last executing test programs: 58.81490562s ago: executing program 3 (id=6370): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000ff0d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, r2, 0x25, 0x0, @val=@tcx}, 0x1c) syz_emit_ethernet(0xd83, &(0x7f00000015c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x16, 0xd75, 0x67, 0x0, 0xa, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x19}}, {{0x4e24, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x1, 0x0, 0x9}, {"2655bb2623f35598dabbbb8f170af5551d67067e8071920b2402fc1d76e61ff43427242e76448552683fcc11a6d36eb2b49807183d1121ed28f83b865b828b9ce2e74bace03d50bbf71e33d4c5635d459ae3062adfce1c6556726e54e1918089796f1d0adf4f624127dd26f05a07468f6f1dbe1f5247b2342417f7329731912181499f29310838c231ec3a01ebf37b1bbf9569e7ca607b62317b8586464779a926a8109ff755280c6a3302c1d4192f009949e1e2716270aba8430ab14d04604f8f57c1530479ef458abe3930fce53668d2c35ee0f2d2f59ee740756785474a7062200e738d82dba6d1d4197973e13a42b1e9570d27b0421ae4c5a1a03be88a1957485752335a9f68e41d89843f37aa3c50c563c2b14ad89a2e24bdc473fa65b0ec001220613779bdec46ae1a00e615b62232de5c4fd337f83389fae4f49604c87ef6aae060705f9495f89a957f2f0482892db0bae284b6bb42946dd3511ae5c80179792e1aacbcb43aa15a0801c87c88fc3e9d29f2a4dd399dfbcc2fd3c4b77fddef38ee14beee427d4880d54a7f2b03298a04b06342a6b0f315734927a0053125957dcde8014164b82e8507d2430e9d65147b653a3a21e03f957b0277acf2cc1e0c134c9fce85ab7bc6a5a83e1e662b853132edb0dc141fa49d8d60ad1ee62c514cfc7bd5a8316814949a7502587a552d12741252a3ab4998b78a60e2e2b42374e4f9ac2087c94b9dd9415736e27e6806e84042bf65357807b92dfd197e47057eebe392d2e428827ddeda60b47d1ecfc7ef2fe56b088f2497be8c67ef905f04c6512f0b9b405a098ab0e59dfbde30e3038df25a74258703e5878cc1d8d3d72bd84454d3ae371c9076fd2385de476f033007f8f9a0acb7e1b737bed0ee20bcb0af206d146d77f645786a0d730342766b18e50876ff35ab173bb9cfdb57d51b0eea7536e4edb4fd9ecf26e939ac85e6a0152bc05d9c056797d62683669852cd880d831f5ab49c7b49bd6585d50abd3b62eadc2c65935203aac273f83cdacf40e874245b63f6e89f450cdf9f78542939a5c2bb33c7dc500b63e49a1be0bd7c01a0fe3eb16c677baf157d9a795e7a11e34e6c55c66b0f9132728fa88b8f5c96310dc0c83c44bcafabbf3741e92ae24fe71ac8ddccd565c7820fc3f3455fa8feee80efd663bc6747af61f9b138004829d211ed1e5e57bcdd5a3ecf2b51218586f8872b5ae026b5138e6c206e0bccf9831028f03c07051e87d24bb534c2967f44f85c0342285a30196aa3286651bfb604d7dfe28e7cbce7a47029ce734e0209070bf561c3c568e75fca4110d54f4e0b5c58a53b9b2f1969a47040323cfa3b53924ee81a8e5ada0958b9a238312f852e14dac9c6aaac11fe92d5194589955999c13d195223cb4024829481f3424843bb05d36a7378d4bfa59d98925b7f28c719595a5e3b3f881cc91db4c3926aa1ed23cc1967b579a3eba6895befabf99df00b6dde015b7fa2663a943cad383451c9aec3c1b63ff2b5ec20d1cf4f5dc4a29748c97c3966c559a17e973097a35d6848b822541b9364e8b65f1391471983121ae3fd4d46f5e7ca7fde8628f8181183870304effe6f6c9da08beb8c96264e6c254b40888f13d4ced9ea4609502a909476149e13bf4c33279363c03d0262b4cd414f16099e30129a17fc41aefadab4104ae139eb0e83541d398e6f62afc89d972822e38831ea8f6fdd508535e63d55c1d982c3967ef01287fa87c03971d9f7011ea6ebc589ea33be1a89f4d84e8452fc999b102c55ff5a99cb76cf9acf3ac21ea019d714bddfa95dc273a33b67b945b9d54c00fa708afb9c252131b58bea16d03a3ff05426ead5d4588822d2195530cea7ad47cfc8de87e536b83d3ffe2031702b99eeac36db9a55abd5c017db2efd3df6c0826e3ef49a8d35f189fb1531be3d26c4bac3525a45d050320f290ee292e28d2bc64bb99bbc53da1010f8b8a1a3a0e01e3511afc7acb05a4f37abc4d710794e75325b506cdfaa34a16d56cd4370ef3c75021f0395b0f08fda122137b49ab4156b2127f7bd8f6956f557807e262bd696d1d9c11769647ad34d1cdb831ed46990ab320b786df1958d6423d1eb1affeb411e7a1f9ac1186db813f26461d72bb6b8227dcba71867efa6bef91ea7c1d25406a1a6068e18c4c3802a4011aaa48a1129fd717d50580fc2c667e3e36da4b3800d689ae814fee4d6a67ddbd3edbd199bff4f1ab91ad197e6d2ea5d3c18a3ea8a6868eb6122ebaac809b94cbe324069742c316c581fafb059fb486e52725b57c456501be0aa7e7db75652a64c8d7fd3ac61f2de2179cbfe3077d98dfed4087f82eefa0ac8a7393d228d6e4cbd31ecf26c4fa4e0ec50a17c99d12b1f86098879a7c118f16cc216c58128cbd204fa2bacb9a85fc91eb2677e664fa26b593abbc7b49813b8671cde880e47dd1e50988faab3d99ac0d73183070406bed9b201d28af9b5d133c21f4d3ccb7fd36e73fb7bae75ffe0313a6ccde9abd07951f5c716a46c05ce2c1cfbbab27eece76df4f85cd11d36408cb589e236fd51ef8cf0d9483bb2340d85a368e0c7ed134b9cca20c3668d03d0fe18d82686de5d67b74cade4be3741eb14a4a44d8fb170c7c3acc06aa08425799540607c85753ed9531cf9f55f098d04462a38c80c73cd9e83d50bb7142c10564a8b6ba51ba2d987073237a4500deb5146050c4f9f56b89aaca75305d7263036cad2a72e1e74dbcaae4add635d1e053d5016c7ebf7286e9142fab406c67068438730605ca3fa73b2c7e736b969d27e62231b78f838ce985fcb7a3bcd9e54e05e5f7103d932621e57d6d6f13c308ad20eab709edd3461543d699d8a114bd96ee82c842efef8706ced293cb76b6bebeb01ff34d01cbd7886e29b88aa62cbbad827f523d98b2309744368eb1a243267ee0f01a41fed5d094a6ecb100eaeb2cc5d6718fe1059765552371d87e420aea7ab7df098d9f1943ff150cc1823d89a775abfb6bcbc0b3d357069e56a6d93bfa625cc7f2359244006a07feafec083078907ff819783478bd2dab182f17abf382194aa3f5e8a4f7bc120b45bf5ef503f505d050b60d6a436724116d6c44a3e8f408f1b97ecbe51f6282d2888e18b46d8895071966fc67745f270dce3b5560bca1cc0832431aede14f94d19ff54660a65cac55c849de77628afa8265ea082bb4f8c4eea2706ab41fbbfd16a1508c2e4a87f2fb2fbfc111b76068d73c3722604b90cf16054ee9af480203c3ef123686424134ab41fb29c4e820d1bf13cd543711763cd908e120261996ae69293017bc5d80b02afe7322726f263c82421cde298a8679d9129374b4c24f628c0ab18039396ae87dcb85c65c29c64b84245942ec745a04586dbb2766e8a291dde5edec63fb0f5e7b2820906902291f52d6fc446fc353b968ca2e9774b349f1e777ba3b4e04c3bf292c31885112ed929d70008daae88813b71aaafae6656a63904c2972feac3b5b9245bf86943c73501804481d6ea50668e969bce38d2ea1391f4b2ef6d6a38db730b0f8fd7c981ed81554c36f9b618501c0b6291ec87cde14955cdb2a55ae27fc319bdce34c9b5d7897fb5f36b1f03adbd7fc9c2e80943e498d06e7878ec7521507890b54b3eeef3d3032628dcd137a2766dd098aad41d1b6de76c78a3e1c6f8c22c0292eb34c3b8c2bc68853dab50aa1aad1f86105c8846a131c2acdf2d711650c915573643bd91e351fd63846e7f81af87118878233b234753caf0f6fa811ec73baab53e9977fe6d86ca7903f8a79e05e956a1f7639a6d00c13d7d73f9c992a2af8ab343eea086d73bff60c36388f8b9e22b9d091950202af5ef24e17525e340f22d66baec9bc6101f6f302aef91e8813948b51ca94967b5ec7f0504dd735765102e1f16c4a4c5c414e62caea58ccd86b36a9adf528ba1a1dc4b3c8738077556276c393522fa0ff8201a18f1349a719b5a057b202bf2e2ff1260413943a9531f53ee8f3a2dfcb4c17c85c484430936a575aa3f945f373c0dd2588c32419cfcfffb0ab80ed384c542cb87ef33f26e14e2e933add3e7f39423d7c42a69e62b7f5d16aa30a1866215ba65a4e9b0983a6377a4b7b04bb664fad0d57565c7a882c936cf39add7fb30571583290e610d5d4fae564dac16d8045e900087453edb04a94dec1c7ec7e9c76292218f1f161b616623cbe6d60068e4c847825302f4591110d5713e9060a67e096270891eeb26156b6a1ca5a3d54415b9a56efd3570dae4789b03424e453f3b3f9424b1c6023a190ae408faa56a4b64c23c3fb79a0dfae17f6049cbf0ab0e2cb478a2e425ea10ba42e600d61b9f8bc83414bbb74902b4e95496f7526ebee761f4634393362b8aaa37eabb22276125408ea9736bf22fbc1e7d41b4058108154db992590951434a92b808618cf740dcb5cd1b107d2c491572312ea0b8677789be7d13d8ca304a6c94e8fe26d8923ae56bfae628dd1dd626ba8bdc075a03ee3aaa37fdf6fd5137ff4bf8370668e482f4179d3e81fbccef27051f7cb1e838e1da90c61af986c5f08e861f576d722cdb5030689455ce6e4d8832b13039231d19bdf9c71a45e5d87073dbc197e6fab6b49cc9c55d2d6080186d44dda614d1e33d4c42823f6fe7002e1779e962f2a53ab2dfac3b01d2a224bfcbcdbbb96fbc3d930ad23bfe3b9f7bfe95f39a618be7d50afc2e56aa68c6c69b10f3fa35146791073b52d85383ebe138939c6b8ddeac6f17084e16e0e24898149fe20f4718da39eb06ea04a28fa01998bb8aa430ac4ee5d494b6ef95dd96908a4abfe8df74"}}}}}}, 0x0) 58.813542291s ago: executing program 3 (id=6373): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r1, &(0x7f00000006c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffffffc}, 0x1c, 0x0}}], 0x1, 0x2000c8c0) sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x1, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x1, "65a252e7cb7a5918c004a9971a46afced2c32642b1ec9fe34818d8ccd82041b7", "c930713c550e74ee13c2638ac75b2a9666efd31a34fce4498df8105d8bd8ed283a220c3a9becd8a70d3607ea8270d351", "ae12e16b560f2f8ac4ca3e745ce285f12f6e8719e7f1e7f286a68f76", {"980aa8fb8f80d69f1fb587086447e93e", "55e824bb69e833bd36300b088233545a"}}}}}}}, 0x0) 58.788835613s ago: executing program 3 (id=6374): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xe, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 58.759045197s ago: executing program 3 (id=6375): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x96, 0x1, 0x0, 0x0, 0x0, 0x2, 0x20460, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200, 0x1, 0x0, 0x0, 0x5, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='cpu.idle\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9) 58.639173058s ago: executing program 3 (id=6380): prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='kfree\x00', r0, 0x0, 0x2}, 0x18) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 58.558933657s ago: executing program 3 (id=6382): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000600)="aa", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x3f66400, @loopback, 0x63}, 0x1c) 43.577559846s ago: executing program 32 (id=6382): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000000600)="aa", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x3f66400, @loopback, 0x63}, 0x1c) 2.044510075s ago: executing program 2 (id=8069): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) getgroups(0x0, 0x0) 2.022677948s ago: executing program 2 (id=8071): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000380)='mm_page_free\x00', r0, 0x0, 0xe17}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 1.856057734s ago: executing program 2 (id=8087): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000300), 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000f00000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) sendfile(r2, r1, 0x0, 0x7ffff000) 1.80291803s ago: executing program 2 (id=8077): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9, 0x8280}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) readv(r2, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000380), 0x84, r1}, 0x38) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x5e, 0x9, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x1, @perf_bp={&(0x7f00000000c0), 0xe}, 0x108208, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xe, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000a40), 0xa, 0x101c82) syz_usb_disconnect(r4) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xd, &(0x7f0000000580)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018", @ANYRES32, @ANYRESOCT=r0], &(0x7f00000001c0)='GPL\x00', 0x10000, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ftruncate(r5, 0x2000009) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r6, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000800000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x207a, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0) 939.531026ms ago: executing program 1 (id=8102): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000001000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000000), 0xee, 0x280, &(0x7f0000001100)="$eJzs3T1oJGUcB+D/7IdJTJCojSB+gIhoIMRCEGy0UQhICCKCChERK0mEmGCXtdLCQmuVVDZB7IyWYhNsDq7N3aXINVdcuOLCFXfFHrOzG/Y2G5Lszu6GzPPA7szszvuxsL933y3mnQAKazoi3o6IckTMREQ1IpL2E17MHtPNw82JnaWIev2DO0njvOw40yo3GRG1iHgzotJ6b337k/17u++98uNa9eXftz+eGNbnixg/2jvY33v/8LeF7/+af3291Hxtqrlt/xx5Srq8VkkinhpEYxdEUhl1DziLxW//vJbm/umIeKmR/2qUmpH9afWx/6rx2q8nlf359tVnh9lXIH/1ejX9DazVgcIpNebASWk2IrL9Uml2NpvDXy8n8dXK6jczX66sLX/RdfgoD33AAvqRpP/N0z/g7/4z9vdkR/5vlbP8n8kbA+4pMBBTEXsfLm7dSPcP/YpDMTyXbdL8z3y28WrIPxSO/ENxyT8Ul/zDJdBjdjvy/13OvQIusPb8j426M8BQmf/DJVZt7dS6vi3/cDn80MMEXv6huDryP8TrcYFRa88/AFAs9bFRX4EMjMqoxx8AAAAAAAAAAAAAAAAAAOC4zYmdpdZjWG3+/0vEwTsRUXm0/Ww5w3LjfsQR443nx+8m6WlHkqxYXz59oc8K+vRHzldfL5xzHcgnbubb/nldeX4w9XbczOLEte02liNq6clzlcrx73/S/P6d6sT6nzylYPXzszWQl6Tj+K2P8qt7o4cyD7bya78X87sR/6bjz1y38a8UzzS23cefqfYllnv09f0+KwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBoHgYAAP//xxRq8A==") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10) creat(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1d6) rename(&(0x7f0000001380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 866.791333ms ago: executing program 1 (id=8093): add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) getpriority(0x1, 0x0) timer_gettime(0x0, 0x0) 837.490316ms ago: executing program 1 (id=8095): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20d00, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) acct(&(0x7f0000000040)='./file0\x00') 811.008169ms ago: executing program 1 (id=8096): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000900)={&(0x7f0000000000)=ANY=[], 0x14}}, 0x0) 784.915102ms ago: executing program 1 (id=8097): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) write$nci(r1, 0x0, 0xfffffeea) 746.054315ms ago: executing program 1 (id=8098): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000f40)="82f5252be7dc93dfe06dd6116412c42be1ca316c088207d2a48756b23f3a13074aa35c301d591f03061d8fe0f70f307034cd539cfff48644efbc6bb665cb8cf85f3786475cbd3b395d03992f14c6c63d0d575ada14c0fb897d08f5b0f108ca36f7855d777c9e0c382d2d68017acfa27eb1048a98e4e4c58f86b2c12057a80cf46fbebc3cd50f86245e0e8a2126c75132fda11d67a669de1a5538e8f0817e470099989748f5b8371a76e6072b1146af5355df1f3086c08daf9f53746fdb79dc591f879ee1732d9b447e4657f9c92018cb23037022eaaef04c25d112818a63212938a14759721aeda1315be2605c5a7bfad6ac073e7964ea1097a11013b7448f361d9b3477a191c2fb74662d9fc88e872e858287fe3649fc6f9fca64215febaf018dea93dc186ded9ceffdb34e0bf61bf4f55489eda095f288974e55d8d51bb5d504a09e26cf3faf6a5dc50c52b2fb5e4c6b20b31f29dd823edb6a6603d5762d2a003dd0d234f026f62d3f3aa88692b706c89595a28aeb5c2c8d05eacdac85d7502b9ad30acaf1466aaef3c7d5e4e3e8421abe23905de3d2cd728a4c86ce2f8339246d63b75ebdd8c851f272a1e8ac1fc226dbb344f4ab0757be261a6ea692d181091784b9e3e79050cf5491fbb0da2a691071cb3a54485eae5bd90965fe9fa7342ffcbc7830e4d927ec6bf492448041e0aaa4593e13f837c2cc4d8e08e91460affa09e1d0fdb3f6436167a2495dab0720550534052f0bdebbf89518dc6d8b1039cf24b5a156df791f520c6f734d54c5152b6784cc50ad9923fcee4c2a19e2f1a5bcd42cc25173f1ff94ec3610f2706d3697a459aebf4ea0a82c7874720027d1e042904b9bfbbcbc63acb27cca1599a20ff531aad8543cc2ca7d84f179e2999a01aa24c6b3fca9ef634a1de6e2dcdcf50c1d7f37d3fe5136352619aa2da170db477aa006804d991d30d10cba614d956c91907f4778775a4655d046a264a9b3e2164783532fe300e335842627953e4911828694af689da87617029175e8a3bdcf9928cdaea149db6dbdbde6fb302d4fd1a4d54c6462e20ffe2f5fd45b76118c81db7842ec4ff74a13ada9d479a04f9968b68e193968908a639596d6d67dc33a0427a7f4e6a733cb505d01508ee2fd8657343c4047a04f462b9ff1648ef9d76e7dfeb673c1f7e73d4ecb7edf4fa98495ddc752c312a5273b8488a0a500ee5582a68bd2cc1bfb3f8149150e59173d0088565762ca8f82e5f72b5c2e11d4dbb5c59a30f9890dc24542d8b1c731d2fd70fe8e8f5633116648ef3286b19ff6bbfd92b2f9acbc", 0x3a2}], 0x1}}], 0x1, 0x4048894) close(0x3) 689.609641ms ago: executing program 5 (id=8099): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0, 0x0, 0x2}, 0x18) unshare(0x28000600) open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x10) openat(0xffffffffffffff9c, 0x0, 0x289c2, 0x1) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x3000010, &(0x7f0000000340), 0x1, 0x512, &(0x7f00000008c0)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=") 602.164819ms ago: executing program 4 (id=8100): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000280)={0x0, &(0x7f0000000300)}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4a, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x17, 0x7ffc1ffd}]}) timerfd_gettime(0xffffffffffffffff, 0x0) 504.51549ms ago: executing program 4 (id=8101): r0 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x40b}, 0x0, 0x32, 0x1, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002ec0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="5953fdfffffffddbdf256b000000080043"], 0x28}}, 0x50) 456.373714ms ago: executing program 5 (id=8103): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000004c0)='kfree\x00', r1, 0x0, 0x4ab}, 0x18) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)=@newqdisc={0x45c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x3, 0x1, 0x8, 0x1, 0xff, 0x7}, {0x4, 0x0, 0x3, 0xa159, 0x1000, 0x7}, 0x3, 0x8, 0x41e}}, @TCA_TBF_PTAB={0x404, 0x3, [0x104, 0x2, 0xc, 0xfff, 0x0, 0x8ba, 0xa1, 0x4d91, 0x7fffffff, 0x63c4, 0x0, 0x7ffd, 0x400, 0x255, 0x6, 0xc, 0xd81, 0x3, 0xa, 0xa, 0x7, 0x6, 0xc, 0x200, 0xfffffffd, 0x5, 0xb96, 0x7, 0x0, 0xffffffff, 0x200, 0x3, 0x80000001, 0x7c, 0xfffffffc, 0x5, 0x1, 0x2, 0x8, 0x6, 0x1, 0xd, 0x80, 0x400, 0x80, 0x90000000, 0x3800000, 0x0, 0xfffff30b, 0x0, 0xf5, 0x81, 0xfffffffa, 0x80, 0x101, 0x3f, 0xfffffbff, 0x36a5, 0x4, 0x6, 0x200, 0x1ba, 0x9, 0xab, 0x6, 0xfffffff7, 0x6, 0x0, 0x3, 0x1, 0x963, 0x1ff, 0x2, 0xfffffffd, 0x6, 0x5, 0x0, 0x3, 0x0, 0xb09, 0x3ff, 0x7, 0x8000, 0x4, 0x8, 0x1000, 0x101, 0x5, 0x3, 0x6, 0x9, 0x3, 0x1, 0x8762, 0x10008e, 0x80000005, 0xfffff76b, 0x0, 0x4, 0x4275c4e9, 0x8, 0x5, 0x800, 0x4, 0x955, 0x5, 0x6cdf13a0, 0x9, 0x3, 0x5, 0x10001, 0xff, 0x80000001, 0xed2, 0x5, 0xfffffffa, 0x10002, 0x18d0, 0x0, 0x3, 0x9486, 0x80, 0x5, 0x80000000, 0xdb, 0x3, 0x80, 0xffff7ffc, 0x5, 0x8, 0x7, 0x1, 0x2, 0x8008, 0x2, 0x8, 0x2, 0x81, 0x3, 0x1, 0x6bf, 0x7, 0xea, 0x4, 0xc1, 0x2, 0x40, 0x5, 0x27f, 0x200, 0x7, 0x40, 0x7, 0x4, 0x7, 0xff, 0x400, 0x8, 0x7fffffff, 0xfffffff8, 0x8, 0xfffffff4, 0x8, 0xc, 0x96, 0x6, 0x104, 0x62cc, 0x2, 0x7, 0x2eb7, 0x10001, 0xcbf, 0x10000, 0x101, 0x9, 0xfffffffa, 0x1, 0x8, 0x7, 0x8001, 0xf, 0x5, 0x8, 0x8d, 0xffffffff, 0x2, 0x7, 0x1, 0x61, 0xffffffff, 0x494, 0xb, 0x1, 0x1, 0xd1, 0xd, 0x9, 0x1002, 0xffffffff, 0x6, 0x3, 0xfffffffb, 0xffff, 0xff, 0x5, 0xe, 0x401, 0x2, 0x8cc5, 0x8, 0x159, 0xfffffff7, 0x81, 0x382ae49d, 0x9, 0xffffffff, 0xffff, 0xdf3b, 0x8d, 0x6, 0xfffffeff, 0x89c3, 0x20000001, 0x5, 0x9, 0x2, 0xfffff801, 0x0, 0x5, 0x5, 0x7, 0x7, 0x7f, 0x7, 0x1, 0x0, 0xffffffff, 0xdfed, 0xb, 0x77, 0x7, 0xff, 0xb331, 0x9, 0x6, 0x9, 0x7, 0x5, 0x400, 0x10001, 0x1, 0x800, 0x6000, 0xfe000000, 0xfffffffd]}]}}]}, 0x45c}}, 0x0) 429.028817ms ago: executing program 5 (id=8104): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r2 = socket(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) 410.804989ms ago: executing program 2 (id=8105): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb85000000430000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c00028008000140000000080800034000000110"], 0xc4}}, 0x20050890) 409.755349ms ago: executing program 5 (id=8115): unshare(0x2040400) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 290.085951ms ago: executing program 2 (id=8107): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYRES8=0x0], 0x1, 0x30e, &(0x7f0000000f00)="$eJzs3E1rE10UwPGTNEnTlHayeHhEQXrRjW6GNu7FIC2IAUttxBcQp81EQ8akZEIlIrZduXEhfggXpcvuCtov0I07V27cdSO4sAtxJDOTl7aJrWnSWPv/QZlD7j0z9+Y24dyBzPbdN0/zWVvPGmUJRpUERER2ROISlJqAfwy6cUSaLcvl4W+fzt++d/9mMpWanFFqKjl7JaGUGh17/+zFkN9tY1C24g+3vya+bP2/dXb75+yTnK1ytioUy8pQc8XPZWPOMlUmZ+d1paYt07BNlSvYZslrd5ZELFNlreLCQkUZhcxIbKFk2rYyChWVNyuqXFTlUkUZj41cQem6rkZigoOkV2dmjGSHyfNdHgx6pFRKGgMiMrSvJb3alwEBAIC+8uv/erUfrJb0ndT/oZb1/9qFzfLwnfVRv/7fiFTrf5Gm+v9R41ymygTr9X9URBr1f9HbH3S7/t9fEZ1sr3cvjjhOPYy06n+k+h8nRLX+j/mfX9fKg7VxN6D+BwAAAAAAAAAAAAAAAAAAAADgJNhxHM1xHM07DvivOtqgiETdX5B47X0eJnpk9/o3/lj/06Hx4I7QqIj1ajG9mPaOfodNEbHElHHR5If7/+CrxpFl5XZSVXH5YC35+UuLae+7JJmVnJs/IZrE9+Y7ztSN1OSE8uzOD0usOT8hmvzXOj+xNz9cPUbk0sWmfF00+TgvRbEk4/8yrpb/ckKp67dSe64/5PYDAAAAAOBfoKu6+v59sLld39/u7Y+9dm9/HZLW9we8/fV4y/19SM6F+jVrAAAAAABOF7vyPG9YllnqUbAiIj2+RJugNsPDZtUekNumT0AC7Zq6ENQu3ll6dWxdG0/4UO9YsKOhjkX+cFFaBrXbRu36yHQnZ3Y0kaO+h2fevvv++z7enTGRw5zw6nr0gJl2GkQOmmn42L6AAAAAABybRtFfe+VafwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMApdByP4uv3HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/xa8AAAD//46ZAFE=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x40, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x32) write(r1, &(0x7f00000001c0)="49bda8f11851b8436bebb25ac5f8202ffb", 0x11) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffffffffffffffd) 289.912741ms ago: executing program 5 (id=8108): socket$packet(0x11, 0xa, 0x300) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xe, 0xfffffffffffffeb9, &(0x7f0000000000)="259a53f27188a800000000000000", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 289.749851ms ago: executing program 4 (id=8109): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000680)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x28, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000680)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x28, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0) 256.624385ms ago: executing program 4 (id=8110): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f00000007c0)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c050}, 0x1) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x13f, 0x1}}, 0xffcc) 244.155835ms ago: executing program 0 (id=8111): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {}, {}, {0xffe0, 0x5}}, [@filter_kind_options=@f_u32={{0x8}, {0xfffffed3, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0xffffffff}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x20048850) 221.458408ms ago: executing program 4 (id=8112): syz_io_uring_setup(0xbdf, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000680), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000eca20ae4000044000380080001"], 0x58}}, 0x0) 195.04649ms ago: executing program 0 (id=8113): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008020000d9"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000003e7400850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffffffe}]}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x4028055}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 170.605313ms ago: executing program 0 (id=8114): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x8, 0xf9, 0x7ffc1ffb}]}) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0) pwrite64(r1, 0x0, 0x0, 0x9000) 152.432795ms ago: executing program 4 (id=8116): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9, 0x8280}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) readv(r2, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0x87}], 0x1) ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000380), 0x84, r1}, 0x38) perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x5e, 0x9, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x1, @perf_bp={&(0x7f00000000c0), 0xe}, 0x108208, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xe, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000a40), 0xa, 0x101c82) syz_usb_disconnect(r4) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==") bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xd, &(0x7f0000000580)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018", @ANYRES32, @ANYRESOCT=r0], &(0x7f00000001c0)='GPL\x00', 0x10000, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ftruncate(r5, 0x2000009) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r6, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0x0, 0x1) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000800000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x207a, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000), 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="f7", 0x101d0}], 0x1}, 0x0) 102.95895ms ago: executing program 0 (id=8117): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb85000000430000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000800000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c00028008000140000000080800034000000110"], 0xc4}}, 0x20050890) 71.020303ms ago: executing program 5 (id=8118): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 46.949535ms ago: executing program 0 (id=8119): mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', 0x0, 0x2200892, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'fo\x00', 0x1, 0x10001, 0x1a}, 0x2c) r0 = socket$kcm(0xa, 0x2, 0x0) r1 = socket(0x2, 0x80805, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x11}, {@remote, 0x4e1d, 0x3}}, 0x44) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 0s ago: executing program 0 (id=8120): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000000100000100000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0x5}, 0x18) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendfile(r3, r2, 0x0, 0x7ffff088) kernel console output (not intermixed with test programs): 22] loop2: rw=1, sector=321, nr_sectors = 8 limit=128 [ 182.676856][T11522] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 182.701091][T17749] loop2: detected capacity change from 0 to 1024 [ 182.722541][T17749] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: comm syz.2.6234: inode #7: comm syz.2.6234: iget: illegal inode # [ 182.736328][T17749] EXT4-fs error (device loop2): ext4_xattr_inode_iget:446: comm syz.2.6234: error while reading EA inode 7 err=-117 [ 183.058300][T17786] loop3: detected capacity change from 0 to 128 [ 183.080172][T17786] ext4 filesystem being mounted at /1179/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 183.104509][T17786] EXT4-fs (loop3): shut down requested (2) [ 183.564773][T17816] loop3: detected capacity change from 0 to 1024 [ 183.571491][T17816] EXT4-fs: Ignoring removed orlov option [ 183.584050][T17816] journal_path: Lookup failure for './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 183.597677][T17816] EXT4-fs: error: could not find journal device path [ 183.715763][T17842] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6277'. [ 183.724937][T17842] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6277'. [ 183.749239][T17836] loop2: detected capacity change from 0 to 8192 [ 183.878150][T17863] loop1: detected capacity change from 0 to 2048 [ 183.894140][T17865] sctp: [Deprecated]: syz.4.6289 (pid 17865) Use of struct sctp_assoc_value in delayed_ack socket option. [ 183.894140][T17865] Use struct sctp_sack_info instead [ 183.903452][ T3317] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 183.918480][ T3317] FAT-fs (loop2): Filesystem has been set read-only [ 183.945177][T17863] Alternate GPT is invalid, using primary GPT. [ 183.951715][T17863] loop1: p1 p2 p3 [ 183.955501][T17863] loop1: partition table partially beyond EOD, truncated [ 184.028487][ T3377] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 184.037426][ T3377] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 184.130366][T17891] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6299'. [ 184.139830][T17891] netlink: 'syz.4.6299': attribute type 6 has an invalid length. [ 184.208968][T17900] IPv6: Can't replace route, no match found [ 184.314576][T17916] __nla_validate_parse: 3 callbacks suppressed [ 184.314595][T17916] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6310'. [ 184.395992][T17932] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6319'. [ 184.439572][T17935] loop2: detected capacity change from 0 to 4096 [ 184.691346][T17947] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6326'. [ 184.700623][T17947] IPVS: Error connecting to the multicast addr [ 184.806458][ T3669] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 184.893519][T17952] loop2: detected capacity change from 0 to 512 [ 184.910072][T17952] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 184.923116][T17952] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 184.931427][T17952] EXT4-fs (loop2): failed to initialize system zone (-117) [ 184.941772][T17952] EXT4-fs (loop2): mount failed [ 185.030783][T17969] loop3: detected capacity change from 0 to 764 [ 185.038809][T17969] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 185.054804][T17969] Symlink component flag not implemented [ 185.060944][T17969] Symlink component flag not implemented (7) [ 185.133164][T17979] vhci_hcd: invalid port number 23 [ 185.202500][T17983] loop3: detected capacity change from 0 to 512 [ 185.225591][T17983] ext4 filesystem being mounted at /1201/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 185.399299][T18017] sd 0:0:1:0: device reset [ 185.700376][T18055] loop1: detected capacity change from 0 to 2048 [ 185.760910][T18055] EXT4-fs error (device loop1): ext4_find_extent:939: inode #2: comm syz.1.6372: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 185.781879][T18069] netlink: 256 bytes leftover after parsing attributes in process `syz.2.6377'. [ 185.948340][T18086] SELinux: Context is not valid (left unmapped). [ 186.046217][T18093] vlan1: entered allmulticast mode [ 186.062079][ T29] kauditd_printk_skb: 218 callbacks suppressed [ 186.062098][ T29] audit: type=1326 audit(2000000031.900:7740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18047 comm="syz.4.6369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 186.096594][T18094] loop1: detected capacity change from 0 to 512 [ 186.112529][T18094] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 186.122904][ T29] audit: type=1326 audit(2000000031.950:7741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18047 comm="syz.4.6369" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 186.147568][T18094] EXT4-fs (loop1): 1 truncate cleaned up [ 186.155574][ T29] audit: type=1400 audit(2000000032.000:7742): avc: denied { read write open } for pid=18092 comm="syz.1.6388" path="/1111/bus/file2" dev="loop1" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 186.371331][T18105] loop2: detected capacity change from 0 to 1024 [ 186.546754][T18105] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4193: comm syz.2.6393: Allocating blocks 497-513 which overlap fs metadata [ 186.569065][ T29] audit: type=1326 audit(2000000032.410:7743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.592747][ T29] audit: type=1326 audit(2000000032.410:7744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.614117][T18110] EXT4-fs (loop2): pa ffff888106d57a10: logic 48, phys. 177, len 21 [ 186.616256][ T29] audit: type=1326 audit(2000000032.410:7745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.647930][T18110] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 186.654953][ T29] audit: type=1326 audit(2000000032.410:7746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.681472][ T29] audit: type=1326 audit(2000000032.410:7747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.705082][ T29] audit: type=1326 audit(2000000032.410:7748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.728673][ T29] audit: type=1326 audit(2000000032.470:7749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18112 comm="syz.1.6395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 186.927211][T18123] vhci_hcd: default hub control req: 800f v0000 i0000 l31125 [ 187.012782][T18129] Dead loop on virtual device ipvlan1, fix it urgently! [ 187.119803][T18144] 9pnet_fd: Insufficient options for proto=fd [ 187.227442][T18127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.228237][T18155] block device autoloading is deprecated and will be removed. [ 187.243858][T18127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.828000][T18177] netlink: 'syz.4.6424': attribute type 12 has an invalid length. [ 187.835936][T18177] netlink: 'syz.4.6424': attribute type 29 has an invalid length. [ 187.843997][T18177] netlink: 148 bytes leftover after parsing attributes in process `syz.4.6424'. [ 187.853131][T18177] netlink: 'syz.4.6424': attribute type 2 has an invalid length. [ 187.860957][T18177] netlink: 'syz.4.6424': attribute type 3 has an invalid length. [ 187.868755][T18177] netlink: 7 bytes leftover after parsing attributes in process `syz.4.6424'. [ 187.879380][T18129] syz.1.6403 (18129) used greatest stack depth: 2496 bytes left [ 187.924848][ C0] Dead loop on virtual device ipvlan1, fix it urgently! [ 188.006143][T18183] SELinux: failed to load policy [ 188.027520][T18191] loop2: detected capacity change from 0 to 512 [ 188.067121][T18191] EXT4-fs (loop2): 1 orphan inode deleted [ 188.074683][T18198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6434'. [ 188.079618][T18191] ext4 filesystem being mounted at /1343/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.098620][T11541] EXT4-fs error (device loop2): ext4_release_dquot:6981: comm kworker/u8:64: Failed to release dquot type 1 [ 188.195808][T18208] loop2: detected capacity change from 0 to 256 [ 188.224368][T18208] FAT-fs (loop2): Directory bread(block 64) failed [ 188.239694][T18208] FAT-fs (loop2): Directory bread(block 65) failed [ 188.253727][T18208] FAT-fs (loop2): Directory bread(block 66) failed [ 188.270495][T18208] FAT-fs (loop2): Directory bread(block 67) failed [ 188.290667][T18208] FAT-fs (loop2): Directory bread(block 68) failed [ 188.310852][T18208] FAT-fs (loop2): Directory bread(block 69) failed [ 188.331074][T18208] FAT-fs (loop2): Directory bread(block 70) failed [ 188.353901][T18208] FAT-fs (loop2): Directory bread(block 71) failed [ 188.370685][T18208] FAT-fs (loop2): Directory bread(block 72) failed [ 188.383682][T18208] FAT-fs (loop2): Directory bread(block 73) failed [ 188.395786][T18206] loop1: detected capacity change from 0 to 32768 [ 188.417499][T18219] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6443'. [ 188.441614][T11489] bio_check_eod: 99 callbacks suppressed [ 188.441634][T11489] kworker/u8:14: attempt to access beyond end of device [ 188.441634][T11489] loop2: rw=1, sector=1224, nr_sectors = 8 limit=256 [ 188.466406][T18206] loop1: p1 p2 p3 < > p4 < p5 p6 > [ 188.471719][T18206] loop1: p1 start 460800 is beyond EOD, truncated [ 188.478213][T18206] loop1: p2 size 83886080 extends beyond EOD, truncated [ 188.509107][T18206] loop1: p5 start 460800 is beyond EOD, truncated [ 188.515755][T18206] loop1: p6 size 83886080 extends beyond EOD, truncated [ 188.617896][T18230] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6446'. [ 188.717904][T18248] loop1: detected capacity change from 0 to 256 [ 188.732829][T18248] FAT-fs (loop1): Directory bread(block 64) failed [ 188.748243][T18248] FAT-fs (loop1): Directory bread(block 65) failed [ 188.757489][T18248] FAT-fs (loop1): Directory bread(block 66) failed [ 188.765792][T18248] FAT-fs (loop1): Directory bread(block 67) failed [ 188.772397][T18248] FAT-fs (loop1): Directory bread(block 68) failed [ 188.779892][T18248] FAT-fs (loop1): Directory bread(block 69) failed [ 188.791985][T18248] FAT-fs (loop1): Directory bread(block 70) failed [ 188.808202][T18248] FAT-fs (loop1): Directory bread(block 71) failed [ 188.867335][T18248] FAT-fs (loop1): Directory bread(block 72) failed [ 188.887899][T18248] FAT-fs (loop1): Directory bread(block 73) failed [ 189.000530][T18268] loop2: detected capacity change from 0 to 2048 [ 189.178075][T18274] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 189.385415][T18268] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 189.400483][T18268] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 189.413000][T18268] EXT4-fs (loop2): This should not happen!! Data will be lost [ 189.413000][T18268] [ 189.422687][T18268] EXT4-fs (loop2): Total free blocks count 0 [ 189.428794][T18268] EXT4-fs (loop2): Free/Dirty block details [ 189.434796][T18268] EXT4-fs (loop2): free_blocks=2415919104 [ 189.440529][T18268] EXT4-fs (loop2): dirty_blocks=8208 [ 189.445918][T18268] EXT4-fs (loop2): Block reservation details [ 189.448354][T18285] loop1: detected capacity change from 0 to 8192 [ 189.451918][T18268] EXT4-fs (loop2): i_reserved_data_blocks=513 [ 189.492277][T18278] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 189.505206][T18278] EXT4-fs (loop2): This should not happen!! Data will be lost [ 189.505206][T18278] [ 189.774555][T18312] vhci_hcd: invalid port number 23 [ 189.818680][T18322] netlink: 'syz.4.6486': attribute type 29 has an invalid length. [ 189.827896][T18322] netlink: 'syz.4.6486': attribute type 29 has an invalid length. [ 189.843572][T18324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6489'. [ 189.853514][T18322] netlink: 500 bytes leftover after parsing attributes in process `syz.4.6486'. [ 189.909070][T18329] loop2: detected capacity change from 0 to 1024 [ 189.927342][T18329] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 189.950488][T18333] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6492'. [ 189.962231][T18329] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 189.973242][T18329] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 189.983115][T18333] IPVS: Unknown mcast interface: [ 189.994003][T18329] JBD2: no valid journal superblock found [ 189.999897][T18329] EXT4-fs (loop2): Could not load journal inode [ 190.023223][T18339] loop0: detected capacity change from 0 to 512 [ 190.047050][T18339] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 190.085956][T18339] ext4 filesystem being mounted at /1348/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 190.139317][T18339] EXT4-fs: Ignoring removed orlov option [ 190.160412][T18348] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 190.171870][T18350] netlink: 80 bytes leftover after parsing attributes in process `syz.4.6498'. [ 190.191214][T18339] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 190.209855][T18339] EXT4-fs (loop0): can't enable nombcache during remount [ 190.234067][T18350] netlink: 80 bytes leftover after parsing attributes in process `syz.4.6498'. [ 190.260284][T18339] EXT4-fs error (device loop0): __ext4_new_inode:1279: comm syz.0.6495: failed to insert inode 16: doubly allocated? [ 190.380718][T18352] loop2: detected capacity change from 0 to 8192 [ 190.867470][T18388] vhci_hcd: invalid port number 121 [ 190.872799][T18388] vhci_hcd: default hub control req: 4000 v0051 i0079 l0 [ 190.927258][T18391] ip6t_srh: unknown srh match flags 4000 [ 191.023409][T18397] netlink: 'syz.1.6520': attribute type 1 has an invalid length. [ 191.165093][T18404] loop0: detected capacity change from 0 to 1024 [ 191.180433][ T29] kauditd_printk_skb: 177 callbacks suppressed [ 191.180450][ T29] audit: type=1400 audit(2000000037.020:7926): avc: denied { validate_trans } for pid=18407 comm="syz.2.6523" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 191.219913][ T29] audit: type=1400 audit(2000000037.050:7927): avc: denied { connect } for pid=18409 comm="syz.1.6526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 191.254646][T18404] Quota error (device loop0): do_check_range: Getting block 64 out of range 1-5 [ 191.263851][T18404] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 191.273271][T18404] EXT4-fs error (device loop0): ext4_acquire_dquot:6945: comm syz.0.6524: Failed to acquire dquot type 0 [ 191.296237][ T29] audit: type=1400 audit(2000000037.140:7928): avc: denied { write } for pid=18413 comm="syz.4.6529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 191.347151][ T29] audit: type=1400 audit(2000000037.170:7929): avc: denied { read } for pid=18422 comm="syz.1.6532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 191.371147][T18425] loop2: detected capacity change from 0 to 164 [ 191.383867][T18404] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 191.403311][ T29] audit: type=1400 audit(2000000037.240:7930): avc: denied { write } for pid=18422 comm="syz.1.6532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 191.433050][T18404] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.6524: corrupted inode contents [ 191.446874][T18404] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #13: comm syz.0.6524: mark_inode_dirty error [ 191.473906][T18404] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.6524: corrupted inode contents [ 191.588076][T18404] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #13: comm syz.0.6524: mark_inode_dirty error [ 191.606024][T18404] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.6524: corrupted inode contents [ 191.623819][T18404] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 191.632608][T18404] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #13: comm syz.0.6524: corrupted inode contents [ 191.644786][T18404] EXT4-fs error (device loop0): ext4_truncate:4637: inode #13: comm syz.0.6524: mark_inode_dirty error [ 191.656247][T18404] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 191.665745][T18404] EXT4-fs (loop0): 1 truncate cleaned up [ 191.676717][ T29] audit: type=1326 audit(2000000037.520:7931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18403 comm="syz.0.6524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 191.736391][ T29] audit: type=1326 audit(2000000037.540:7932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18403 comm="syz.0.6524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 191.759918][ T29] audit: type=1326 audit(2000000037.540:7933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18403 comm="syz.0.6524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 191.790586][T18438] loop0: detected capacity change from 0 to 512 [ 191.809003][T18438] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 191.821897][T18438] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.6536: Invalid block bitmap block 0 in block_group 0 [ 191.839140][T18438] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 191.848372][T18438] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #11: comm syz.0.6536: attempt to clear invalid blocks 983261 len 1 [ 191.863226][T18438] EXT4-fs error (device loop0): __ext4_get_inode_loc:4832: comm syz.0.6536: Invalid inode table block 0 in block_group 0 [ 191.876348][T18438] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 191.887172][T18438] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 191.899259][T18438] EXT4-fs error (device loop0): __ext4_get_inode_loc:4832: comm syz.0.6536: Invalid inode table block 0 in block_group 0 [ 191.947718][T18438] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Corrupt filesystem [ 191.971643][T18438] EXT4-fs error (device loop0): ext4_truncate:4637: inode #11: comm syz.0.6536: mark_inode_dirty error [ 191.984403][T18438] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 191.993703][T18438] EXT4-fs error (device loop0): __ext4_get_inode_loc:4832: comm syz.0.6536: Invalid inode table block 0 in block_group 0 [ 192.006813][T18438] EXT4-fs (loop0): 1 truncate cleaned up [ 192.089051][T18455] loop0: detected capacity change from 0 to 512 [ 192.105937][T18455] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2803: inode #11: comm syz.0.6542: corrupted xattr block 95: invalid header [ 192.120343][T18455] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.6542: bg 0: block 7: invalid block bitmap [ 192.133049][T18455] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 192.142048][T18455] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2967: inode #11: comm syz.0.6542: corrupted xattr block 95: invalid header [ 192.155999][T18455] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117) [ 192.166901][T18455] EXT4-fs (loop0): 1 orphan inode deleted [ 192.200106][T18458] SELinux: Context system_u:object_r:audit_spool_t:s0 is not valid (left unmapped). [ 193.131001][T18493] loop1: detected capacity change from 0 to 164 [ 193.145249][T18493] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 193.161506][T18493] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 193.206424][T18498] loop1: detected capacity change from 0 to 512 [ 193.228022][T18498] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 193.241333][T18502] C: renamed from team_slave_0 (while UP) [ 193.256039][T18502] netlink: 164 bytes leftover after parsing attributes in process `syz.4.6567'. [ 193.305323][T18504] netlink: 24 bytes leftover after parsing attributes in process `syz.0.6578'. [ 193.348597][T18508] loop1: detected capacity change from 0 to 1024 [ 193.357701][T18508] EXT4-fs: Ignoring removed nobh option [ 193.385864][T18508] EXT4-fs mount: 46 callbacks suppressed [ 193.385952][T18508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.432185][T18519] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 193.440500][T18519] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 193.473131][T18508] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 193.543873][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.494900][T18575] netlink: 'syz.1.6597': attribute type 8 has an invalid length. [ 194.502783][T18575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6597'. [ 194.528418][T18575] bond0: entered promiscuous mode [ 194.533519][T18575] bond_slave_0: entered promiscuous mode [ 194.539461][T18575] bond_slave_1: entered promiscuous mode [ 194.546994][T18575] gretap0: entered promiscuous mode [ 194.553227][T18575] debugfs: 'hsr1' already exists in 'hsr' [ 194.559160][T18575] Cannot create hsr debugfs directory [ 194.564708][T18575] hsr1: entered promiscuous mode [ 194.592886][T18579] loop1: detected capacity change from 0 to 128 [ 194.615824][T18579] syz.1.6599: attempt to access beyond end of device [ 194.615824][T18579] loop1: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 194.635706][T18579] syz.1.6599: attempt to access beyond end of device [ 194.635706][T18579] loop1: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 194.649254][T18579] Buffer I/O error on dev loop1, logical block 79, lost async page write [ 194.658589][T18579] syz.1.6599: attempt to access beyond end of device [ 194.658589][T18579] loop1: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 194.672258][T18579] Buffer I/O error on dev loop1, logical block 80, lost async page write [ 194.681562][T18579] syz.1.6599: attempt to access beyond end of device [ 194.681562][T18579] loop1: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 194.695600][T18579] syz.1.6599: attempt to access beyond end of device [ 194.695600][T18579] loop1: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 194.709035][T18579] Buffer I/O error on dev loop1, logical block 83, lost async page write [ 194.718068][T18579] syz.1.6599: attempt to access beyond end of device [ 194.718068][T18579] loop1: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 194.731596][T18579] Buffer I/O error on dev loop1, logical block 84, lost async page write [ 194.747220][T18579] syz.1.6599: attempt to access beyond end of device [ 194.747220][T18579] loop1: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 194.761372][T18579] syz.1.6599: attempt to access beyond end of device [ 194.761372][T18579] loop1: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 194.774919][T18579] Buffer I/O error on dev loop1, logical block 95, lost async page write [ 194.784150][T18579] syz.1.6599: attempt to access beyond end of device [ 194.784150][T18579] loop1: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 194.797631][T18579] Buffer I/O error on dev loop1, logical block 96, lost async page write [ 194.806595][T18579] syz.1.6599: attempt to access beyond end of device [ 194.806595][T18579] loop1: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 194.818229][T18585] loop2: detected capacity change from 0 to 1024 [ 194.820701][T18579] Buffer I/O error on dev loop1, logical block 99, lost async page write [ 194.835191][T18579] Buffer I/O error on dev loop1, logical block 100, lost async page write [ 194.840634][T18585] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 194.844521][T18579] Buffer I/O error on dev loop1, logical block 111, lost async page write [ 194.862122][T18579] Buffer I/O error on dev loop1, logical block 112, lost async page write [ 194.954706][T18594] loop2: detected capacity change from 0 to 164 [ 194.962390][T18594] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 194.972750][T18594] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 194.997414][T18594] Symlink component flag not implemented [ 195.003093][T18594] Symlink component flag not implemented [ 195.009087][T18594] Symlink component flag not implemented (7) [ 195.015142][T18594] Symlink component flag not implemented (116) [ 195.147887][T18611] loop2: detected capacity change from 0 to 512 [ 195.176878][T18611] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.191354][T18611] ext4 filesystem being mounted at /1390/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 195.206346][T18619] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 195.232954][T18611] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #2: comm syz.2.6614: corrupted inode contents [ 195.246566][T18611] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #2: comm syz.2.6614: mark_inode_dirty error [ 195.258177][T18611] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #2: comm syz.2.6614: corrupted inode contents [ 195.270381][T18611] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.6614: mark_inode_dirty error [ 195.324592][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.714344][T18646] loop0: detected capacity change from 0 to 512 [ 195.737356][T18646] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.768031][T18646] ext4 filesystem being mounted at /1388/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 195.811083][T18646] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 3: comm syz.0.6629: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1 [ 195.849903][T18646] EXT4-fs (loop0): Remounting filesystem read-only [ 195.885841][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.916125][ T3397] kernel read not supported for file /2899/net/netstat (pid: 3397 comm: kworker/1:5) [ 196.108138][T18654] netlink: 64 bytes leftover after parsing attributes in process `syz.1.6631'. [ 196.156269][T18656] loop0: detected capacity change from 0 to 2048 [ 196.224405][T18656] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.251641][T18656] ext4 filesystem being mounted at /1391/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.340967][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.427098][ T29] kauditd_printk_skb: 76 callbacks suppressed [ 196.427121][ T29] audit: type=1326 audit(2000000042.270:8010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18673 comm="syz.0.6639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 196.457080][ T29] audit: type=1326 audit(2000000042.270:8011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18673 comm="syz.0.6639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 196.480633][ T29] audit: type=1326 audit(2000000042.270:8012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18673 comm="syz.0.6639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 196.504175][ T29] audit: type=1326 audit(2000000042.270:8013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18673 comm="syz.0.6639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 196.527776][ T29] audit: type=1326 audit(2000000042.270:8014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18673 comm="syz.0.6639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 196.725712][T18684] loop0: detected capacity change from 0 to 512 [ 196.742618][T18682] loop1: detected capacity change from 0 to 2048 [ 196.752150][T18684] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.764929][T18684] ext4 filesystem being mounted at /1396/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 196.783251][T18682] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.812344][ T29] audit: type=1400 audit(2000000042.640:8015): avc: denied { setattr } for pid=18683 comm="syz.0.6644" name="bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 196.835717][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.859391][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.927977][T18700] netlink: 'syz.4.6650': attribute type 12 has an invalid length. [ 196.944177][T18704] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 197.051074][T18714] loop0: detected capacity change from 0 to 1764 [ 197.081444][ T29] audit: type=1400 audit(2000000042.920:8016): avc: denied { ioctl } for pid=18719 comm="syz.1.6660" path="socket:[49061]" dev="sockfs" ino=49061 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 197.149958][T18726] netlink: 32 bytes leftover after parsing attributes in process `syz.1.6663'. [ 197.194054][T18726] veth1_macvtap: left promiscuous mode [ 197.279854][T18730] loop2: detected capacity change from 0 to 2048 [ 197.327287][T18730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.439074][T18743] vhci_hcd: invalid port number 96 [ 197.444264][T18743] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 197.637264][ T29] audit: type=1400 audit(2000000043.480:8017): avc: denied { mounton } for pid=18759 comm="syz.1.6677" path="/1171/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 197.680731][ T29] audit: type=1400 audit(2000000043.520:8018): avc: denied { unmount } for pid=3319 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 197.741667][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.816901][T18779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6687'. [ 197.846836][ T29] audit: type=1400 audit(2000000043.690:8019): avc: denied { create } for pid=18780 comm="syz.4.6688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 197.902217][T18787] loop1: detected capacity change from 0 to 512 [ 197.911720][T18787] EXT4-fs error (device loop1): ext4_xattr_inode_iget:446: comm syz.1.6699: error while reading EA inode 32 err=-116 [ 197.925726][T18787] EXT4-fs (loop1): Remounting filesystem read-only [ 197.932261][T18787] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 197.942730][T18787] EXT4-fs (loop1): 1 orphan inode deleted [ 197.953157][T18787] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.986836][T18794] netdevsim netdevsim4: Direct firmware load for r failed with error -2 [ 197.996024][T18787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.049403][T18799] loop1: detected capacity change from 0 to 128 [ 198.058524][T18799] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 198.066417][T18799] FAT-fs (loop1): Filesystem has been set read-only [ 198.073197][T18799] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 198.081145][T18799] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 198.353838][T18807] netlink: 'syz.2.6698': attribute type 1 has an invalid length. [ 198.361758][T18807] netlink: 224 bytes leftover after parsing attributes in process `syz.2.6698'. [ 198.735858][T18819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6705'. [ 198.792615][T18824] loop0: detected capacity change from 0 to 128 [ 198.968610][T18834] loop2: detected capacity change from 0 to 512 [ 198.976065][T18835] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 198.984321][T18835] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 199.003315][T18834] EXT4-fs: Ignoring removed orlov option [ 199.039762][T18834] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 199.064352][T18834] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 199.072525][T18834] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.6712: corrupted in-inode xattr: e_value size too large [ 199.113872][T18834] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.6712: couldn't read orphan inode 15 (err -117) [ 199.144639][T18834] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.194877][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.208573][T18843] rdma_op ffff888144f3f580 conn xmit_rdma 0000000000000000 [ 199.237854][ T3389] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 199.265775][ T3389] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 199.381057][T18837] loop0: detected capacity change from 0 to 32768 [ 199.445111][T18837] loop0: p1 p3 < > [ 199.464837][T18863] loop1: detected capacity change from 0 to 512 [ 199.474329][T18863] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 199.495089][T18863] EXT4-fs (loop1): 1 truncate cleaned up [ 199.501282][T18863] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.555524][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.609105][T18868] loop1: detected capacity change from 0 to 1024 [ 199.635403][T18868] EXT4-fs: Ignoring removed orlov option [ 199.662146][T18868] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.722479][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.825438][T18888] loop0: detected capacity change from 0 to 1024 [ 199.846906][T18888] EXT4-fs: Ignoring removed mblk_io_submit option [ 199.855982][T18892] loop9: detected capacity change from 0 to 7 [ 199.862242][T18892] buffer_io_error: 18 callbacks suppressed [ 199.862260][T18892] Buffer I/O error on dev loop9, logical block 0, async page read [ 199.897661][T18896] loop2: detected capacity change from 0 to 512 [ 199.903745][T18892] Buffer I/O error on dev loop9, logical block 0, async page read [ 199.911771][T18892] loop9: unable to read partition table [ 199.917606][T18896] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 199.918729][T18892] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 199.918729][T18892] ) failed (rc=-5) [ 199.942504][T18888] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.957355][T18896] EXT4-fs (loop2): 1 truncate cleaned up [ 199.976428][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.985887][T18896] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.050730][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.101969][T18910] loop2: detected capacity change from 0 to 512 [ 200.155980][T18916] loop0: detected capacity change from 0 to 4096 [ 200.163486][T18910] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.187235][T18916] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.220642][T18916] EXT4-fs error (device loop0): ext4_lookup:1787: inode #14: comm syz.0.6745: invalid fast symlink length 131109 [ 200.233309][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.292960][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.522542][T18949] loop0: detected capacity change from 0 to 512 [ 200.530121][T18949] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 200.540871][T18949] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 200.548997][T18949] EXT4-fs (loop0): failed to initialize system zone (-117) [ 200.556639][T18949] EXT4-fs (loop0): mount failed [ 200.575152][T11489] nci: nci_ntf_packet: unknown ntf opcode 0x127 [ 200.671159][T18960] sd 0:0:1:0: device reset [ 200.782747][T18967] loop0: detected capacity change from 0 to 512 [ 200.795757][T18967] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.808520][T18967] ext4 filesystem being mounted at /1428/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.860480][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.071730][T18975] lo speed is unknown, defaulting to 1000 [ 201.133471][T11489] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.146350][T18975] vcan0 speed is unknown, defaulting to 1000 [ 201.190021][T11489] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.228378][T18975] lo speed is unknown, defaulting to 1000 [ 201.257068][T11489] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.326720][T11489] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.344242][T18975] chnl_net:caif_netlink_parms(): no params data found [ 201.411648][T18996] loop1: detected capacity change from 0 to 32768 [ 201.418901][T18975] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.426064][T18975] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.433515][T18975] bridge_slave_0: entered allmulticast mode [ 201.440265][T18975] bridge_slave_0: entered promiscuous mode [ 201.454954][T18996] loop1: p1 p3 < > [ 201.471763][T18975] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.479227][T18975] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.486638][T18975] bridge_slave_1: entered allmulticast mode [ 201.493205][T18975] bridge_slave_1: entered promiscuous mode [ 201.525209][T18975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.537851][T11489] bridge_slave_1: left allmulticast mode [ 201.543561][T11489] bridge_slave_1: left promiscuous mode [ 201.549278][T11489] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.558706][T11489] bridge_slave_0: left allmulticast mode [ 201.564512][T11489] bridge_slave_0: left promiscuous mode [ 201.570256][T11489] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.686749][T11489] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.698979][T11489] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.712355][T11489] bond0 (unregistering): Released all slaves [ 201.722876][T18975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.758013][T18975] team0: Port device team_slave_0 added [ 201.764880][T18975] team0: Port device team_slave_1 added [ 201.784162][T18975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.791320][T18975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.817442][T18975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.829566][T18975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.837281][T18975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 201.863262][T18975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.886765][ T29] kauditd_printk_skb: 111 callbacks suppressed [ 201.886780][ T29] audit: type=1400 audit(2000000047.730:8131): avc: denied { append } for pid=19029 comm="syz.0.6790" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 201.937139][T11489] hsr_slave_0: left promiscuous mode [ 201.944916][T11489] hsr_slave_1: left promiscuous mode [ 201.951674][T19033] SELinux: failed to load policy [ 201.954035][T11489] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.965481][T11489] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.973054][T11489] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.005500][T19043] loop0: detected capacity change from 0 to 128 [ 202.012030][T11489] veth1_macvtap: left promiscuous mode [ 202.018064][T11489] veth0_macvtap: left promiscuous mode [ 202.024008][T11489] veth1_vlan: left promiscuous mode [ 202.029526][T11489] veth0_vlan: left promiscuous mode [ 202.089673][T19049] loop0: detected capacity change from 0 to 2048 [ 202.110940][T19049] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.127265][T19049] EXT4-fs error (device loop0): ext4_find_extent:939: inode #2: comm syz.0.6788: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 202.143971][T11489] team0 (unregistering): Port device team_slave_1 removed [ 202.156126][T11489] team0 (unregistering): Port device team_slave_0 removed [ 202.165709][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.198429][ T29] audit: type=1326 audit(2000000048.040:8132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.201625][T11608] smc: removing ib device sz1 [ 202.221970][ T29] audit: type=1326 audit(2000000048.040:8133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.222033][ T29] audit: type=1326 audit(2000000048.040:8134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.222076][ T29] audit: type=1326 audit(2000000048.040:8135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.297344][ T29] audit: type=1326 audit(2000000048.040:8136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.320849][ T29] audit: type=1326 audit(2000000048.040:8137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.344323][ T29] audit: type=1326 audit(2000000048.040:8138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.367895][ T29] audit: type=1326 audit(2000000048.040:8139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.391437][ T29] audit: type=1326 audit(2000000048.040:8140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19052 comm="syz.0.6789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 202.419178][ T3389] lo speed is unknown, defaulting to 1000 [ 202.425004][ T3389] infiniband syz0: ib_query_port failed (-19) [ 202.460992][T18975] hsr_slave_0: entered promiscuous mode [ 202.467894][T18975] hsr_slave_1: entered promiscuous mode [ 202.496089][T18975] debugfs: 'hsr0' already exists in 'hsr' [ 202.501960][T18975] Cannot create hsr debugfs directory [ 202.598871][T18975] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 202.614146][T18975] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 202.624693][T18975] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 202.642938][T18975] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 202.675739][T19091] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 202.707301][T18975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.721723][T18975] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.732562][T11541] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.739779][T11541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.751322][ T3454] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.758431][ T3454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.769334][T19093] vcan0 speed is unknown, defaulting to 1000 [ 202.772513][T19075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.800254][T18975] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.810098][T19075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.876471][T18975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.914722][T19105] loop1: detected capacity change from 0 to 128 [ 203.028777][T18975] veth0_vlan: entered promiscuous mode [ 203.052552][T18975] veth1_vlan: entered promiscuous mode [ 203.097957][T18975] veth0_macvtap: entered promiscuous mode [ 203.115652][T18975] veth1_macvtap: entered promiscuous mode [ 203.129993][T18975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.145736][T18975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.186851][T11497] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.199501][T11497] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.212997][T11497] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.246722][T11497] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.268144][T19123] loop5: detected capacity change from 0 to 512 [ 203.275013][T19123] EXT4-fs: Ignoring removed orlov option [ 203.281280][T19123] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 203.311737][T19105] bio_check_eod: 20816 callbacks suppressed [ 203.311756][T19105] syz.1.6816: attempt to access beyond end of device [ 203.311756][T19105] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 203.331359][T19105] Buffer I/O error on dev loop1, logical block 128, lost async page write [ 203.340425][T19123] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 203.359759][T19123] EXT4-fs error (device loop5): ext4_iget_extra_inode:5075: inode #15: comm syz.5.6766: corrupted in-inode xattr: e_value size too large [ 203.382429][T19123] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.6766: couldn't read orphan inode 15 (err -117) [ 203.424508][T19105] syz.1.6816: attempt to access beyond end of device [ 203.424508][T19105] loop1: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 203.438067][T19105] Buffer I/O error on dev loop1, logical block 128, lost async page write [ 203.472848][T19123] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.527728][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.569324][T19140] loop5: detected capacity change from 0 to 1024 [ 203.619771][T19148] loop0: detected capacity change from 0 to 128 [ 203.630737][T19140] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.656878][T19148] syz.0.6822: attempt to access beyond end of device [ 203.656878][T19148] loop0: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 203.674586][T19148] syz.0.6822: attempt to access beyond end of device [ 203.674586][T19148] loop0: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 203.688080][T19148] Buffer I/O error on dev loop0, logical block 80, lost async page write [ 203.701195][T19158] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6825'. [ 203.737963][T19158] netem: change failed [ 203.744620][T19148] syz.0.6822: attempt to access beyond end of device [ 203.744620][T19148] loop0: rw=2049, sector=162, nr_sectors = 8 limit=128 [ 203.764185][T19148] syz.0.6822: attempt to access beyond end of device [ 203.764185][T19148] loop0: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 203.776836][T19140] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4193: comm syz.5.6817: Allocating blocks 497-513 which overlap fs metadata [ 203.777734][T19148] Buffer I/O error on dev loop0, logical block 84, lost async page write [ 203.804847][T19148] syz.0.6822: attempt to access beyond end of device [ 203.804847][T19148] loop0: rw=2049, sector=186, nr_sectors = 8 limit=128 [ 203.809123][T19160] EXT4-fs (loop5): pa ffff8881004a74d0: logic 48, phys. 177, len 21 [ 203.818960][T19148] syz.0.6822: attempt to access beyond end of device [ 203.818960][T19148] loop0: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 203.826516][T19160] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:5444: group 0, free 0, pa_free 1 [ 203.850061][T19148] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 203.859083][T19148] syz.0.6822: attempt to access beyond end of device [ 203.859083][T19148] loop0: rw=2049, sector=194, nr_sectors = 8 limit=128 [ 203.873102][T19148] syz.0.6822: attempt to access beyond end of device [ 203.873102][T19148] loop0: rw=2049, sector=200, nr_sectors = 2 limit=128 [ 203.886581][T19148] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 203.900674][T19148] Buffer I/O error on dev loop0, logical block 112, lost async page write [ 203.935836][T19148] Buffer I/O error on dev loop0, logical block 116, lost async page write [ 204.016789][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.128036][T19170] SELinux: failed to load policy [ 204.182663][T19184] netlink: 'syz.5.6836': attribute type 12 has an invalid length. [ 204.190614][T19184] netlink: 'syz.5.6836': attribute type 29 has an invalid length. [ 204.198593][T19184] netlink: 148 bytes leftover after parsing attributes in process `syz.5.6836'. [ 204.207803][T19184] netlink: 'syz.5.6836': attribute type 2 has an invalid length. [ 204.215594][T19184] netlink: 'syz.5.6836': attribute type 3 has an invalid length. [ 204.223406][T19184] netlink: 7 bytes leftover after parsing attributes in process `syz.5.6836'. [ 204.319865][T19202] loop5: detected capacity change from 0 to 512 [ 204.329354][T19204] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6845'. [ 204.345588][T19202] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.358488][T19202] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 204.412398][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.500945][T19229] loop5: detected capacity change from 0 to 256 [ 204.536380][T19229] FAT-fs (loop5): Directory bread(block 64) failed [ 204.543742][T19229] FAT-fs (loop5): Directory bread(block 65) failed [ 204.550320][T19229] FAT-fs (loop5): Directory bread(block 66) failed [ 204.558632][T19229] FAT-fs (loop5): Directory bread(block 67) failed [ 204.570004][T19229] FAT-fs (loop5): Directory bread(block 68) failed [ 204.577037][T19229] FAT-fs (loop5): Directory bread(block 69) failed [ 204.583727][T19229] FAT-fs (loop5): Directory bread(block 70) failed [ 204.587373][T19234] loop2: detected capacity change from 0 to 512 [ 204.590361][T19229] FAT-fs (loop5): Directory bread(block 71) failed [ 204.604525][T19229] FAT-fs (loop5): Directory bread(block 72) failed [ 204.611496][T19229] FAT-fs (loop5): Directory bread(block 73) failed [ 204.620918][T19234] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 204.630695][T19238] loop0: detected capacity change from 0 to 4096 [ 204.648641][T19234] EXT4-fs warning (device loop2): ext4_group_extend:1891: can't read last block, resize aborted [ 204.654371][T19238] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.688457][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.732657][T19247] loop4: detected capacity change from 0 to 8 [ 204.754429][T19249] loop2: detected capacity change from 0 to 1024 [ 204.761636][T19249] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 204.762706][ T3312] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.773382][T19249] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #11: comm syz.2.6864: iget: bogus i_mode (1) [ 204.793360][T19249] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.6864: couldn't read orphan inode 11 (err -117) [ 204.814634][T19249] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.838873][T19253] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6865'. [ 204.873186][T19249] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.978661][T19274] macvtap0: entered promiscuous mode [ 204.987874][T19276] loop2: detected capacity change from 0 to 512 [ 204.994257][T19274] macvtap0: left promiscuous mode [ 204.997706][T19276] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 205.013999][T19278] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 205.013999][T19278] program syz.0.6877 not setting count and/or reply_len properly [ 205.020178][T19276] EXT4-fs (loop2): 1 truncate cleaned up [ 205.048844][T19281] loop1: detected capacity change from 0 to 512 [ 205.051684][T19276] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.056682][T19281] EXT4-fs: Ignoring removed orlov option [ 205.073989][T19281] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 205.086463][T19281] EXT4-fs error (device loop1): ext4_iget_extra_inode:5075: inode #15: comm syz.1.6887: corrupted in-inode xattr: e_value size too large [ 205.100797][T19281] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.6887: couldn't read orphan inode 15 (err -117) [ 205.115607][T19281] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.159555][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.170367][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.583998][T19348] IPv6: NLM_F_CREATE should be specified when creating new route [ 205.643411][T19355] sock: sock_set_timeout: `syz.0.6909' (pid 19355) tries to set negative timeout [ 205.684755][T19359] netlink: 'syz.1.6912': attribute type 29 has an invalid length. [ 205.693957][T19359] netlink: 'syz.1.6912': attribute type 29 has an invalid length. [ 205.702785][T19359] netlink: 500 bytes leftover after parsing attributes in process `syz.1.6912'. [ 205.773135][T19370] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6918'. [ 205.775866][T19371] loop1: detected capacity change from 0 to 1024 [ 205.782617][T19370] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 205.790544][T19371] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 205.807393][T19371] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 205.818334][T19371] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 205.829310][T19371] JBD2: no valid journal superblock found [ 205.835127][T19371] EXT4-fs (loop1): Could not load journal inode [ 205.913618][T19383] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 205.932390][T19388] sd 0:0:1:0: device reset [ 206.008456][T19403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6935'. [ 206.050244][T19410] netlink: 'syz.4.6938': attribute type 19 has an invalid length. [ 206.058342][T19408] loop1: detected capacity change from 0 to 512 [ 206.058319][T19410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6938'. [ 206.090761][ T3454] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.099658][ T3454] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.108749][ T3454] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.117666][T19410] netlink: 'syz.4.6938': attribute type 19 has an invalid length. [ 206.125575][T19410] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6938'. [ 206.135007][ T3454] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 206.164304][T19408] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.183829][T19408] ext4 filesystem being mounted at /1230/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 206.249389][T19432] Falling back ldisc for ptm0. [ 206.278869][T19435] vhci_hcd: invalid port number 121 [ 206.284199][T19435] vhci_hcd: default hub control req: 4000 v0051 i0079 l0 [ 206.324725][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.406788][T19460] loop1: detected capacity change from 0 to 128 [ 206.577821][T19476] loop1: detected capacity change from 0 to 512 [ 206.677927][T19476] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.6967: inode has both inline data and extents flags [ 206.699094][T19476] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.6967: couldn't read orphan inode 15 (err -117) [ 206.712393][T19476] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.838385][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.938669][T19497] loop1: detected capacity change from 0 to 1024 [ 206.947503][T19497] __quota_error: 232 callbacks suppressed [ 206.947517][T19497] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5 [ 206.947551][T19497] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 206.947572][T19497] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.6976: Failed to acquire dquot type 0 [ 206.948072][T19497] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 206.948293][T19497] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.6976: corrupted inode contents [ 206.954094][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119f99600: rx timeout, send abort [ 207.018502][T19497] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #13: comm syz.1.6976: mark_inode_dirty error [ 207.018653][T19497] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.6976: corrupted inode contents [ 207.018780][T19497] EXT4-fs error (device loop1): __ext4_ext_dirty:206: inode #13: comm syz.1.6976: mark_inode_dirty error [ 207.018984][T19497] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.6976: corrupted inode contents [ 207.019102][T19497] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 207.019224][T19497] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #13: comm syz.1.6976: corrupted inode contents [ 207.019384][T19497] EXT4-fs error (device loop1): ext4_truncate:4637: inode #13: comm syz.1.6976: mark_inode_dirty error [ 207.097605][T19497] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 207.097955][T19497] EXT4-fs (loop1): 1 truncate cleaned up [ 207.098323][T19497] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.113377][ T29] audit: type=1326 audit(2000000052.950:8373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19496 comm="syz.1.6976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 207.161563][ T29] audit: type=1326 audit(2000000052.960:8374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19496 comm="syz.1.6976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 207.161783][ T29] audit: type=1326 audit(2000000052.960:8375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19496 comm="syz.1.6976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 207.212655][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.230647][T19500] netlink: 'syz.2.6978': attribute type 3 has an invalid length. [ 207.259470][ T29] audit: type=1326 audit(2000000053.100:8376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.2.6989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9205cf6c9 code=0x7ffc0000 [ 207.259549][ T29] audit: type=1326 audit(2000000053.100:8377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.2.6989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9205cf6c9 code=0x7ffc0000 [ 207.263681][ T29] audit: type=1326 audit(2000000053.100:8378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.2.6989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fa9205cf6c9 code=0x7ffc0000 [ 207.263716][ T29] audit: type=1326 audit(2000000053.100:8379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.2.6989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9205cf6c9 code=0x7ffc0000 [ 207.263748][ T29] audit: type=1326 audit(2000000053.100:8380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19503 comm="syz.2.6989" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9205cf6c9 code=0x7ffc0000 [ 207.448743][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119f99800: rx timeout, send abort [ 207.457456][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119f99600: abort rx timeout. Force session deactivation [ 207.887288][ T3454] tipc: Subscription rejected, illegal request [ 207.911816][T19547] sctp: [Deprecated]: syz.4.6998 (pid 19547) Use of int in max_burst socket option deprecated. [ 207.911816][T19547] Use struct sctp_assoc_value instead [ 207.948792][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119f99800: abort rx timeout. Force session deactivation [ 208.014063][T19553] Falling back ldisc for ttyS3. [ 208.062908][T19557] loop1: detected capacity change from 0 to 512 [ 208.069567][T19557] EXT4-fs: inline encryption not supported [ 208.076341][T19557] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 208.094452][T19557] EXT4-fs (loop1): 1 truncate cleaned up [ 208.103426][T19557] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.222128][T19566] C: renamed from team_slave_0 [ 208.256577][T19569] loop2: detected capacity change from 0 to 512 [ 208.292073][T19569] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.305679][T19569] ext4 filesystem being mounted at /1459/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 208.318938][ T3319] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.341496][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.400450][T19586] syzkaller1: entered promiscuous mode [ 208.406065][T19586] syzkaller1: entered allmulticast mode [ 208.443521][T19593] loop2: detected capacity change from 0 to 1024 [ 208.450703][T19593] EXT4-fs: Ignoring removed nobh option [ 208.469473][T19593] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.498779][T19593] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 369:freeing already freed block (bit 23); block bitmap corrupt. [ 208.537477][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.573662][T19608] loop2: detected capacity change from 0 to 2048 [ 208.585045][T19608] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.631220][T19608] EXT4-fs error (device loop2): ext4_find_extent:939: inode #2: comm syz.2.7023: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 208.663363][T19608] EXT4-fs (loop2): Remounting filesystem read-only [ 208.703532][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.715399][T19628] IPv6: Can't replace route, no match found [ 208.728545][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119f99400: rx timeout, send abort [ 208.803070][T19642] loop2: detected capacity change from 0 to 128 [ 208.815081][T19642] bio_check_eod: 21 callbacks suppressed [ 208.815100][T19642] syz.2.7039: attempt to access beyond end of device [ 208.815100][T19642] loop2: rw=2049, sector=154, nr_sectors = 6 limit=128 [ 208.836128][T19642] syz.2.7039: attempt to access beyond end of device [ 208.836128][T19642] loop2: rw=2049, sector=158, nr_sectors = 2 limit=128 [ 208.849639][T19642] buffer_io_error: 8 callbacks suppressed [ 208.849656][T19642] Buffer I/O error on dev loop2, logical block 79, lost async page write [ 208.866985][T19642] syz.2.7039: attempt to access beyond end of device [ 208.866985][T19642] loop2: rw=2049, sector=160, nr_sectors = 2 limit=128 [ 208.880535][T19642] Buffer I/O error on dev loop2, logical block 80, lost async page write [ 208.891186][T19642] syz.2.7039: attempt to access beyond end of device [ 208.891186][T19642] loop2: rw=2049, sector=162, nr_sectors = 6 limit=128 [ 208.905822][T19642] syz.2.7039: attempt to access beyond end of device [ 208.905822][T19642] loop2: rw=2049, sector=166, nr_sectors = 2 limit=128 [ 208.919348][T19642] Buffer I/O error on dev loop2, logical block 83, lost async page write [ 208.949788][T19642] syz.2.7039: attempt to access beyond end of device [ 208.949788][T19642] loop2: rw=2049, sector=168, nr_sectors = 2 limit=128 [ 208.963306][T19642] Buffer I/O error on dev loop2, logical block 84, lost async page write [ 208.984266][T19642] syz.2.7039: attempt to access beyond end of device [ 208.984266][T19642] loop2: rw=2049, sector=186, nr_sectors = 6 limit=128 [ 208.998525][T19642] syz.2.7039: attempt to access beyond end of device [ 208.998525][T19642] loop2: rw=2049, sector=190, nr_sectors = 2 limit=128 [ 209.012011][T19642] Buffer I/O error on dev loop2, logical block 95, lost async page write [ 209.020578][T19642] syz.2.7039: attempt to access beyond end of device [ 209.020578][T19642] loop2: rw=2049, sector=192, nr_sectors = 2 limit=128 [ 209.034082][T19642] Buffer I/O error on dev loop2, logical block 96, lost async page write [ 209.043010][T19642] syz.2.7039: attempt to access beyond end of device [ 209.043010][T19642] loop2: rw=2049, sector=194, nr_sectors = 6 limit=128 [ 209.057047][T19642] Buffer I/O error on dev loop2, logical block 99, lost async page write [ 209.065580][T19642] Buffer I/O error on dev loop2, logical block 100, lost async page write [ 209.076348][T19642] Buffer I/O error on dev loop2, logical block 111, lost async page write [ 209.084948][T19642] Buffer I/O error on dev loop2, logical block 112, lost async page write [ 209.236825][ C0] vcan0: j1939_tp_rxtimer: 0xffff888119f99400: abort rx timeout. Force session deactivation [ 209.272373][T19672] loop1: detected capacity change from 0 to 1024 [ 209.297187][T19672] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 209.321235][T19679] loop5: detected capacity change from 0 to 164 [ 209.333402][T19672] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 209.348274][T19679] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 209.348564][T19672] EXT4-fs (loop1): orphan cleanup on readonly fs [ 209.364586][T19672] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #3: block 3: comm syz.1.7050: lblock 3 mapped to illegal pblock 3 (length 1) [ 209.380265][T19672] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.7050: Failed to acquire dquot type 0 [ 209.393181][T19672] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 3: comm syz.1.7050: lblock 3 mapped to illegal pblock 3 (length 1) [ 209.397115][T19679] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 209.407915][T19672] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.7050: Failed to acquire dquot type 0 [ 209.427208][T19672] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.7050: Freeing blocks not in datazone - block = 0, count = 4096 [ 209.441087][T19672] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #3: block 3: comm syz.1.7050: lblock 3 mapped to illegal pblock 3 (length 1) [ 209.456204][T19672] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.7050: Failed to acquire dquot type 0 [ 209.467721][T19672] EXT4-fs (loop1): 1 orphan inode deleted [ 209.473564][T19679] Symlink component flag not implemented [ 209.479259][T19679] Symlink component flag not implemented [ 209.485031][T19679] Symlink component flag not implemented (7) [ 209.491099][T19679] Symlink component flag not implemented (116) [ 209.607303][T19697] loop5: detected capacity change from 0 to 128 [ 209.723088][T19713] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22 [ 209.731417][T19713] netdevsim netdevsim5: Direct firmware load for . failed with error -22 [ 209.760130][T19715] loop5: detected capacity change from 0 to 1024 [ 209.770576][T19715] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 209.930698][T19735] SELinux: failed to load policy [ 210.016824][T19745] vhci_hcd: default hub control req: 8013 v0000 i0000 l31125 [ 210.449240][T19766] loop2: detected capacity change from 0 to 512 [ 210.465543][T19766] ext4 filesystem being mounted at /1472/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 210.507960][T19766] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 3: comm syz.2.7095: path (unknown): bad entry in directory: directory entry overrun - offset=0, inode=2, rec_len=2060, size=2048 fake=1 [ 210.550230][T19766] EXT4-fs (loop2): Remounting filesystem read-only [ 210.584878][T19776] __nla_validate_parse: 7 callbacks suppressed [ 210.584896][T19776] netlink: 256 bytes leftover after parsing attributes in process `syz.0.7098'. [ 210.903327][T19789] netlink: 64 bytes leftover after parsing attributes in process `syz.5.7102'. [ 210.996225][T19799] program syz.5.7109 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.110096][ C1] vxcan1: j1939_tp_rxtimer: 0xffff888119a67800: rx timeout, send abort [ 211.118555][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888119a67800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 211.367261][T19838] loop5: detected capacity change from 0 to 256 [ 211.381066][T19838] FAT-fs (loop5): Directory bread(block 64) failed [ 211.387842][T19838] FAT-fs (loop5): Directory bread(block 65) failed [ 211.394433][T19838] FAT-fs (loop5): Directory bread(block 66) failed [ 211.400960][T19838] FAT-fs (loop5): Directory bread(block 67) failed [ 211.407526][T19838] FAT-fs (loop5): Directory bread(block 68) failed [ 211.414085][T19838] FAT-fs (loop5): Directory bread(block 69) failed [ 211.420813][T19838] FAT-fs (loop5): Directory bread(block 70) failed [ 211.427424][T19838] FAT-fs (loop5): Directory bread(block 71) failed [ 211.434132][T19838] FAT-fs (loop5): Directory bread(block 72) failed [ 211.440662][T19838] FAT-fs (loop5): Directory bread(block 73) failed [ 211.480962][T19846] loop2: detected capacity change from 0 to 512 [ 211.511754][T19846] ext4 filesystem being mounted at /1474/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.643396][T19867] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7137'. [ 211.664933][T19869] 0X: left allmulticast mode [ 211.686252][T19869] sit1: left allmulticast mode [ 211.691332][T19869] hsr1: left promiscuous mode [ 211.696246][T19869] hsr1: left allmulticast mode [ 211.701025][T19869] bond0: left allmulticast mode [ 211.706065][T19869] bond_slave_0: left allmulticast mode [ 211.711576][T19869] bond_slave_1: left allmulticast mode [ 211.725395][T19869] dummy0: left allmulticast mode [ 211.730659][T19869] ip6gre1: left promiscuous mode [ 211.990056][ T29] kauditd_printk_skb: 212 callbacks suppressed [ 211.990070][ T29] audit: type=1326 audit(2000000057.830:8588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.020153][ T29] audit: type=1326 audit(2000000057.830:8589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.043963][ T29] audit: type=1326 audit(2000000057.830:8590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.072035][ T29] audit: type=1326 audit(2000000057.830:8591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.095716][ T29] audit: type=1326 audit(2000000057.830:8592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.119320][ T29] audit: type=1326 audit(2000000057.830:8593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.142888][ T29] audit: type=1326 audit(2000000057.850:8594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19900 comm="syz.4.7164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 212.386196][ T29] audit: type=1400 audit(2000000058.230:8595): avc: denied { relabelfrom } for pid=19926 comm="syz.1.7169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 212.406259][ T29] audit: type=1400 audit(2000000058.230:8596): avc: denied { relabelto } for pid=19926 comm="syz.1.7169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 212.541829][T19934] netdevsim netdevsim5: Direct firmware load for r failed with error -2 [ 212.603881][ T29] audit: type=1326 audit(2000000058.450:8597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19940 comm="syz.1.7176" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 212.792611][T19952] hub 9-0:1.0: USB hub found [ 212.810215][T19952] hub 9-0:1.0: 8 ports detected [ 212.816904][T19956] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7179'. [ 212.869639][T19958] loop5: detected capacity change from 0 to 512 [ 212.962168][T19958] EXT4-fs error (device loop5): ext4_xattr_inode_iget:446: comm syz.5.7184: error while reading EA inode 32 err=-116 [ 212.987992][T19958] EXT4-fs (loop5): Remounting filesystem read-only [ 212.994714][T19958] EXT4-fs warning (device loop5): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 213.005268][T19958] EXT4-fs (loop5): 1 orphan inode deleted [ 213.457712][T20022] loop2: detected capacity change from 0 to 512 [ 213.544320][T20022] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 213.574760][T20022] EXT4-fs (loop2): 1 truncate cleaned up [ 213.597865][T20029] netlink: 148 bytes leftover after parsing attributes in process `syz.0.7215'. [ 213.614201][T20015] loop5: detected capacity change from 0 to 32768 [ 213.639629][T20033] netlink: 'syz.4.7216': attribute type 4 has an invalid length. [ 213.655629][T20015] loop5: p1 p3 < > [ 213.681896][T20033] netlink: 'syz.4.7216': attribute type 4 has an invalid length. [ 213.907567][T20072] loop5: detected capacity change from 0 to 128 [ 213.931107][T20079] loop9: detected capacity change from 0 to 7 [ 213.938712][T20076] vhci_hcd: invalid port number 23 [ 213.946205][T20079] buffer_io_error: 18 callbacks suppressed [ 213.946221][T20079] Buffer I/O error on dev loop9, logical block 0, async page read [ 213.960748][T20072] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 213.968762][T20072] FAT-fs (loop5): Filesystem has been set read-only [ 213.989409][T20079] Buffer I/O error on dev loop9, logical block 0, async page read [ 213.997354][T20079] loop9: unable to read partition table [ 214.007611][T20072] bio_check_eod: 32 callbacks suppressed [ 214.007674][T20072] syz.5.7233: attempt to access beyond end of device [ 214.007674][T20072] loop5: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 214.027900][T20079] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 214.027900][T20079] ) failed (rc=-5) [ 214.041456][T20072] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 214.049402][T20072] FAT-fs (loop5): error, invalid access to FAT (entry 0x00000100) [ 214.114150][T20072] syz.5.7233: attempt to access beyond end of device [ 214.114150][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.114218][T20072] syz.5.7233: attempt to access beyond end of device [ 214.114218][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.114266][T20072] syz.5.7233: attempt to access beyond end of device [ 214.114266][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.114320][T20072] syz.5.7233: attempt to access beyond end of device [ 214.114320][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.131309][T20072] syz.5.7233: attempt to access beyond end of device [ 214.131309][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.131507][T20072] syz.5.7233: attempt to access beyond end of device [ 214.131507][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.131550][T20072] syz.5.7233: attempt to access beyond end of device [ 214.131550][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.131651][T20072] syz.5.7233: attempt to access beyond end of device [ 214.131651][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.131705][T20072] syz.5.7233: attempt to access beyond end of device [ 214.131705][T20072] loop5: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 214.808675][T20113] netlink: 96 bytes leftover after parsing attributes in process `syz.1.7250'. [ 215.501052][T20207] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 215.559387][ T3454] Bluetooth: hci0: Frame reassembly failed (-84) [ 215.689687][T20231] loop2: detected capacity change from 0 to 1024 [ 215.704281][T20231] EXT4-fs: Ignoring removed orlov option [ 215.712825][T20231] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 215.783773][T20238] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7310'. [ 215.825532][T20239] vlan0: entered allmulticast mode [ 215.872349][T20249] loop2: detected capacity change from 0 to 764 [ 215.879964][T20249] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 215.891325][T20249] Symlink component flag not implemented [ 215.898846][T20249] Symlink component flag not implemented (7) [ 215.988487][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 215.996238][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.003792][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.013242][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.020733][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.028258][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.035794][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.043244][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.050717][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.058251][ T36] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 216.068102][ T36] hid-generic 0000:0000:0000.000B: hidraw0: HID v8.00 Device [syz0] on syz0 [ 216.100273][T20272] loop2: detected capacity change from 0 to 512 [ 216.130963][T20272] ext4 filesystem being mounted at /1522/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 216.383457][ T3389] kernel write not supported for file bpf-prog (pid: 3389 comm: kworker/1:3) [ 216.573782][ T9] page_pool_release_retry() stalled pool shutdown: id 75, 1 inflight 60 sec [ 216.884316][ T9] page_pool_release_retry() stalled pool shutdown: id 76, 1 inflight 60 sec [ 216.917265][T20331] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7352'. [ 216.926521][T20331] netem: change failed [ 217.128213][T20340] loop2: detected capacity change from 0 to 128 [ 217.144747][ T29] kauditd_printk_skb: 222 callbacks suppressed [ 217.144765][ T29] audit: type=1400 audit(2000000062.990:8820): avc: denied { mount } for pid=20339 comm="syz.2.7356" name="/" dev="loop2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 217.243769][ T29] audit: type=1400 audit(2000000063.080:8821): avc: denied { setopt } for pid=20341 comm="syz.4.7369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 217.326854][ T29] audit: type=1400 audit(2000000063.170:8822): avc: denied { create } for pid=20349 comm="syz.1.7360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 217.358976][ T29] audit: type=1400 audit(2000000063.190:8823): avc: denied { write } for pid=20349 comm="syz.1.7360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 217.380243][ T29] audit: type=1400 audit(2000000063.190:8824): avc: denied { getopt } for pid=20344 comm="syz.0.7357" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 217.400529][ T29] audit: type=1400 audit(2000000063.210:8825): avc: denied { unmount } for pid=3317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 217.428089][ T29] audit: type=1400 audit(2000000063.270:8826): avc: denied { ioctl } for pid=20354 comm="syz.2.7362" path="socket:[54121]" dev="sockfs" ino=54121 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 217.453496][T20355] netlink: 'syz.2.7362': attribute type 12 has an invalid length. [ 217.458132][T20353] SELinux: failed to load policy [ 217.461432][T20355] netlink: 'syz.2.7362': attribute type 29 has an invalid length. [ 217.474250][T20355] netlink: 148 bytes leftover after parsing attributes in process `syz.2.7362'. [ 217.483403][T20355] netlink: 'syz.2.7362': attribute type 2 has an invalid length. [ 217.491318][T20355] netlink: 'syz.2.7362': attribute type 3 has an invalid length. [ 217.499296][T20355] netlink: 7 bytes leftover after parsing attributes in process `syz.2.7362'. [ 217.508543][ T29] audit: type=1400 audit(2000000063.300:8827): avc: denied { load_policy } for pid=20352 comm="syz.1.7361" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 217.545943][ T29] audit: type=1400 audit(2000000063.390:8828): avc: denied { setopt } for pid=20358 comm="syz.1.7364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 217.570707][ T29] audit: type=1400 audit(2000000063.410:8829): avc: denied { setcheckreqprot } for pid=20360 comm="syz.2.7365" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 217.604340][ T3669] Bluetooth: hci0: command 0x1003 tx timeout [ 217.605786][T15218] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 217.703254][T20380] loop2: detected capacity change from 0 to 512 [ 217.777788][T20385] vcan0 speed is unknown, defaulting to 1000 [ 217.795118][T20387] loop5: detected capacity change from 0 to 512 [ 217.838157][T20387] EXT4-fs (loop5): 1 orphan inode deleted [ 217.844090][ T9] page_pool_release_retry() stalled pool shutdown: id 79, 1 inflight 60 sec [ 217.860387][T11506] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:29: Failed to release dquot type 1 [ 217.902148][T20387] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.053970][T20404] SELinux: failed to load policy [ 218.157305][T20410] SELinux: failed to load policy [ 218.247581][T20424] loop2: detected capacity change from 0 to 4096 [ 218.260668][T20428] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7395'. [ 218.464922][T20443] loop4: detected capacity change from 0 to 8 [ 219.180495][T20494] xt_CT: You must specify a L4 protocol and not use inversions on it [ 219.354975][T20511] macvtap0: entered promiscuous mode [ 219.361122][T20511] macvtap0: left promiscuous mode [ 219.373098][T20513] netlink: 60 bytes leftover after parsing attributes in process `syz.5.7432'. [ 219.382228][T20513] IPVS: Unknown mcast interface: [ 219.405041][T20515] loop5: detected capacity change from 0 to 512 [ 219.411692][T20515] EXT4-fs: Ignoring removed bh option [ 219.425576][T20515] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 219.471686][T20522] vhci_hcd: invalid port number 23 [ 219.574093][ T9] hid-generic 0000:3000000:0000.000C: hidraw0: HID v0.00 Device [sy] on syz0 [ 219.834097][T20559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.843288][T20559] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.934146][T20570] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7456'. [ 220.298155][T20594] sch_tbf: peakrate 7 is lower than or equals to rate 11 ! [ 220.473886][T20616] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 220.565264][T20641] netlink: 'syz.4.7488': attribute type 3 has an invalid length. [ 220.573116][T20641] netlink: 132 bytes leftover after parsing attributes in process `syz.4.7488'. [ 220.883803][ T3669] Bluetooth: hci0: command 0x1003 tx timeout [ 220.889883][T15218] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 221.351397][T20712] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 221.454091][T20716] Falling back ldisc for ttyS3. [ 221.555427][T20729] loop5: detected capacity change from 0 to 1024 [ 221.618591][T20735] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 221.646942][T20735] vlan2: entered allmulticast mode [ 221.735881][T20738] gretap0: Device is already in use. [ 221.744553][T20738] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.752205][T20738] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 221.760386][T20738] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 221.767845][T20738] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 221.798831][T20739] netlink: 'syz.4.7529': attribute type 32 has an invalid length. [ 221.806719][T20739] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7529'. [ 221.821794][T20739] bond0: option coupled_control: invalid value (11) [ 221.829882][T20739] bond0 (unregistering): Released all slaves [ 221.847447][T20733] loop5: detected capacity change from 0 to 8192 [ 221.947792][T20744] sctp: [Deprecated]: syz.2.7530 (pid 20744) Use of int in max_burst socket option deprecated. [ 221.947792][T20744] Use struct sctp_assoc_value instead [ 222.159779][ T29] kauditd_printk_skb: 412 callbacks suppressed [ 222.159795][ T29] audit: type=1326 audit(2000000068.000:9241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.193796][ T29] audit: type=1326 audit(2000000068.000:9242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.217406][ T29] audit: type=1326 audit(2000000068.020:9243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.240844][ T29] audit: type=1326 audit(2000000068.020:9244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.264647][ T29] audit: type=1326 audit(2000000068.020:9245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.288271][ T29] audit: type=1326 audit(2000000068.020:9246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.311923][ T29] audit: type=1326 audit(2000000068.020:9247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.335443][ T29] audit: type=1326 audit(2000000068.020:9248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.358893][ T29] audit: type=1326 audit(2000000068.020:9249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.382434][ T29] audit: type=1326 audit(2000000068.020:9250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20749 comm="syz.1.7532" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 222.747674][T20756] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7534'. [ 222.800254][T20758] rdma_rxe: rxe_newlink: failed to add lo [ 223.105359][T20790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7547'. [ 223.128944][T20790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7547'. [ 223.178334][T20790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7547'. [ 223.671043][T20822] loop5: detected capacity change from 0 to 8192 [ 224.151202][T20846] vhci_hcd: invalid port number 96 [ 224.156474][T20846] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 224.216737][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 224.247093][T20852] netlink: 'syz.4.7573': attribute type 1 has an invalid length. [ 224.315209][T20858] x_tables: unsorted underflow at hook 2 [ 225.771297][T20904] SELinux: failed to load policy [ 225.865486][T20927] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 225.917709][T20942] netlink: 'syz.1.7609': attribute type 1 has an invalid length. [ 226.696688][T20972] loop2: detected capacity change from 0 to 128 [ 226.718804][T20972] FAT-fs (loop2): Directory bread(block 162) failed [ 226.726030][T20972] FAT-fs (loop2): Directory bread(block 163) failed [ 226.732781][T20972] FAT-fs (loop2): Directory bread(block 164) failed [ 226.739571][T20972] FAT-fs (loop2): Directory bread(block 165) failed [ 226.746306][T20972] FAT-fs (loop2): Directory bread(block 166) failed [ 226.752995][T20972] FAT-fs (loop2): Directory bread(block 167) failed [ 226.759833][T20972] FAT-fs (loop2): Directory bread(block 168) failed [ 226.766692][T20972] FAT-fs (loop2): Directory bread(block 169) failed [ 226.774780][T20972] FAT-fs (loop2): Directory bread(block 162) failed [ 226.781408][T20972] FAT-fs (loop2): Directory bread(block 163) failed [ 226.788646][T20972] bio_check_eod: 19033 callbacks suppressed [ 226.788663][T20972] syz.2.7621: attempt to access beyond end of device [ 226.788663][T20972] loop2: rw=3, sector=226, nr_sectors = 6 limit=128 [ 226.808109][T20972] syz.2.7621: attempt to access beyond end of device [ 226.808109][T20972] loop2: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 226.830615][T20979] vcan0 speed is unknown, defaulting to 1000 [ 226.904464][T20988] program syz.1.7628 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.952435][T20992] loop5: detected capacity change from 0 to 512 [ 227.019708][T20997] loop2: detected capacity change from 0 to 2048 [ 227.048781][T20992] EXT4-fs mount: 24 callbacks suppressed [ 227.048801][T20992] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 227.075698][T20992] ext4 filesystem being mounted at /131/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 227.087797][T20997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.146305][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.164487][ T29] kauditd_printk_skb: 435 callbacks suppressed [ 227.164505][ T29] audit: type=1326 audit(2000000073.010:9686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21016 comm="syz.0.7649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.208145][ T29] audit: type=1326 audit(2000000073.040:9687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21016 comm="syz.0.7649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.231814][ T29] audit: type=1326 audit(2000000073.040:9688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21016 comm="syz.0.7649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.255314][ T29] audit: type=1326 audit(2000000073.040:9689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21016 comm="syz.0.7649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.307633][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.378460][ T29] audit: type=1400 audit(2000000073.220:9690): avc: denied { append } for pid=21026 comm="syz.5.7643" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 227.414371][ T29] audit: type=1326 audit(2000000073.250:9691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20994 comm="syz.1.7642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 227.450547][ T29] audit: type=1326 audit(2000000073.280:9692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20994 comm="syz.1.7642" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 227.566528][T21044] netdevsim netdevsim5: Direct firmware load for r failed with error -2 [ 227.615028][T21050] vhci_hcd: invalid port number 96 [ 227.620248][T21050] vhci_hcd: default hub control req: 2000 vfffc i0060 l7 [ 227.662523][ T29] audit: type=1326 audit(2000000073.490:9693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21052 comm="syz.0.7657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.686229][ T29] audit: type=1326 audit(2000000073.490:9694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21052 comm="syz.0.7657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.697541][T21057] loop2: detected capacity change from 0 to 512 [ 227.709770][ T29] audit: type=1326 audit(2000000073.490:9695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21052 comm="syz.0.7657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7ff6b9e1f6c9 code=0x7ffc0000 [ 227.745391][T21057] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 227.760990][T21057] loop2: detected capacity change from 0 to 128 [ 227.840548][T21048] loop5: detected capacity change from 0 to 8192 [ 228.350593][T21092] 9pnet_fd: Insufficient options for proto=fd [ 228.441073][T21102] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=21102 comm=syz.2.7678 [ 228.453782][T21102] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=21102 comm=syz.2.7678 [ 228.675237][T21112] loop2: detected capacity change from 0 to 512 [ 228.682797][T21112] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 228.696986][T21112] loop2: detected capacity change from 0 to 128 [ 228.733371][T21114] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7685'. [ 229.029287][T21150] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.7702'. [ 229.269979][T21144] loop5: detected capacity change from 0 to 8192 [ 229.741159][T11510] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x6 [ 229.925312][T21199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7732'. [ 229.979350][T21203] loop2: detected capacity change from 0 to 1024 [ 230.002881][T21203] EXT4-fs: Ignoring removed orlov option [ 230.043501][T21203] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.111612][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.387873][T21244] netlink: 'syz.0.7744': attribute type 4 has an invalid length. [ 230.410605][T21244] netlink: 'syz.0.7744': attribute type 4 has an invalid length. [ 230.651101][T21246] loop5: detected capacity change from 0 to 8192 [ 231.015970][T21279] loop2: detected capacity change from 0 to 1024 [ 231.022741][T21279] EXT4-fs: Ignoring removed mblk_io_submit option [ 231.061818][T21279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.134102][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.188951][T21294] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 231.230043][T21298] can0: slcan on ptm0. [ 231.261243][T21302] netlink: 96 bytes leftover after parsing attributes in process `syz.4.7770'. [ 231.303857][T21298] can0 (unregistered): slcan off ptm0. [ 232.083048][T21351] loop5: detected capacity change from 0 to 512 [ 232.093824][T21351] EXT4-fs (loop5): 1 truncate cleaned up [ 232.099982][T21351] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 232.128000][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.229258][T21362] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7796'. [ 232.341899][ T29] kauditd_printk_skb: 537 callbacks suppressed [ 232.341913][ T29] audit: type=1326 audit(2000000078.180:10233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.373022][ T29] audit: type=1326 audit(2000000078.180:10234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.396755][ T29] audit: type=1326 audit(2000000078.190:10235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.420416][ T29] audit: type=1326 audit(2000000078.190:10236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.444065][ T29] audit: type=1326 audit(2000000078.190:10237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.467651][ T29] audit: type=1326 audit(2000000078.190:10238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.491391][ T29] audit: type=1326 audit(2000000078.190:10239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.514814][ T29] audit: type=1326 audit(2000000078.190:10240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.538411][ T29] audit: type=1326 audit(2000000078.190:10241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7bb77bf6c9 code=0x7ffc0000 [ 232.538573][T21365] loop5: detected capacity change from 0 to 8192 [ 232.562070][ T29] audit: type=1326 audit(2000000078.190:10242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21368 comm="syz.4.7799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f7bb77bf703 code=0x7ffc0000 [ 232.641973][T21371] netlink: 'syz.2.7802': attribute type 12 has an invalid length. [ 232.941357][T11510] nci: nci_ntf_packet: unknown ntf opcode 0x127 [ 233.755528][T21406] netlink: 'syz.5.7813': attribute type 12 has an invalid length. [ 233.799428][T21413] ip6erspan0: entered promiscuous mode [ 233.850679][T21420] loop2: detected capacity change from 0 to 512 [ 233.858555][T21420] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 233.878463][T21420] loop2: detected capacity change from 0 to 128 [ 234.117078][T21442] loop5: detected capacity change from 0 to 512 [ 234.124530][T21442] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 234.154400][T21442] loop5: detected capacity change from 0 to 128 [ 234.764998][T21465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.773550][T21465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.866960][T21477] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7844'. [ 234.866982][T21477] netem: change failed [ 235.009752][T21489] loop5: detected capacity change from 0 to 512 [ 235.016851][T21489] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 235.026909][T21489] loop5: detected capacity change from 0 to 128 [ 235.363090][T21495] loop2: detected capacity change from 0 to 512 [ 235.371283][T21495] EXT4-fs error (device loop2): ext4_iget_extra_inode:5075: inode #15: comm syz.2.7854: corrupted in-inode xattr: e_value size too large [ 235.385942][T21495] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.7854: couldn't read orphan inode 15 (err -117) [ 235.398414][T21495] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.415629][T21499] loop9: detected capacity change from 0 to 7 [ 235.422096][T21499] Buffer I/O error on dev loop9, logical block 0, async page read [ 235.439775][T21499] Buffer I/O error on dev loop9, logical block 0, async page read [ 235.447708][T21499] loop9: unable to read partition table [ 235.457958][T21499] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 235.457958][T21499] ) failed (rc=-5) [ 235.532030][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.612551][T21505] SELinux: failed to load policy [ 235.925112][T21516] loop5: detected capacity change from 0 to 8192 [ 235.989709][T21538] smc: net device bond0 erased user defined pnetid SYZ0 [ 235.996909][T21538] smc: ib device syz2 ibport 1 erased user defined pnetid S [ 236.538048][T21551] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 236.682963][T11514] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 237.079146][T21595] loop5: detected capacity change from 0 to 512 [ 237.086379][T21595] EXT4-fs: Ignoring removed i_version option [ 237.095641][T21595] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 237.108518][T21595] ext4 filesystem being mounted at /169/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 237.167289][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.458928][T21607] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7898'. [ 237.501451][ T29] kauditd_printk_skb: 802 callbacks suppressed [ 237.501471][ T29] audit: type=1326 audit(2000000083.340:11045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.558099][ T29] audit: type=1326 audit(2000000083.340:11046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.581846][ T29] audit: type=1326 audit(2000000083.340:11047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.605642][ T29] audit: type=1326 audit(2000000083.340:11048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.629299][ T29] audit: type=1326 audit(2000000083.340:11049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.652903][ T29] audit: type=1326 audit(2000000083.360:11050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.676577][ T29] audit: type=1326 audit(2000000083.360:11051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.700320][ T29] audit: type=1326 audit(2000000083.380:11052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.724015][ T29] audit: type=1326 audit(2000000083.380:11053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.747529][ T29] audit: type=1326 audit(2000000083.380:11054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21610 comm="syz.1.7901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f30fdf3f6c9 code=0x7ffc0000 [ 237.978537][ T3377] hid_parser_main: 24 callbacks suppressed [ 237.978559][ T3377] hid-generic 0000:3000000:0000.000D: unknown main item tag 0x4 [ 237.992196][ T3377] hid-generic 0000:3000000:0000.000D: unknown main item tag 0x2 [ 238.000174][ T3377] hid-generic 0000:3000000:0000.000D: unknown main item tag 0x3 [ 238.010222][ T3377] hid-generic 0000:3000000:0000.000D: hidraw0: HID v0.00 Device [sy] on syz0 [ 238.019328][T21622] loop5: detected capacity change from 0 to 8192 [ 238.101250][T21629] loop2: detected capacity change from 0 to 8192 [ 238.589007][T21683] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 238.668214][T21688] netlink: 'syz.0.7932': attribute type 19 has an invalid length. [ 238.676220][T21688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7932'. [ 238.689694][T21688] netlink: 'syz.0.7932': attribute type 19 has an invalid length. [ 238.690056][ T3454] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.697848][T21688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7932'. [ 238.727459][T11514] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.735976][T11514] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 238.744495][T11514] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 239.086532][T21716] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7947'. [ 239.181536][T21727] loop5: detected capacity change from 0 to 1024 [ 239.213703][T21718] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 239.224309][T21727] EXT4-fs error (device loop5): ext4_acquire_dquot:6945: comm syz.5.7950: Failed to acquire dquot type 0 [ 239.251806][T21727] EXT4-fs error (device loop5): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 239.299813][T21727] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #13: comm syz.5.7950: corrupted inode contents [ 239.314102][T21727] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #13: comm syz.5.7950: mark_inode_dirty error [ 239.377745][T21741] netlink: 332 bytes leftover after parsing attributes in process `syz.1.7957'. [ 239.389784][T21727] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #13: comm syz.5.7950: corrupted inode contents [ 239.446372][T21727] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #13: comm syz.5.7950: mark_inode_dirty error [ 239.476112][T21727] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #13: comm syz.5.7950: corrupted inode contents [ 239.488548][T21727] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem [ 239.504463][T21727] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #13: comm syz.5.7950: corrupted inode contents [ 239.521794][T21727] EXT4-fs error (device loop5): ext4_truncate:4637: inode #13: comm syz.5.7950: mark_inode_dirty error [ 239.536237][T21727] EXT4-fs error (device loop5) in ext4_process_orphan:343: Corrupt filesystem [ 239.545899][T21727] EXT4-fs (loop5): 1 truncate cleaned up [ 239.552117][T21727] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.592965][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.614462][T21759] netlink: 'syz.1.7973': attribute type 16 has an invalid length. [ 239.622345][T21759] netlink: 156 bytes leftover after parsing attributes in process `syz.1.7973'. [ 239.773961][T21776] loop5: detected capacity change from 0 to 512 [ 239.806962][T21776] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.819621][T21776] ext4 filesystem being mounted at /180/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 239.833478][T21776] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.7970: corrupted inode contents [ 239.846265][T21776] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.7970: mark_inode_dirty error [ 239.861686][T21776] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.7970: corrupted inode contents [ 239.877283][T21776] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.7970: corrupted inode contents [ 239.889374][T21776] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.7970: mark_inode_dirty error [ 239.901435][T21776] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.7970: corrupted inode contents [ 239.913848][T21776] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.7970: mark_inode_dirty error [ 239.925482][T21776] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #2: comm syz.5.7970: corrupted inode contents [ 239.937539][T21776] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #2: comm syz.5.7970: mark_inode_dirty error [ 239.956528][T21790] loop2: detected capacity change from 0 to 512 [ 239.963781][T21790] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 239.964653][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.978875][T21790] loop2: detected capacity change from 0 to 128 [ 240.033438][T21796] loop5: detected capacity change from 0 to 512 [ 240.040762][T21796] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 240.055583][T21796] loop5: detected capacity change from 0 to 128 [ 240.954917][T21863] loop2: detected capacity change from 0 to 8192 [ 241.265514][T21871] loop5: detected capacity change from 0 to 512 [ 241.272246][T21871] EXT4-fs: inline encryption not supported [ 241.292719][T21871] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 241.305420][T21871] EXT4-fs (loop5): 1 truncate cleaned up [ 241.311562][T21871] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.413804][T18975] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.451183][T21888] netlink: 'syz.5.8016': attribute type 1 has an invalid length. [ 241.655327][T21914] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21914 comm=syz.1.8031 [ 241.745139][T21921] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 241.755269][T21922] sch_tbf: peakrate 7 is lower than or equals to rate 7 ! [ 241.808565][T21926] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8037'. [ 241.817834][T21926] netem: change failed [ 241.876409][T21930] loop5: detected capacity change from 0 to 128 [ 241.895174][T21930] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 241.907733][T21930] ext4 filesystem being mounted at /196/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 241.958356][T18975] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 242.022664][T21941] netlink: 'syz.0.8043': attribute type 1 has an invalid length. [ 242.096423][T21949] ip6erspan0: entered promiscuous mode [ 242.131017][T21954] netlink: 256 bytes leftover after parsing attributes in process `syz.5.8049'. [ 242.145723][T21956] vhci_hcd: invalid port number 96 [ 242.150898][T21956] vhci_hcd: default hub control req: 0300 vfffa i0060 l0 [ 242.301108][T21985] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=21985 comm=syz.2.8063 [ 242.353562][T21993] loop5: detected capacity change from 0 to 164 [ 242.362335][T21993] Unable to read rock-ridge attributes [ 242.374444][T21993] Unable to read rock-ridge attributes [ 242.606557][T22017] loop2: detected capacity change from 0 to 1024 [ 242.616589][T22017] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 242.647679][ T3317] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.660619][T22020] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.667918][T22020] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.708688][T22020] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.719100][T22020] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.754696][T11492] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.763779][T11492] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.772723][T11492] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.781996][T11492] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.896504][T22027] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 242.911471][T22027] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 242.912065][ T29] kauditd_printk_skb: 833 callbacks suppressed [ 242.912082][ T29] audit: type=1326 audit(2000000088.760:11886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 242.953152][T22023] loop2: detected capacity change from 0 to 8192 [ 242.963682][T22028] loop5: detected capacity change from 0 to 512 [ 242.971201][T22028] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities [ 242.979954][ T29] audit: type=1326 audit(2000000088.790:11887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.003751][ T29] audit: type=1326 audit(2000000088.790:11888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.027365][ T29] audit: type=1326 audit(2000000088.790:11889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.051442][ T29] audit: type=1326 audit(2000000088.790:11890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.075269][ T29] audit: type=1326 audit(2000000088.790:11891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.099004][ T29] audit: type=1326 audit(2000000088.790:11892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.123158][ T29] audit: type=1326 audit(2000000088.790:11893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.146631][ T29] audit: type=1326 audit(2000000088.790:11894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.170278][ T29] audit: type=1326 audit(2000000088.810:11895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22024 comm="syz.5.8092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0d7ed2f6c9 code=0x7ffc0000 [ 243.199170][T22028] loop5: detected capacity change from 0 to 128 [ 243.775952][T22070] loop5: detected capacity change from 0 to 512 [ 243.793008][T22070] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 243.803713][T22070] EXT4-fs (loop5): orphan cleanup on readonly fs [ 243.811579][T22070] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.8099: corrupted inode contents [ 243.835120][T22070] EXT4-fs error (device loop5): ext4_dirty_inode:6517: inode #16: comm syz.5.8099: mark_inode_dirty error [ 243.846855][T22070] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.8099: corrupted inode contents [ 243.859900][T22070] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #16: comm syz.5.8099: mark_inode_dirty error [ 243.871719][T22070] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.8099: corrupted inode contents [ 243.884088][T22070] EXT4-fs error (device loop5) in ext4_orphan_del:301: Corrupt filesystem [ 243.892876][T22070] EXT4-fs error (device loop5): ext4_do_update_inode:5632: inode #16: comm syz.5.8099: corrupted inode contents [ 243.905339][T22070] EXT4-fs error (device loop5): ext4_truncate:4637: inode #16: comm syz.5.8099: mark_inode_dirty error [ 243.916663][T22070] EXT4-fs error (device loop5) in ext4_process_orphan:343: Corrupt filesystem [ 243.926679][T22070] EXT4-fs (loop5): 1 truncate cleaned up [ 243.932779][T11506] EXT4-fs error (device loop5): ext4_release_dquot:6981: comm kworker/u8:29: Failed to release dquot type 1 [ 243.946280][T22070] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 243.959593][T22070] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.001622][T22078] sch_tbf: peakrate 7 is lower than or equals to rate 7 ! [ 244.170614][T22090] loop2: detected capacity change from 0 to 128 [ 244.233291][T22096] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8111'. [ 244.255015][T22100] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8112'. [ 244.413488][T22113] IPVS: wrr: FWM 3 0x00000003 - no destination available: all destinations are overloaded [ 244.473664][T22090] ================================================================== [ 244.481816][T22090] BUG: KCSAN: data-race in __mark_inode_dirty / __writeback_single_inode [ 244.490439][T22090] [ 244.492787][T22090] read-write to 0xffff88811a4b1628 of 4 bytes by task 22103 on cpu 1: [ 244.500972][T22090] __writeback_single_inode+0x1e3/0x7c0 [ 244.506551][T22090] writeback_single_inode+0x16d/0x3f0 [ 244.511970][T22090] sync_inode_metadata+0x5b/0x90 [ 244.516949][T22090] __generic_file_fsync+0xf8/0x140 [ 244.522080][T22090] fat_file_fsync+0x49/0x100 [ 244.526725][T22090] vfs_fsync_range+0x10d/0x130 [ 244.531524][T22090] generic_file_write_iter+0x1b8/0x2f0 [ 244.537024][T22090] iter_file_splice_write+0x666/0xa60 [ 244.542433][T22090] direct_splice_actor+0x156/0x2a0 [ 244.547574][T22090] splice_direct_to_actor+0x312/0x680 [ 244.552974][T22090] do_splice_direct+0xda/0x150 [ 244.557766][T22090] do_sendfile+0x380/0x650 [ 244.562224][T22090] __x64_sys_sendfile64+0x105/0x150 [ 244.567455][T22090] x64_sys_call+0x2bb4/0x3000 [ 244.572164][T22090] do_syscall_64+0xd2/0x200 [ 244.576690][T22090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.582616][T22090] [ 244.584952][T22090] read to 0xffff88811a4b1628 of 4 bytes by task 22090 on cpu 0: [ 244.592597][T22090] __mark_inode_dirty+0x55/0x750 [ 244.595719][T22103] syz.2.8107: attempt to access beyond end of device [ 244.595719][T22103] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 244.597570][T22090] fat_update_time+0x1ec/0x200 [ 244.597605][T22090] touch_atime+0x148/0x340 [ 244.611098][T22103] Buffer I/O error on dev loop2, logical block 128, lost async page write [ 244.615818][T22090] filemap_splice_read+0x6ba/0x740 [ 244.633856][T22090] splice_direct_to_actor+0x26f/0x680 [ 244.639271][T22090] do_splice_direct+0xda/0x150 [ 244.644071][T22090] do_sendfile+0x380/0x650 [ 244.648524][T22090] __x64_sys_sendfile64+0x105/0x150 [ 244.653745][T22090] x64_sys_call+0x2bb4/0x3000 [ 244.658441][T22090] do_syscall_64+0xd2/0x200 [ 244.662961][T22090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.668871][T22090] [ 244.671242][T22090] value changed: 0x00000072 -> 0x00000002 [ 244.676960][T22090] [ 244.679286][T22090] Reported by Kernel Concurrency Sanitizer on: [ 244.685455][T22090] CPU: 0 UID: 0 PID: 22090 Comm: syz.2.8107 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 244.696834][T22090] Tainted: [W]=WARN [ 244.700641][T22090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 244.710745][T22090] ================================================================== [ 244.746459][T22090] syz.2.8107: attempt to access beyond end of device [ 244.746459][T22090] loop2: rw=2049, sector=128, nr_sectors = 1 limit=128 [ 244.759993][T22090] Buffer I/O error on dev loop2, logical block 128, lost async page write