file0/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 145.870223][ T29] audit: type=1400 audit(2000000102.442:5301): avc: denied { execute } for pid=10210 comm="syz.1.2202" path="/498/file0/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 145.901447][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.981786][ T29] audit: type=1326 audit(2000000102.592:5302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10232 comm="syz.3.2209" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f37f5dee929 code=0x0 [ 146.064636][ T29] audit: type=1326 audit(2000000102.672:5303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10243 comm="syz.1.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 146.089297][ T29] audit: type=1326 audit(2000000102.672:5304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10243 comm="syz.1.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 146.112897][ T29] audit: type=1326 audit(2000000102.672:5305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10243 comm="syz.1.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 146.136407][ T29] audit: type=1326 audit(2000000102.672:5306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10243 comm="syz.1.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7ffc0000 [ 146.174590][T10247] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2208'. [ 146.346984][T10261] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2219'. [ 146.366598][T10261] lo speed is unknown, defaulting to 1000 [ 146.378106][T10261] lo speed is unknown, defaulting to 1000 [ 146.522745][ T5221] tipc: Node number set to 1902045835 [ 146.614843][T10277] loop5: detected capacity change from 0 to 8192 [ 146.716149][T10286] loop1: detected capacity change from 0 to 512 [ 146.724372][T10286] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 146.766069][T10286] EXT4-fs (loop1): 1 truncate cleaned up [ 146.776365][T10286] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.944112][T10297] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.952377][T10297] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.961926][T10297] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 147.026951][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.346490][T10324] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2243'. [ 147.370120][T10326] loop1: detected capacity change from 0 to 512 [ 147.377452][T10326] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 147.390241][T10324] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10324 comm=syz.4.2243 [ 147.405081][T10326] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.423048][T10326] ext4 filesystem being mounted at /513/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.688561][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.731689][T10347] bridge0: port 3(batadv_slave_1) entered blocking state [ 147.738858][T10347] bridge0: port 3(batadv_slave_1) entered disabled state [ 147.784319][T10347] batadv_slave_1: entered allmulticast mode [ 147.801082][T10347] batadv_slave_1: entered promiscuous mode [ 148.241013][T10374] Set syz1 is full, maxelem 65536 reached [ 148.287531][T10388] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2266'. [ 148.385020][T10392] loop1: detected capacity change from 0 to 1024 [ 148.401913][T10392] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.475702][ T3308] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.570188][T10405] siw: device registration error -23 [ 148.604300][T10407] loop0: detected capacity change from 0 to 1024 [ 148.611929][T10407] EXT4-fs: Ignoring removed orlov option [ 148.617773][T10407] EXT4-fs: Ignoring removed nomblk_io_submit option [ 148.635298][T10407] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.686977][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.717636][T10415] loop0: detected capacity change from 0 to 128 [ 148.926345][T10435] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2284'. [ 148.940806][T10435] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2284'. [ 148.993775][T10437] loop1: detected capacity change from 0 to 8192 [ 150.009982][T10465] loop1: detected capacity change from 0 to 512 [ 150.016837][T10465] EXT4-fs: Ignoring removed oldalloc option [ 150.023045][T10465] EXT4-fs: Ignoring removed mblk_io_submit option [ 150.030340][T10465] EXT4-fs: Mount option(s) incompatible with ext2 [ 150.076851][T10473] netlink: 'syz.1.2299': attribute type 11 has an invalid length. [ 150.092757][T10473] netlink: 448 bytes leftover after parsing attributes in process `syz.1.2299'. [ 150.346180][ T29] kauditd_printk_skb: 543 callbacks suppressed [ 150.346208][ T29] audit: type=1326 audit(2000000106.952:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fae7cbc58e7 code=0x7ffc0000 [ 150.377880][ T29] audit: type=1326 audit(2000000106.992:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fae7cb6ab19 code=0x7ffc0000 [ 150.401445][ T29] audit: type=1326 audit(2000000106.992:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fae7cbc58e7 code=0x7ffc0000 [ 150.424871][ T29] audit: type=1326 audit(2000000106.992:5853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fae7cb6ab19 code=0x7ffc0000 [ 150.448361][ T29] audit: type=1326 audit(2000000106.992:5854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 150.471986][ T29] audit: type=1326 audit(2000000107.022:5855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10498 comm="syz.1.2309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591803e929 code=0x7fc00000 [ 150.496375][ T29] audit: type=1326 audit(2000000107.032:5856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fae7cbc58e7 code=0x7ffc0000 [ 150.520575][ T29] audit: type=1326 audit(2000000107.032:5857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fae7cb6ab19 code=0x7ffc0000 [ 150.544258][ T29] audit: type=1326 audit(2000000107.032:5858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7fae7cbce929 code=0x7ffc0000 [ 150.568430][ T29] audit: type=1326 audit(2000000107.032:5859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10452 comm="syz.4.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fae7cbc58e7 code=0x7ffc0000 [ 150.834375][T10529] loop4: detected capacity change from 0 to 2048 [ 150.898955][T10529] loop4: p1 < > p4 [ 150.903443][T10529] loop4: p4 size 8388608 extends beyond EOD, truncated [ 150.969899][T10554] loop4: detected capacity change from 0 to 512 [ 150.999809][T10554] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.012680][T10554] ext4 filesystem being mounted at /449/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 151.027708][T10554] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2325: corrupted inode contents [ 151.058040][T10554] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.2325: mark_inode_dirty error [ 151.070900][T10554] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2325: corrupted inode contents [ 151.085684][T10554] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2325: corrupted inode contents [ 151.098160][T10554] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.2325: mark_inode_dirty error [ 151.110133][T10554] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2325: corrupted inode contents [ 151.122443][T10554] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.2325: mark_inode_dirty error [ 151.134467][T10554] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2325: corrupted inode contents [ 151.147836][T10554] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.2325: mark_inode_dirty error [ 151.161021][T10566] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.2325: corrupted inode contents [ 151.191148][ T3316] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.269334][T10575] loop1: detected capacity change from 0 to 8192 [ 152.570778][T10607] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2341'. [ 152.687321][ C0] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 152.691039][T10611] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10611 comm=syz.3.2341 [ 152.823906][T10616] loop4: detected capacity change from 0 to 512 [ 152.878514][T10616] EXT4-fs warning (device loop4): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 152.908394][T10616] EXT4-fs (loop4): mount failed [ 153.176377][T10631] lo speed is unknown, defaulting to 1000 [ 153.183110][T10631] lo speed is unknown, defaulting to 1000 [ 153.218725][T10634] netlink: 'syz.4.2353': attribute type 10 has an invalid length. [ 153.245522][T10634] veth1_macvtap: left promiscuous mode [ 153.265996][T10634] team0: Device veth1_macvtap failed to register rx_handler [ 153.338660][T10644] loop0: detected capacity change from 0 to 1024 [ 153.345741][T10644] EXT4-fs: Ignoring removed bh option [ 153.351238][T10644] EXT4-fs: Ignoring removed nomblk_io_submit option [ 153.372958][T10642] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2356'. [ 153.394018][T10644] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.420969][T10647] loop5: detected capacity change from 0 to 128 [ 153.467716][T10647] batadv_slave_0: entered promiscuous mode [ 153.477920][T10650] loop1: detected capacity change from 0 to 128 [ 153.494949][T10647] netlink: 76 bytes leftover after parsing attributes in process `syz.5.2357'. [ 153.507998][T10650] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 153.530531][T10647] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 153.613042][T10647] batadv_slave_0 (unregistering): left promiscuous mode [ 153.620639][T10647] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 153.854859][T10644] ================================================================== [ 153.863017][T10644] BUG: KCSAN: data-race in file_write_and_wait_range / xas_set_mark [ 153.871051][T10644] [ 153.873393][T10644] write to 0xffff888106bc3254 of 4 bytes by task 10651 on cpu 1: [ 153.881143][T10644] xas_set_mark+0x12b/0x140 [ 153.885662][T10644] __folio_start_writeback+0x1dd/0x440 [ 153.891154][T10644] ext4_bio_write_folio+0x5ad/0x9f0 [ 153.896364][T10644] mpage_submit_folio+0xe4/0x170 [ 153.901335][T10644] mpage_process_page_bufs+0x39b/0x4a0 [ 153.906815][T10644] mpage_prepare_extent_to_map+0x741/0xaa0 [ 153.912659][T10644] ext4_do_writepages+0xa1a/0x21c0 [ 153.917838][T10644] ext4_writepages+0x176/0x300 [ 153.922634][T10644] do_writepages+0x1c6/0x310 [ 153.927248][T10644] file_write_and_wait_range+0x156/0x2c0 [ 153.932930][T10644] generic_buffers_fsync_noflush+0x45/0x120 [ 153.938893][T10644] ext4_sync_file+0x1ab/0x690 [ 153.943623][T10644] vfs_fsync_range+0x10d/0x130 [ 153.948416][T10644] ext4_buffered_write_iter+0x34f/0x3c0 [ 153.953990][T10644] ext4_file_write_iter+0x383/0xf00 [ 153.959206][T10644] iter_file_splice_write+0x5f2/0x970 [ 153.964624][T10644] direct_splice_actor+0x156/0x2a0 [ 153.969766][T10644] splice_direct_to_actor+0x312/0x680 [ 153.975178][T10644] do_splice_direct+0xda/0x150 [ 153.979976][T10644] do_sendfile+0x380/0x650 [ 153.984429][T10644] __x64_sys_sendfile64+0x105/0x150 [ 153.989667][T10644] x64_sys_call+0xb39/0x2fb0 [ 153.994281][T10644] do_syscall_64+0xd2/0x200 [ 153.998804][T10644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.004714][T10644] [ 154.007056][T10644] read to 0xffff888106bc3254 of 4 bytes by task 10644 on cpu 0: [ 154.014697][T10644] file_write_and_wait_range+0x10e/0x2c0 [ 154.020363][T10644] generic_buffers_fsync_noflush+0x45/0x120 [ 154.026297][T10644] ext4_sync_file+0x1ab/0x690 [ 154.031021][T10644] vfs_fsync_range+0x10d/0x130 [ 154.035816][T10644] ext4_buffered_write_iter+0x34f/0x3c0 [ 154.041404][T10644] ext4_file_write_iter+0x383/0xf00 [ 154.046642][T10644] iter_file_splice_write+0x5f2/0x970 [ 154.052049][T10644] direct_splice_actor+0x156/0x2a0 [ 154.057193][T10644] splice_direct_to_actor+0x312/0x680 [ 154.062599][T10644] do_splice_direct+0xda/0x150 [ 154.067405][T10644] do_sendfile+0x380/0x650 [ 154.071870][T10644] __x64_sys_sendfile64+0x105/0x150 [ 154.077078][T10644] x64_sys_call+0xb39/0x2fb0 [ 154.081675][T10644] do_syscall_64+0xd2/0x200 [ 154.086183][T10644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.092080][T10644] [ 154.094400][T10644] value changed: 0x0a000021 -> 0x04000021 [ 154.100136][T10644] [ 154.102465][T10644] Reported by Kernel Concurrency Sanitizer on: [ 154.108664][T10644] CPU: 0 UID: 0 PID: 10644 Comm: syz.0.2355 Not tainted 6.16.0-rc1-syzkaller-00004-gaef17cb3d3c4 #0 PREEMPT(voluntary) [ 154.121177][T10644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 154.131239][T10644] ================================================================== [ 154.311590][ T3315] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.087345][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!