last executing test programs: 1m54.110200188s ago: executing program 4 (id=1014): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_') r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000a40)='kfree\x00', r1, 0x0, 0x3}, 0x18) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f000002eff0)={0x20d, &(0x7f0000000000)=[{0x4, 0xd, 0x8, 0x7fff}, {0x9000, 0x2, 0x12, 0x8}]}, 0x10) 1m54.031461128s ago: executing program 4 (id=1022): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a800800028008000200080000003e"], 0x44}}, 0x0) 1m53.965863576s ago: executing program 4 (id=1024): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000840)={'veth1_to_bond\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1000, 0x5, 0x3, 0x1, 0x9}, 0x9, 0x1, 0x1, 0x6, 0x41, 0x11, 0x12, 0x6, 0x4, 0xfffffff8, {0xe61a, 0x8000, 0x10006, 0x1, 0x6, 0xbf5}}}}]}, 0x78}}, 0x0) 1m53.917477032s ago: executing program 4 (id=1030): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x7, &(0x7f00000001c0)=0x0) dup3(r0, r1, 0x80000) io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) fcntl$setstatus(r0, 0x4, 0x2400) write(r1, 0x0, 0x0) 1m53.816156145s ago: executing program 4 (id=1034): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x60, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffff9ce}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x31, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 1m53.785985259s ago: executing program 4 (id=1036): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f00000000c0)) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000000), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 1m38.37429747s ago: executing program 32 (id=1036): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000280)='./bus\x00', 0x3c9c9b, 0x0, 0x0, 0x0, &(0x7f00000000c0)) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000000), 0x0) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0) 2.666298976s ago: executing program 3 (id=4490): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x7fff0006}]}) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x80ff, 0x88) r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$setlease(r1, 0x400, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.63701905s ago: executing program 3 (id=4492): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x21) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f00000000c0)={0x1df, 0x2, 0x2, 0xe, 0x1, "0300ffd76d7fcb940f00", 0x2, 0x201}) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0xff) 2.549813401s ago: executing program 3 (id=4495): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x1}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 1.891515966s ago: executing program 3 (id=4499): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="d8000000180081084e81f782db44b904021d0800fd007c06e8fe55a10a0015400600142603600e120800060000000201a80016000800014003e01100036010fab94dcf5c0461c1d67f6f9400e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef409001b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed1bffec62070000cbee5de6ccd44a677575a62cef352a92954b43370e9701ee1b6ec75a526c5d5b5701cf8773", 0xd8}], 0x1}, 0x400c0) 1.849769841s ago: executing program 3 (id=4500): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0xfffffffe, @empty, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x303, 0x39}, "4506000000927650", "0bf70000000000000000061000000001", '\x00', "ba0200"}, 0x28) setsockopt$inet6_mreq(r0, 0x29, 0x14, 0x0, 0x41) 1.717910168s ago: executing program 3 (id=4506): syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) ioctl$sock_bt_hci(r0, 0x800448f0, &(0x7f00000001c0)) 1.229511821s ago: executing program 1 (id=4539): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x65, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc093, 0x2, @perf_bp={0x0, 0x8}, 0x4, 0x0, 0x11000, 0x0, 0x2, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0xc0}, 0x0, 0xdfffffffffffffff, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0xb, 0x528, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb8, 0x1, @perf_config_ext={0x1f5a685a}, 0x4dc8, 0x10000, 0xfffffffc, 0x1, 0x1008, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = syz_io_uring_setup(0x354, &(0x7f0000000240)={0x0, 0x6862, 0x80, 0x3, 0x1c0}, &(0x7f00000002c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6000, @fd=r0, 0x0, 0x0}) io_uring_enter(r1, 0x10847ba, 0x95c, 0xe, 0x0, 0x2e) 1.16176351s ago: executing program 2 (id=4543): open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) fchdir(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000024c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30}, 0x6e, 0x0}}], 0x2, 0xe0) 886.020786ms ago: executing program 1 (id=4553): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000000), &(0x7f0000000180)=r1}, 0x20) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f00000005c0)={&(0x7f0000001cc0)=ANY=[@ANYBLOB="02030003120000002cbd7000fbdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a00000000000000000000000000000000000000000000010b0000000000000a02000100000000000000070c0000000005000500000000000a00000000000000fc0100000000000000f8ff00000000010700000000000000010014"], 0x90}, 0x1, 0x7}, 0x0) 864.161329ms ago: executing program 1 (id=4554): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf78b04963d679d5a5d07e618a1ef9057fec00f9e93021f5a8d30e716de8cde9c6000000000c3b64d10f0939b42b33ab2a8717096c58bb3bb1d457d8bb96870f5a7e2ba31fd69bb80235d957eaa9a40b764e5381ffa604aaafb76a980e72b408f686b185736693089213b4e140f8f38e5589663115093889deb646122a5dc5a9e5ba4d37749a36b880110e2bf524b79bc91105f1d3f7d0de694a9417d68694f17ba5e27ea1cec518b93fadcfe0de010ae9be3273ff73c34b5695080a35bfa5c69e3b533e1b939c81b3beda037b7191cb0000000000000000000010e5d683b8938db5c305cf7e6e62a6890ba9e1f4ee64f8202b59de5036569febfaa95f4633db108b2f786333ec7bacc927f4a1785165b5d2444b4c022bb5cff472e6a0c8ee9d6d8df83b704669147b732ac508c9b9f0ca0a1ce45319d43d4643eb285835daf2065b57bebd61ad6671296c27253a5f9688d57c91ccd40ffe2dbc5dd1613a2e6f5b363cc8d205ce6ef3c3c6ded7dd3dfdb39008d8997213f68cdc971c1d6fdacb7729a5560880a77525e9cfb94ef1735dfe74e6b948697f7e3580436b532a82e315d56b17a5dba98436cc24babaae409f0aab0b40af116001bc85492455956e853ead08b5793d4ecf72378a3dfd9cc837b1c66212d9a2be8fd6341c2f837c7fe09924a51ec42912856cce3d3b2d092c80813aad03e1e63a655f4138730f302df339f30a4fbd453c9a0fba381d071ad7cb80a52bec572e29b0b9b55c235806b97e166609f8083ce776075c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000002, 0x13, r1, 0x0) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x9, 0x7, 0x0, 0x0, 0x0, 0x40008, 0x518, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3, 0xed}, 0x4c58, 0xd, 0x0, 0x0, 0x8, 0x4ac, 0xb, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000003, 0x11, r2, 0xc266c000) 773.57004ms ago: executing program 1 (id=4557): r0 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1, 0x0, 0xf}, 0x18) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0x1}, 0x20) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 773.36846ms ago: executing program 0 (id=4558): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f00000002c0)={r2, 0x11, 0x6, @random="08d32bfb45c9"}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r2, 0x1, 0x6, @multicast}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0x4, 0xa}, {0x0, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0) 767.561301ms ago: executing program 1 (id=4559): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x28000, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000ac0000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000004000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000680)=0xf) 750.070814ms ago: executing program 1 (id=4560): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000007000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r2}, 0x10) syz_io_uring_setup(0x789c, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x2}, 0x0, 0x0) 714.012868ms ago: executing program 0 (id=4561): openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0) r0 = memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\xfa\x8b\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x845n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\xfey\bJ\x86\x8d\xdf\x16\xbb3\x85\xf5\xe0zYe\xc2\n\x0f\x87\xc4\x8f\x8e\xec\xee\xcd\f\xe9\xc8\xbc\x97,\xb7!\xf2\x93\xd3\t\xd9=\x93\x1d\x945\x97\x1e\x9d\xa6\xe9\xa6\xf9p,\xf7v>\xcd\xd9\xc4\x1b\x9c(\xb8\x90\xdeg\xbf[n\x82\x96\xaev\xd4\xac \x14\xf0\x18@\xc3\xf1\xe2\x14\x1c\x0f\xa4-\xde\xae\xfa;\xaf\xae\x06\x9ag\x02\x98\xd0C2\xe7?\xfb\xb01\x9d\xf8\xd3Q\xb3\xb2\x18V\xe8\x8c\x87\xf4\t\x1c\x85\xa4\xc1\xb1\xf4k!G\xf5\xbb\xbbs&\xeac\xb3\xafW\x846\v\xb3\xca\xeb\xb7\x9e\x9e#]\x10lj\xaf\xaf\xd1\'{\x11\xaa,\x0f\xc5OY\"\x82\x84\xb6:J\x8c\xf37\x1d\xca\xf1\xef\x9f\xcf\a\xcf\xcb', 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$binfmt_misc(r2, &(0x7f0000000500)="05", 0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) splice(r1, 0x0, r0, &(0x7f0000000140)=0x8008, 0x9, 0x1) 653.794266ms ago: executing program 0 (id=4562): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') syz_read_part_table(0x405b, &(0x7f0000004080)="$eJzszjFKA1EUBdCbxMGvDARBK0EM9jJ2VrOL6SVrsFZxdmIZXIArsnQLIyhGEkW0CKicU73P5b1/wx9RltMoycP8fi/J8Sx907yGW2/5zvtSc5Zqt4xTJ7n8eLNbbL43AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwS41XXtdraVlO88P0V23O66QcTJPbSar2aJT9ZHb6yd1J8phklOQpSTfdUH8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4J+5WHltr8f1F6t3J+nb6mW8STIMw/Dtb0vSLX7SE57ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKMCAAD//wx/Es8=") fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000140)='proc\x00', 0x0, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/ipc\x00') 410.941077ms ago: executing program 0 (id=4563): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x1}, 0x18) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) 333.259117ms ago: executing program 2 (id=4564): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5}, 0x1c) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x5, &(0x7f0000000240)=0x2, 0x4) 329.407337ms ago: executing program 0 (id=4565): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xfffffffffffffdd0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000400)='locks_get_lock_context\x00', r1, 0x0, 0x6}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuset.effective_mems\x00', 0x275a, 0x0) fcntl$lock(r2, 0x6, &(0x7f00000001c0)={0x2, 0x1, 0x7, 0x6}) 304.608311ms ago: executing program 2 (id=4566): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000100070000000900020073797a300000000014000780050015000000000008001240000000000d000300686173683a6e657400000000050005000a000000050004"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0) 298.125912ms ago: executing program 0 (id=4567): syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x82044, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) sendfile(r1, r0, 0x0, 0x7ffff000) 210.548953ms ago: executing program 5 (id=4568): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000b80)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 161.841309ms ago: executing program 2 (id=4569): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x14, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000780)='kfree\x00', r1}, 0x18) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{0x60}, {}, {0x3, 0x0, 0x0, 0x1000000}, {}, {}, {}, {0x6}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x0, 0x8}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) 161.59339ms ago: executing program 5 (id=4570): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000040), &(0x7f0000000180)='%pS \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000020000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x406, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000000c0)="a0", 0x0}, 0x31) 146.991551ms ago: executing program 5 (id=4571): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = getpid() sched_setscheduler(0x0, 0x1, 0x0) r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) move_mount(0xffffffffffffff9c, 0x0, r0, 0x0, 0x157) 98.916637ms ago: executing program 5 (id=4572): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x24, 0x39, 0x9, 0x0, 0x0, {0x1}, [@typed={0x4}, @nested={0x4, 0x1}, @typed={0x8, 0x2, 0x0, 0x0, @pid=0xffffffffffffffff}]}, 0x24}}, 0x0) 30.245377ms ago: executing program 2 (id=4573): r0 = socket$inet6(0xa, 0x3, 0xff) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r1 = dup(r0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0x10000, @ipv4={'\x00', '\xff\xff', @remote}, 0x9}]}, 0x0) write$bt_hci(r1, &(0x7f0000000140)=ANY=[], 0x28) 29.760807ms ago: executing program 5 (id=4574): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 10.110579ms ago: executing program 2 (id=4575): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x11, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000001d00)=@newtaction={0x488, 0x30, 0x12f, 0x0, 0x0, {}, [{0x474, 0x1, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x2, 0xfffffffe, 0xb84, 0x7, 0x5, 0x0, 0x200000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x100, 0x0, 0x0, 0xc74, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1000, 0x0, 0x0, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x100, 0x0, 0x7, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa, 0x0, 0x800, 0xffffffff, 0x0, 0xffff18e5, 0x0, 0x0, 0xfffff002, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x0, 0x201, 0x3, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x4000, 0x20000000, 0x0, 0x0, 0xfffffffc, 0x6, 0x0, 0x0, 0xffffffff, 0xf, 0xf, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x5, 0x1000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x100000, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x0, 0x7, 0x0, 0xffffbffc, 0x1]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xdc, 0x10000000, 0x7fffffff, 0x6, 0xfffffffd, {0x6, 0x2, 0x1, 0x401, 0x1, 0x22}, {0x9a, 0x0, 0x40, 0x5, 0x400}, 0x5, 0x2, 0x81}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x1}}}}]}]}, 0x488}}, 0xc0) 0s ago: executing program 5 (id=4576): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r0}, 0x18) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106) recvmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) kernel console output (not intermixed with test programs): adget: fail, usb_gadget_register_driver returned -16 [ 122.392502][ T9753] atomic_op ffff888122cc7928 conn xmit_atomic 0000000000000000 [ 122.729230][ T9762] sd 0:0:1:0: device reset [ 122.790438][ T9774] rdma_op ffff888104334580 conn xmit_rdma 0000000000000000 [ 123.129992][ T9806] netlink: 'syz.0.2593': attribute type 21 has an invalid length. [ 123.138492][ T9806] __nla_validate_parse: 7 callbacks suppressed [ 123.138504][ T9806] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2593'. [ 123.176729][ T8796] kernel write not supported for file bpf-prog (pid: 8796 comm: kworker/1:11) [ 123.224768][ T9815] random: crng reseeded on system resumption [ 123.418879][ T8796] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 123.442377][ T8796] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 123.458149][ T9845] 9p: Bad value for 'wfdno' [ 123.531035][ T4851] Bluetooth: hci0: command 0x1003 tx timeout [ 123.532395][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 123.729189][ T9860] loop5: detected capacity change from 0 to 512 [ 123.763062][ T9860] EXT4-fs (loop5): 1 orphan inode deleted [ 123.774503][ T9860] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.793443][ T53] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:4: Failed to release dquot type 1 [ 123.829296][ T9860] ext4 filesystem being mounted at /318/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 123.863162][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.947520][ T9883] bridge0: port 1(ipvlan2) entered blocking state [ 123.954139][ T9883] bridge0: port 1(ipvlan2) entered disabled state [ 123.963208][ T9883] ipvlan2: entered allmulticast mode [ 123.968583][ T9883] bridge0: entered allmulticast mode [ 123.974743][ T9883] ipvlan2: left allmulticast mode [ 123.979826][ T9883] bridge0: left allmulticast mode [ 124.080952][ T9887] netlink: 'syz.2.2629': attribute type 39 has an invalid length. [ 124.240352][ T9892] loop2: detected capacity change from 0 to 2048 [ 124.266665][ T9892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.314373][ T9892] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 124.347288][ T9898] macvtap1: entered promiscuous mode [ 124.352678][ T9898] macvtap1: entered allmulticast mode [ 124.358336][ T9892] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 124.370799][ T9892] EXT4-fs (loop2): This should not happen!! Data will be lost [ 124.370799][ T9892] [ 124.380596][ T9892] EXT4-fs (loop2): Total free blocks count 0 [ 124.386607][ T9892] EXT4-fs (loop2): Free/Dirty block details [ 124.392568][ T9892] EXT4-fs (loop2): free_blocks=2415919504 [ 124.398358][ T9892] EXT4-fs (loop2): dirty_blocks=48 [ 124.403535][ T9892] EXT4-fs (loop2): Block reservation details [ 124.409552][ T9892] EXT4-fs (loop2): i_reserved_data_blocks=3 [ 124.435012][ T863] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 124.481721][ T9907] loop2: detected capacity change from 0 to 512 [ 124.492382][ T9907] EXT4-fs (loop2): 1 orphan inode deleted [ 124.498759][ T9907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 124.511392][ T863] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 1 [ 124.516196][ T9907] ext4 filesystem being mounted at /487/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 124.571204][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.945329][ T9937] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2647'. [ 124.954465][ T9937] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2647'. [ 125.105839][ T9949] netlink: 'syz.3.2653': attribute type 1 has an invalid length. [ 125.138594][ T9952] bridge0: port 1(gretap0) entered blocking state [ 125.145349][ T9952] bridge0: port 1(gretap0) entered disabled state [ 125.163373][ T9956] SET target dimension over the limit! [ 125.179254][ T9952] gretap0: entered allmulticast mode [ 125.185195][ T9952] gretap0: entered promiscuous mode [ 125.541780][ T9995] netlink: 'syz.2.2674': attribute type 1 has an invalid length. [ 125.699174][ T29] kauditd_printk_skb: 297 callbacks suppressed [ 125.699191][ T29] audit: type=1400 audit(1768379844.049:2737): avc: denied { create } for pid=10026 comm="syz.5.2692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 125.726868][ T29] audit: type=1400 audit(1768379844.059:2738): avc: denied { connect } for pid=10026 comm="syz.5.2692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 125.746563][ T29] audit: type=1400 audit(1768379844.059:2739): avc: denied { write } for pid=10026 comm="syz.5.2692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 125.766870][ T29] audit: type=1400 audit(1768379844.119:2740): avc: denied { lock } for pid=10027 comm="+}[@" path=2F7365637265746D656D202864656C6574656429 dev="secretmem" ino=25968 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 125.818299][T10039] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2695'. [ 125.827976][T10039] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2695'. [ 125.854322][ T29] audit: type=1400 audit(1768379844.209:2741): avc: denied { bind } for pid=10042 comm="syz.2.2698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 125.876462][ T29] audit: type=1400 audit(1768379844.209:2742): avc: denied { setopt } for pid=10042 comm="syz.2.2698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 125.896151][ T29] audit: type=1400 audit(1768379844.209:2743): avc: denied { write } for pid=10042 comm="syz.2.2698" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 125.947458][T10053] loop2: detected capacity change from 0 to 128 [ 126.017301][T10053] syz.2.2701: attempt to access beyond end of device [ 126.017301][T10053] loop2: rw=2049, sector=138, nr_sectors = 2 limit=128 [ 126.043431][ T29] audit: type=1400 audit(1768379844.399:2744): avc: denied { ioctl } for pid=10065 comm="syz.1.2708" path="socket:[25998]" dev="sockfs" ino=25998 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 126.077163][T10062] loop3: detected capacity change from 0 to 4096 [ 126.096495][ T29] audit: type=1400 audit(1768379844.439:2745): avc: denied { ioctl } for pid=10067 comm="syz.1.2709" path="socket:[26006]" dev="sockfs" ino=26006 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 126.121609][ T29] audit: type=1400 audit(1768379844.449:2746): avc: denied { bind } for pid=10067 comm="+}[@" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 126.168582][T10062] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.521902][T10101] sd 0:0:1:0: device reset [ 126.794303][T10130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2736'. [ 126.803342][T10130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2736'. [ 126.812496][T10130] netlink: 'syz.0.2736': attribute type 6 has an invalid length. [ 126.828216][ T5698] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.828198][T10130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2736'. [ 126.828253][T10130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2736'. [ 126.855001][T10130] netlink: 'syz.0.2736': attribute type 6 has an invalid length. [ 126.856767][ T5698] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.960246][ T5698] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.989321][ T5698] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.004656][T10062] syz.3.2704 (10062) used greatest stack depth: 6264 bytes left [ 127.042098][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.070622][T10150] smc: net device ip6gretap0 applied user defined pnetid SYZ2 [ 127.130315][T10150] smc: net device ip6gretap0 erased user defined pnetid SYZ2 [ 127.276033][T10166] loop2: detected capacity change from 0 to 512 [ 127.320859][T10166] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 127.356325][T10166] EXT4-fs (loop2): 1 truncate cleaned up [ 127.363791][T10166] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.387643][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.503540][T10180] loop3: detected capacity change from 0 to 2048 [ 127.523438][T10180] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #2: comm syz.3.2756: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 127.544432][T10180] EXT4-fs (loop3): get root inode failed [ 127.550116][T10180] EXT4-fs (loop3): mount failed [ 127.576699][T10202] ªªªªªª: renamed from vlan0 [ 127.778776][T10234] SELinux: failed to load policy [ 127.805969][T10242] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 127.836162][T10245] loop5: detected capacity change from 0 to 1024 [ 127.846361][T10245] EXT4-fs: inline encryption not supported [ 127.852437][T10245] EXT4-fs: Ignoring removed orlov option [ 127.859050][T10245] EXT4-fs (loop5): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 127.874835][T10245] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e840c018, mo2=0002] [ 127.891081][T10245] System zones: 0-1, 3-12 [ 127.900859][T10245] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.913722][T10258] netlink: 'syz.1.2793': attribute type 1 has an invalid length. [ 127.931529][T10258] 8021q: adding VLAN 0 to HW filter on device bond1 [ 127.947435][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.003828][T10271] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2799'. [ 128.280506][T10319] __nla_validate_parse: 2 callbacks suppressed [ 128.280524][T10319] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2821'. [ 128.296861][T10319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.320431][ T12] bond0: (slave geneve4): link status definitely down, disabling slave [ 128.332893][ T12] bond0: now running without any active interface! [ 129.059473][T10373] can0: slcan on ptm0. [ 129.106646][T10377] loop5: detected capacity change from 0 to 4096 [ 129.113356][T10373] can0 (unregistered): slcan off ptm0. [ 129.119785][T10373] Falling back ldisc for ptm0. [ 129.126074][T10377] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.430708][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2859'. [ 129.442651][T10404] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l65535 [ 129.523417][T10413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2862'. [ 129.549913][T10413] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2862'. [ 129.663154][T10424] netlink: 19 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 129.782132][T10430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2870'. [ 129.898033][T10439] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2874'. [ 130.009018][T10444] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! [ 130.009018][T10444] cct.usage_percpu_sys' [ 130.075573][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.232708][T10461] netlink: 96 bytes leftover after parsing attributes in process `syz.5.2883'. [ 130.410484][T10483] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2895'. [ 130.628611][T10513] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2909'. [ 130.712774][ T29] kauditd_printk_skb: 197 callbacks suppressed [ 130.712788][ T29] audit: type=1326 audit(1768379849.069:2944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.783852][ T29] audit: type=1326 audit(1768379849.099:2945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.807433][ T29] audit: type=1326 audit(1768379849.099:2946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.830948][ T29] audit: type=1326 audit(1768379849.099:2947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.854702][ T29] audit: type=1326 audit(1768379849.099:2948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.878260][ T29] audit: type=1326 audit(1768379849.099:2949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.902003][ T29] audit: type=1326 audit(1768379849.099:2950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.925602][ T29] audit: type=1326 audit(1768379849.099:2951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.949400][ T29] audit: type=1326 audit(1768379849.099:2952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.972985][ T29] audit: type=1326 audit(1768379849.099:2953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10523 comm="syz.0.2917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 130.997938][T10534] loop1: detected capacity change from 0 to 1024 [ 131.021918][T10534] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 131.032934][T10534] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 131.043621][T10534] JBD2: no valid journal superblock found [ 131.049414][T10534] EXT4-fs (loop1): Could not load journal inode [ 131.142980][T10550] sch_tbf: burst 3298 is lower than device lo mtu (11337746) ! [ 131.168614][T10552] can0: slcan on ptm0. [ 131.230673][T10552] can0 (unregistered): slcan off ptm0. [ 131.247217][T10552] Falling back ldisc for ptm0. [ 131.327185][T10561] loop1: detected capacity change from 0 to 1024 [ 131.346498][T10564] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10564 comm=syz.3.2932 [ 131.351161][T10561] EXT4-fs: Ignoring removed mblk_io_submit option [ 131.361025][T10564] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10564 comm=syz.3.2932 [ 131.415330][T10561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.541134][T10587] can0: slcan on ptm0. [ 131.564344][ T3431] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 131.572298][ T3431] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 131.580437][T10587] can0 (unregistered): slcan off ptm0. [ 131.581552][ T3431] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x3 [ 131.594579][ T3431] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 131.606490][T10587] Falling back ldisc for ptm0. [ 131.686129][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.829261][T10620] syz.5.2957: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 131.843994][T10620] CPU: 0 UID: 0 PID: 10620 Comm: syz.5.2957 Not tainted syzkaller #0 PREEMPT(voluntary) [ 131.844050][T10620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 131.844066][T10620] Call Trace: [ 131.844080][T10620] [ 131.844090][T10620] __dump_stack+0x1d/0x30 [ 131.844156][T10620] dump_stack_lvl+0x95/0xd0 [ 131.844183][T10620] dump_stack+0x15/0x1b [ 131.844208][T10620] warn_alloc+0x12b/0x1a0 [ 131.844239][T10620] __vmalloc_node_range_noprof+0xa0/0x1310 [ 131.844332][T10620] ? tracing_record_taskinfo_sched_switch+0x71/0x260 [ 131.844468][T10620] ? trie_lookup_elem+0x3c8/0x430 [ 131.844505][T10620] ? probe_sched_wakeup+0x85/0xa0 [ 131.844546][T10620] ? ttwu_do_activate+0x1d3/0x210 [ 131.844582][T10620] ? __rcu_read_unlock+0x4f/0x70 [ 131.844645][T10620] ? avc_has_perm_noaudit+0xab/0x130 [ 131.844688][T10620] ? should_fail_ex+0x30/0x280 [ 131.844729][T10620] ? should_failslab+0x8c/0xb0 [ 131.844752][T10620] vmalloc_user_noprof+0x7d/0xb0 [ 131.844839][T10620] ? xskq_create+0x80/0xe0 [ 131.844863][T10620] xskq_create+0x80/0xe0 [ 131.844885][T10620] xsk_init_queue+0x95/0xf0 [ 131.844916][T10620] xsk_setsockopt+0x3f5/0x640 [ 131.844989][T10620] ? __pfx_xsk_setsockopt+0x10/0x10 [ 131.845019][T10620] __sys_setsockopt+0x184/0x200 [ 131.845048][T10620] __x64_sys_setsockopt+0x64/0x80 [ 131.845132][T10620] x64_sys_call+0x21d5/0x3000 [ 131.845164][T10620] do_syscall_64+0xca/0x2b0 [ 131.845271][T10620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.845355][T10620] RIP: 0033:0x7f7491c3f749 [ 131.845378][T10620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.845395][T10620] RSP: 002b:00007f74906a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 131.845419][T10620] RAX: ffffffffffffffda RBX: 00007f7491e95fa0 RCX: 00007f7491c3f749 [ 131.845436][T10620] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 131.845448][T10620] RBP: 00007f7491cc3f91 R08: 0000000000000004 R09: 0000000000000000 [ 131.845505][T10620] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.845520][T10620] R13: 00007f7491e96038 R14: 00007f7491e95fa0 R15: 00007fff5446ee08 [ 131.845610][T10620] [ 131.845626][T10620] Mem-Info: [ 132.069238][T10620] active_anon:7847 inactive_anon:6 isolated_anon:0 [ 132.069238][T10620] active_file:8765 inactive_file:2302 isolated_file:0 [ 132.069238][T10620] unevictable:0 dirty:245 writeback:0 [ 132.069238][T10620] slab_reclaimable:3287 slab_unreclaimable:162971 [ 132.069238][T10620] mapped:28933 shmem:187 pagetables:1340 [ 132.069238][T10620] sec_pagetables:0 bounce:0 [ 132.069238][T10620] kernel_misc_reclaimable:0 [ 132.069238][T10620] free:1732505 free_pcp:21831 free_cma:0 [ 132.114159][T10620] Node 0 active_anon:31388kB inactive_anon:24kB active_file:35060kB inactive_file:9208kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:115732kB dirty:980kB writeback:0kB shmem:748kB kernel_stack:4896kB pagetables:5360kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 132.141472][T10620] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 132.171174][T10620] lowmem_reserve[]: 0 2880 7859 7859 [ 132.176493][T10620] Node 0 DMA32 free:2945992kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949520kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:3528kB free_cma:0kB [ 132.208056][T10620] lowmem_reserve[]: 0 0 4978 4978 [ 132.213201][T10620] Node 0 Normal free:3968668kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31388kB inactive_anon:24kB active_file:35060kB inactive_file:9208kB unevictable:0kB writepending:980kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:83796kB local_pcp:49760kB free_cma:0kB [ 132.246224][T10620] lowmem_reserve[]: 0 0 0 0 [ 132.250796][T10620] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 132.263559][T10620] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945992kB [ 132.279693][T10620] Node 0 Normal: 1280*4kB (UM) 656*8kB (UME) 705*16kB (UME) 872*32kB (UME) 609*64kB (UME) 398*128kB (UM) 322*256kB (UME) 202*512kB (UM) 124*1024kB (UME) 55*2048kB (UM) 831*4096kB (UM) = 3968720kB [ 132.299296][T10620] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 132.308606][T10620] 11258 total pagecache pages [ 132.313314][T10620] 10 pages in swap cache [ 132.317587][T10620] Free swap = 124712kB [ 132.321803][T10620] Total swap = 124996kB [ 132.325971][T10620] 2097051 pages RAM [ 132.329768][T10620] 0 pages HighMem/MovableOnly [ 132.334480][T10620] 81271 pages reserved [ 132.343677][T10622] loop1: detected capacity change from 0 to 128 [ 132.541732][T10651] loop1: detected capacity change from 0 to 512 [ 132.553503][T10651] EXT4-fs (loop1): 1 truncate cleaned up [ 132.581769][T10651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.155786][T10690] sch_tbf: peakrate 7 is lower than or equals to rate 6829859379779001161 ! [ 133.196924][T10651] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2970: bg 0: block 465: padding at end of block bitmap is not set [ 133.218591][T10651] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 117 [ 133.231300][T10651] EXT4-fs (loop1): This should not happen!! Data will be lost [ 133.231300][T10651] [ 133.245906][T10694] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10694 comm=syz.0.2998 [ 133.258632][T10694] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=10694 comm=syz.0.2998 [ 133.322105][T10698] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 133.376726][ T5668] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 2048 with error 28 [ 133.389595][ T5668] EXT4-fs (loop1): This should not happen!! Data will be lost [ 133.389595][ T5668] [ 133.399350][ T5668] EXT4-fs (loop1): Total free blocks count 0 [ 133.405595][ T5668] EXT4-fs (loop1): Free/Dirty block details [ 133.411526][ T5668] EXT4-fs (loop1): free_blocks=0 [ 133.416557][ T5668] EXT4-fs (loop1): dirty_blocks=14336 [ 133.421985][ T5668] EXT4-fs (loop1): Block reservation details [ 133.482421][T10710] can0: slcan on ptm0. [ 133.590599][T10710] can0 (unregistered): slcan off ptm0. [ 133.602063][T10710] Falling back ldisc for ptm0. [ 133.654694][T10726] SELinux: failed to load policy [ 133.691506][T10737] loop5: detected capacity change from 0 to 128 [ 133.978110][T10759] can0: slcan on ptm0. [ 133.983365][T10761] sch_tbf: peakrate 7 is lower than or equals to rate 7 ! [ 134.120534][T10759] can0 (unregistered): slcan off ptm0. [ 134.133067][T10759] Falling back ldisc for ptm0. [ 134.172396][T10766] __nla_validate_parse: 7 callbacks suppressed [ 134.172420][T10766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3033'. [ 134.358890][T10737] syz.5.3010 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 134.373180][T10737] CPU: 0 UID: 0 PID: 10737 Comm: syz.5.3010 Not tainted syzkaller #0 PREEMPT(voluntary) [ 134.373216][T10737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 134.373233][T10737] Call Trace: [ 134.373242][T10737] [ 134.373253][T10737] __dump_stack+0x1d/0x30 [ 134.373284][T10737] dump_stack_lvl+0x95/0xd0 [ 134.373324][T10737] dump_stack+0x15/0x1b [ 134.373351][T10737] dump_header+0x81/0x240 [ 134.373378][T10737] oom_kill_process+0x295/0x350 [ 134.373409][T10737] out_of_memory+0x97b/0xb80 [ 134.373455][T10737] try_charge_memcg+0x610/0xa10 [ 134.373510][T10737] obj_cgroup_charge_pages+0xa6/0x150 [ 134.373550][T10737] __memcg_kmem_charge_page+0x9f/0x170 [ 134.373609][T10737] __alloc_frozen_pages_noprof+0x18f/0x360 [ 134.373640][T10737] alloc_pages_mpol+0xb3/0x260 [ 134.373675][T10737] alloc_pages_noprof+0x90/0x130 [ 134.373710][T10737] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 134.373747][T10737] __kvmalloc_node_noprof+0x492/0x6b0 [ 134.373806][T10737] ? ip_set_alloc+0x24/0x30 [ 134.373847][T10737] ? ip_set_alloc+0x24/0x30 [ 134.373880][T10737] ip_set_alloc+0x24/0x30 [ 134.373908][T10737] hash_netiface_create+0x282/0x740 [ 134.374042][T10737] ? __pfx_hash_netiface_create+0x10/0x10 [ 134.374087][T10737] ip_set_create+0x3cc/0x970 [ 134.374121][T10737] ? __nla_parse+0x40/0x60 [ 134.374177][T10737] nfnetlink_rcv_msg+0x4c6/0x590 [ 134.374314][T10737] netlink_rcv_skb+0x123/0x220 [ 134.374372][T10737] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 134.374425][T10737] nfnetlink_rcv+0x167/0x16c0 [ 134.374538][T10737] ? __pmu_ctx_sched_in+0x8a/0xb0 [ 134.374561][T10737] ? __list_add_valid_or_report+0x38/0xe0 [ 134.374654][T10737] ? merge_sched_in+0x605/0xa30 [ 134.374715][T10737] ? rb_next+0x5c/0x80 [ 134.374754][T10737] ? visit_groups_merge+0xf7e/0xfd0 [ 134.374787][T10737] ? should_fail_ex+0x30/0x280 [ 134.374820][T10737] ? selinux_nlmsg_lookup+0x99/0x890 [ 134.374870][T10737] ? __rcu_read_unlock+0x34/0x70 [ 134.374898][T10737] ? __netlink_lookup+0x266/0x2a0 [ 134.374927][T10737] netlink_unicast+0x5c0/0x690 [ 134.374963][T10737] netlink_sendmsg+0x58b/0x6b0 [ 134.375063][T10737] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.375126][T10737] __sock_sendmsg+0x145/0x180 [ 134.375171][T10737] ____sys_sendmsg+0x31e/0x4a0 [ 134.375215][T10737] ___sys_sendmsg+0x17b/0x1d0 [ 134.375269][T10737] __x64_sys_sendmsg+0xd4/0x160 [ 134.375315][T10737] x64_sys_call+0x17ba/0x3000 [ 134.375343][T10737] do_syscall_64+0xca/0x2b0 [ 134.375453][T10737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.375483][T10737] RIP: 0033:0x7f7491c3f749 [ 134.375505][T10737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.375530][T10737] RSP: 002b:00007f74906a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 134.375568][T10737] RAX: ffffffffffffffda RBX: 00007f7491e95fa0 RCX: 00007f7491c3f749 [ 134.375583][T10737] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005 [ 134.375596][T10737] RBP: 00007f7491cc3f91 R08: 0000000000000000 R09: 0000000000000000 [ 134.375608][T10737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.375621][T10737] R13: 00007f7491e96038 R14: 00007f7491e95fa0 R15: 00007fff5446ee08 [ 134.375646][T10737] [ 134.375655][T10737] memory: usage 307200kB, limit 307200kB, failcnt 267 [ 134.703027][T10737] memory+swap: usage 307540kB, limit 9007199254740988kB, failcnt 0 [ 134.710980][T10737] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 134.718408][T10737] Memory cgroup stats for /syz5: [ 134.718913][T10737] cache 4096 [ 134.727202][T10737] rss 4096 [ 134.730318][T10737] shmem 0 [ 134.733287][T10737] mapped_file 0 [ 134.736810][T10737] dirty 0 [ 134.739773][T10737] writeback 0 [ 134.743122][T10737] workingset_refault_anon 520 [ 134.747817][T10737] workingset_refault_file 4 [ 134.752359][T10737] swap 348160 [ 134.755663][T10737] swapcached 16384 [ 134.759416][T10737] pgpgin 43556 [ 134.762932][T10737] pgpgout 43551 [ 134.766413][T10737] pgfault 68550 [ 134.769891][T10737] pgmajfault 48 [ 134.773400][T10737] inactive_anon 8192 [ 134.777312][T10737] active_anon 8192 [ 134.781093][T10737] inactive_file 4096 [ 134.785026][T10737] active_file 0 [ 134.788622][T10737] unevictable 0 [ 134.792153][T10737] hierarchical_memory_limit 314572800 [ 134.797691][T10737] hierarchical_memsw_limit 9223372036854771712 [ 134.803901][T10737] total_cache 4096 [ 134.807642][T10737] total_rss 4096 [ 134.811257][T10737] total_shmem 0 [ 134.814741][T10737] total_mapped_file 0 [ 134.818769][T10737] total_dirty 0 [ 134.822296][T10737] total_writeback 0 [ 134.826160][T10737] total_workingset_refault_anon 520 [ 134.831411][T10737] total_workingset_refault_file 4 [ 134.836447][T10737] total_swap 348160 [ 134.840359][T10737] total_swapcached 16384 [ 134.844627][T10737] total_pgpgin 43556 [ 134.848574][T10737] total_pgpgout 43551 [ 134.852697][T10737] total_pgfault 68550 [ 134.856822][T10737] total_pgmajfault 48 [ 134.860878][T10737] total_inactive_anon 8192 [ 134.865315][T10737] total_active_anon 8192 [ 134.869581][T10737] total_inactive_file 4096 [ 134.874056][T10737] total_active_file 0 [ 134.878108][T10737] total_unevictable 0 [ 134.882190][T10737] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.3010,pid=10736,uid=0 [ 134.897027][T10737] Memory cgroup out of memory: Killed process 10736 (syz.5.3010) total-vm:93968kB, anon-rss:1136kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 135.069044][T10803] loop3: detected capacity change from 0 to 1024 [ 135.086116][T10803] EXT4-fs: Ignoring removed oldalloc option [ 135.102811][T10803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.123378][T10803] ext4 filesystem being mounted at /613/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 135.141537][T10808] loop9: detected capacity change from 0 to 7 [ 135.147932][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 135.157622][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 135.178662][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 135.188114][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 135.197747][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 135.210396][T10808] loop9: unable to read partition table [ 135.216096][T10808] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 135.333139][T10830] loop2: detected capacity change from 0 to 512 [ 135.360616][T10830] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 135.371342][T10829] vhci_hcd vhci_hcd.2: invalid port number 96 [ 135.377501][T10829] vhci_hcd vhci_hcd.2: default hub control req: 8011 v0005 i0060 l7 [ 135.448554][T10830] EXT4-fs (loop2): 1 truncate cleaned up [ 135.510806][T10830] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.562881][T10856] netlink: 'syz.0.3061': attribute type 1 has an invalid length. [ 135.570833][T10856] netlink: 'syz.0.3061': attribute type 4 has an invalid length. [ 135.578588][T10856] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.3061'. [ 135.621844][T10858] can0: slcan on ptm0. [ 135.651526][T10862] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3063'. [ 135.680751][T10858] can0 (unregistered): slcan off ptm0. [ 135.686601][T10858] Falling back ldisc for ptm0. [ 135.704979][T10862] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3063'. [ 135.720441][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.778004][T10872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3068'. [ 135.787016][T10872] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3068'. [ 135.847315][T10876] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 136.132040][T10891] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3077'. [ 136.141156][T10891] netlink: 'syz.5.3077': attribute type 7 has an invalid length. [ 136.148916][T10891] netlink: 'syz.5.3077': attribute type 8 has an invalid length. [ 136.156772][T10891] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3077'. [ 136.262447][ T29] kauditd_printk_skb: 170 callbacks suppressed [ 136.262483][ T29] audit: type=1326 audit(1768379854.619:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.303956][ T29] audit: type=1326 audit(1768379854.619:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.353017][ T29] audit: type=1326 audit(1768379854.649:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.376724][ T29] audit: type=1326 audit(1768379854.679:3127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.400282][ T29] audit: type=1326 audit(1768379854.679:3128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.423879][ T29] audit: type=1326 audit(1768379854.679:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.447469][ T29] audit: type=1326 audit(1768379854.679:3130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.471005][ T29] audit: type=1326 audit(1768379854.679:3131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.494612][ T29] audit: type=1326 audit(1768379854.679:3132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.518131][ T29] audit: type=1326 audit(1768379854.689:3133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10894 comm="syz.5.3079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 136.826708][T10911] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3086'. [ 136.835748][T10911] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3086'. [ 136.861273][T10913] netlink: 'syz.3.3087': attribute type 10 has an invalid length. [ 136.889554][T10913] team0: Port device dummy0 added [ 136.986831][T10926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.008604][ T8796] Process accounting resumed [ 137.014063][T10926] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 137.212314][T10962] Falling back ldisc for ttyS3. [ 137.299921][T10975] loop3: detected capacity change from 0 to 128 [ 137.325950][T10976] loop1: detected capacity change from 0 to 1024 [ 137.335063][T10975] EXT4-fs: Ignoring removed nobh option [ 137.351202][T10975] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 137.370566][T10976] EXT4-fs: inline encryption not supported [ 137.383782][T10975] ext4 filesystem being mounted at /627/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 137.396112][T10976] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 137.446604][ T3316] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 137.473620][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.716098][T11044] loop3: detected capacity change from 0 to 512 [ 137.742451][T11044] EXT4-fs (loop3): 1 truncate cleaned up [ 137.762009][T11044] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 137.835146][T11063] can0: slcan on ptm0. [ 137.900755][T11063] can0 (unregistered): slcan off ptm0. [ 137.906504][T11063] Falling back ldisc for ptm0. [ 137.960457][T10982] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 465: padding at end of block bitmap is not set [ 137.996780][T11044] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 138.009455][T11044] EXT4-fs (loop3): This should not happen!! Data will be lost [ 138.009455][T11044] [ 138.019219][T11044] EXT4-fs (loop3): Total free blocks count 0 [ 138.025428][T11044] EXT4-fs (loop3): Free/Dirty block details [ 138.031372][T11044] EXT4-fs (loop3): free_blocks=0 [ 138.036334][T11044] EXT4-fs (loop3): dirty_blocks=2312 [ 138.041711][T11044] EXT4-fs (loop3): Block reservation details [ 138.047723][T11044] EXT4-fs (loop3): i_reserved_data_blocks=2312 [ 138.132996][ T5668] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2052 with max blocks 260 with error 28 [ 139.187591][T11212] tipc: New replicast peer: 255.255.255.255 [ 139.193812][T11212] tipc: Enabled bearer , priority 10 [ 139.246507][T11220] loop2: detected capacity change from 0 to 1024 [ 139.266768][T11223] loop3: detected capacity change from 0 to 512 [ 139.285708][T11220] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 139.298326][T11223] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 139.323513][T11230] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22 [ 139.325197][T11220] ext4 filesystem being mounted at /598/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.331844][T11230] netdevsim netdevsim5: Direct firmware load for . failed with error -22 [ 139.361372][T11223] EXT4-fs (loop3): mount failed [ 139.411693][T11234] loop5: detected capacity change from 0 to 8192 [ 139.419613][T11234] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 139.438001][T11220] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3161: bg 0: block 112: padding at end of block bitmap is not set [ 139.460215][T11240] netlink: 'syz.1.3170': attribute type 1 has an invalid length. [ 139.490112][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 139.515000][T11240] bond2: (slave ip6gretap1): making interface the new active one [ 139.524603][T11240] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 139.603908][T11258] __nla_validate_parse: 4 callbacks suppressed [ 139.603922][T11258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3178'. [ 139.619727][T11258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3178'. [ 139.706599][T11270] loop3: detected capacity change from 0 to 2048 [ 139.730748][T11270] EXT4-fs: Ignoring removed mblk_io_submit option [ 139.745523][T11270] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.845640][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.925001][T11289] loop1: detected capacity change from 0 to 4096 [ 139.944707][T11289] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.971679][T11295] loop2: detected capacity change from 0 to 512 [ 139.987751][T11295] EXT4-fs: Ignoring removed bh option [ 139.997776][T11295] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 140.041851][T11272] loop5: detected capacity change from 0 to 512 [ 140.063865][T11295] EXT4-fs (loop2): 1 truncate cleaned up [ 140.072571][T11295] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.093680][T11272] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 140.138291][T11272] EXT4-fs (loop5): mount failed [ 140.280470][T11310] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 140.297969][T11310] EXT4-fs (loop3): 1 truncate cleaned up [ 140.305718][T11310] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.333388][T11313] EXT4-fs (loop5): 1 truncate cleaned up [ 140.357881][T11313] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 140.387357][ T3314] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.418223][ T5703] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm kworker/u8:40: bg 0: block 465: padding at end of block bitmap is not set [ 140.438260][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.469819][ T5703] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 404 with error 117 [ 140.482360][ T5703] EXT4-fs (loop5): This should not happen!! Data will be lost [ 140.482360][ T5703] [ 140.496764][T11313] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 404 with max blocks 4 with error 28 [ 140.509252][T11313] EXT4-fs (loop5): This should not happen!! Data will be lost [ 140.509252][T11313] [ 140.519014][T11313] EXT4-fs (loop5): Total free blocks count 0 [ 140.525083][T11313] EXT4-fs (loop5): Free/Dirty block details [ 140.531100][T11313] EXT4-fs (loop5): free_blocks=0 [ 140.536149][T11313] EXT4-fs (loop5): dirty_blocks=4 [ 140.541284][T11313] EXT4-fs (loop5): Block reservation details [ 140.548241][T11322] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=11322 comm=syz.0.3203 [ 140.560882][T11322] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=11322 comm=syz.0.3203 [ 140.644923][T11328] 9p: Bad value for 'rfdno' [ 140.658705][T11327] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 140.961282][T11363] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3224'. [ 140.977324][T11363] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 141.173160][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.305495][T11387] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 141.316506][T11387] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 141.344897][T11387] JBD2: no valid journal superblock found [ 141.350808][T11387] EXT4-fs (loop3): Could not load journal inode [ 141.479522][ T29] kauditd_printk_skb: 310 callbacks suppressed [ 141.479538][ T29] audit: type=1400 audit(1768379859.829:3442): avc: denied { bind } for pid=11407 comm="syz.5.3241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 141.505319][ T29] audit: type=1400 audit(1768379859.829:3443): avc: denied { name_bind } for pid=11407 comm="syz.5.3241" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1 [ 141.527350][ T29] audit: type=1400 audit(1768379859.829:3444): avc: denied { node_bind } for pid=11407 comm="syz.5.3241" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1 [ 141.574242][T11412] atomic_op ffff88811a477d28 conn xmit_atomic 0000000000000000 [ 141.657229][ T29] audit: type=1400 audit(1768379860.009:3445): avc: denied { getopt } for pid=11429 comm="syz.0.3253" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 141.718445][ T29] audit: type=1326 audit(1768379860.069:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11433 comm="syz.2.3255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 141.753182][ T29] audit: type=1326 audit(1768379860.069:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11433 comm="syz.2.3255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 141.776840][ T29] audit: type=1326 audit(1768379860.099:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11433 comm="syz.2.3255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=298 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 141.800367][ T29] audit: type=1326 audit(1768379860.099:3449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11433 comm="syz.2.3255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 141.824009][ T29] audit: type=1326 audit(1768379860.099:3450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11433 comm="syz.2.3255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 141.847629][ T29] audit: type=1326 audit(1768379860.099:3451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11433 comm="syz.2.3255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 141.897378][T11440] SELinux: failed to load policy [ 142.071550][ T5698] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x79 [ 142.330823][T11473] netlink: 'syz.5.3271': attribute type 1 has an invalid length. [ 142.949228][T11499] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 143.081987][T11515] set_capacity_and_notify: 3 callbacks suppressed [ 143.082005][T11515] loop5: detected capacity change from 0 to 128 [ 143.577688][T11554] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3291'. [ 143.859832][T11592] loop3: detected capacity change from 0 to 1024 [ 143.900722][T11592] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.952825][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.679963][T11682] netlink: 96 bytes leftover after parsing attributes in process `syz.5.3304'. [ 144.894404][T11709] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11709 comm=syz.2.3316 [ 144.986140][T11721] netlink: 'syz.5.3321': attribute type 27 has an invalid length. [ 145.000755][ T12] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.041825][T11721] bridge0: port 1(gretap0) entered blocking state [ 145.048479][T11721] bridge0: port 1(gretap0) entered forwarding state [ 145.066849][T11721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.081666][T11721] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.107398][T11721] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 145.122963][ T12] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.144002][ T12] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.173043][T11731] macsec1: entered allmulticast mode [ 145.178384][T11731] macvlan0: entered allmulticast mode [ 145.205955][T11723] netlink: 84 bytes leftover after parsing attributes in process `syz.2.3322'. [ 145.215053][T11723] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 145.225045][T11731] macvlan0: left allmulticast mode [ 145.232971][ T12] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.273737][T11738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3328'. [ 145.288668][T11738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3328'. [ 145.310852][T11738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3328'. [ 145.330021][T11738] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3328'. [ 145.370652][T11745] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3331'. [ 145.424386][T11757] netlink: 'syz.5.3335': attribute type 13 has an invalid length. [ 145.435427][T11757] gretap0: refused to change device tx_queue_len [ 145.443582][T11757] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 145.539152][T11777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3344'. [ 145.548213][T11777] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3344'. [ 145.561859][T11777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3344'. [ 146.234229][T11838] bridge0: entered promiscuous mode [ 146.245742][T11838] bridge0: port 2(macsec1) entered blocking state [ 146.252379][T11838] bridge0: port 2(macsec1) entered disabled state [ 146.259840][T11838] macsec1: entered allmulticast mode [ 146.265432][T11838] bridge0: entered allmulticast mode [ 146.272166][T11838] macsec1: left allmulticast mode [ 146.277333][T11838] bridge0: left allmulticast mode [ 146.297923][T11838] bridge0: left promiscuous mode [ 146.520929][ T29] kauditd_printk_skb: 93 callbacks suppressed [ 146.520971][ T29] audit: type=1400 audit(1768379864.879:3545): avc: denied { read } for pid=11875 comm="syz.1.3392" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 146.658470][T11891] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0' [ 146.684082][T11889] hub 2-0:1.0: USB hub found [ 146.698736][T11889] hub 2-0:1.0: 8 ports detected [ 146.805860][T11911] netlink: 'syz.2.3408': attribute type 1 has an invalid length. [ 147.037537][T11943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.064909][T11943] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.213997][ T29] audit: type=1326 audit(1768379865.569:3546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.237677][ T29] audit: type=1326 audit(1768379865.569:3547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.261304][ T29] audit: type=1326 audit(1768379865.569:3548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.284888][ T29] audit: type=1326 audit(1768379865.569:3549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.308454][ T29] audit: type=1326 audit(1768379865.569:3550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.332068][ T29] audit: type=1326 audit(1768379865.569:3551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.355628][ T29] audit: type=1326 audit(1768379865.569:3552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.379252][ T29] audit: type=1326 audit(1768379865.569:3553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.402930][ T29] audit: type=1326 audit(1768379865.569:3554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11948 comm="syz.1.3423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f670517f749 code=0x7ffc0000 [ 147.665032][T11973] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 147.690401][ T8796] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 147.750303][ T8796] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 147.765695][T11983] netlink: 'syz.0.3439': attribute type 27 has an invalid length. [ 147.778249][T11983] bridge1: left promiscuous mode [ 147.783261][T11983] bridge1: left allmulticast mode [ 147.802085][ T863] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.844916][ T863] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.873350][T11983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.915797][T11983] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.953261][T11983] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 147.979121][T11994] xt_CT: No such helper "pptp" [ 147.987881][ T5683] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 148.004577][ T5683] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 148.232346][T12020] can0: slcan on ttyS3. [ 148.287911][T12028] loop5: detected capacity change from 0 to 1024 [ 148.295503][T12028] EXT4-fs: Ignoring removed bh option [ 148.301449][T12010] can0 (unregistered): slcan off ttyS3. [ 148.322511][T12028] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.358547][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.908671][T12084] can0: slcan on ttyS3. [ 148.951811][T12092] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check. [ 148.968039][T12083] can0 (unregistered): slcan off ttyS3. [ 148.995851][T12097] netlink: 'syz.3.3478': attribute type 27 has an invalid length. [ 149.046500][ T3506] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 149.056650][ T3506] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 149.068555][T12097] gretap1: left promiscuous mode [ 149.106952][T12097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.115109][T12097] 8021q: adding VLAN 0 to HW filter on device team0 [ 149.135743][T12097] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.239120][T12125] netlink: 'syz.1.3493': attribute type 3 has an invalid length. [ 149.470710][T12146] netlink: 'syz.1.3500': attribute type 27 has an invalid length. [ 149.499265][T12146] veth2: left promiscuous mode [ 149.504676][T12146] veth2: left allmulticast mode [ 149.510039][T12146] bridge1: left promiscuous mode [ 149.515039][T12146] bridge1: left allmulticast mode [ 149.562681][T12146] bridge0: port 1(gretap0) entered blocking state [ 149.569224][T12146] bridge0: port 1(gretap0) entered forwarding state [ 149.587880][T12146] 8021q: adding VLAN 0 to HW filter on device .` [ 149.598135][T12146] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.760255][T12167] xt_CT: You must specify a L4 protocol and not use inversions on it [ 149.800269][T12173] __nla_validate_parse: 15 callbacks suppressed [ 149.800358][T12173] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3515'. [ 149.865536][T12187] netlink: 'syz.2.3519': attribute type 27 has an invalid length. [ 149.890777][T12187] bridge1: left promiscuous mode [ 149.895895][T12187] bridge1: left allmulticast mode [ 149.949104][T12187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.969849][T12187] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 150.011281][ T3431] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 150.054478][T12202] netlink: 'syz.5.3530': attribute type 16 has an invalid length. [ 150.062490][T12202] netlink: 156 bytes leftover after parsing attributes in process `syz.5.3530'. [ 150.111584][T12211] netlink: 27 bytes leftover after parsing attributes in process `syz.2.3533'. [ 150.132653][T12219] loop3: detected capacity change from 0 to 128 [ 150.253348][ T863] Bluetooth: hci0: Frame reassembly failed (-84) [ 150.273079][T12239] loop3: detected capacity change from 0 to 1024 [ 150.279985][T12239] EXT4-fs: Ignoring removed mblk_io_submit option [ 150.292777][T12239] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 150.454157][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.463676][ T5668] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 150.502081][T12267] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4080 [ 150.668007][T12285] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3553'. [ 150.714968][T12292] sctp: [Deprecated]: syz.2.3556 (pid 12292) Use of int in maxseg socket option. [ 150.714968][T12292] Use struct sctp_assoc_value instead [ 150.890375][ T3431] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 150.936826][T12331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3569'. [ 150.953012][T12326] loop1: detected capacity change from 0 to 4096 [ 150.973492][T12326] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.263544][T12342] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3573'. [ 151.406002][T12351] netlink: 27 bytes leftover after parsing attributes in process `syz.5.3576'. [ 151.608429][T12367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3578'. [ 151.617597][T12367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3578'. [ 151.829756][ T29] kauditd_printk_skb: 161 callbacks suppressed [ 151.829774][ T29] audit: type=1326 audit(1768380126.173:3716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12380 comm="syz.2.3582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 151.900218][ T29] audit: type=1326 audit(1768380126.183:3717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12380 comm="syz.2.3582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 151.923818][ T29] audit: type=1326 audit(1768380126.183:3718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12380 comm="syz.2.3582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 151.947435][ T29] audit: type=1326 audit(1768380126.183:3719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12380 comm="syz.2.3582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 151.973936][T12386] loop5: detected capacity change from 0 to 1024 [ 152.024216][T12386] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 152.050738][ T29] audit: type=1400 audit(1768380126.403:3720): avc: denied { remove_name } for pid=12385 comm="syz.5.3584" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 152.052040][T12386] EXT4-fs error (device loop5): ext4_xattr_inode_iget:441: inode #11: comm syz.5.3584: missing EA_INODE flag [ 152.073964][ T29] audit: type=1400 audit(1768380126.403:3721): avc: denied { rename } for pid=12385 comm="syz.5.3584" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 152.107589][ T29] audit: type=1400 audit(1768380126.403:3722): avc: denied { unlink } for pid=12385 comm="syz.5.3584" name="file0" dev="loop5" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 152.140402][T12386] EXT4-fs (loop5): Remounting filesystem read-only [ 152.214905][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 152.330225][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 152.385543][T12413] netlink: 'syz.3.3595': attribute type 12 has an invalid length. [ 152.455001][ T5668] kworker/u8:16 invoked oom-killer: gfp_mask=0x100c0a(GFP_NOIO|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_HARDWALL), order=0, oom_score_adj=0 [ 152.468822][ T5668] CPU: 0 UID: 0 PID: 5668 Comm: kworker/u8:16 Not tainted syzkaller #0 PREEMPT(voluntary) [ 152.468858][ T5668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 152.468875][ T5668] Workqueue: loop1 loop_rootcg_workfn [ 152.468904][ T5668] Call Trace: [ 152.468912][ T5668] [ 152.468976][ T5668] __dump_stack+0x1d/0x30 [ 152.469004][ T5668] dump_stack_lvl+0x95/0xd0 [ 152.469031][ T5668] dump_stack+0x15/0x1b [ 152.469056][ T5668] dump_header+0x81/0x240 [ 152.469082][ T5668] oom_kill_process+0x295/0x350 [ 152.469156][ T5668] out_of_memory+0x97b/0xb80 [ 152.469185][ T5668] try_charge_memcg+0x610/0xa10 [ 152.469264][ T5668] charge_memcg+0x51/0xc0 [ 152.469294][ T5668] mem_cgroup_swapin_charge_folio+0xcc/0x150 [ 152.469333][ T5668] __read_swap_cache_async+0x17b/0x2d0 [ 152.469431][ T5668] swap_cluster_readahead+0x262/0x3c0 [ 152.469465][ T5668] shmem_swapin_folio+0x8b4/0x11e0 [ 152.469540][ T5668] ? xas_load+0x413/0x430 [ 152.469578][ T5668] ? filemap_get_entry+0x34b/0x390 [ 152.469696][ T5668] shmem_get_folio_gfp+0x26c/0xd50 [ 152.469807][ T5668] shmem_write_begin+0xfc/0x1f0 [ 152.469844][ T5668] generic_perform_write+0x184/0x490 [ 152.469886][ T5668] shmem_file_write_iter+0xc5/0xf0 [ 152.469993][ T5668] lo_rw_aio+0x673/0x720 [ 152.470019][ T5668] loop_process_work+0x56d/0xaa0 [ 152.470040][ T5668] ? queue_delayed_work_on+0xde/0x140 [ 152.470162][ T5668] ? __rcu_read_unlock+0x4f/0x70 [ 152.470187][ T5668] ? __perf_event_task_sched_in+0xa5b/0xac0 [ 152.470209][ T5668] ? __list_add_valid_or_report+0x38/0xe0 [ 152.470242][ T5668] ? perf_cgroup_switch+0x10c/0x480 [ 152.470318][ T5668] ? __set_next_task_fair+0x5b/0x150 [ 152.470362][ T5668] loop_rootcg_workfn+0x22/0x30 [ 152.470399][ T5668] process_scheduled_works+0x4ce/0x9d0 [ 152.470498][ T5668] worker_thread+0x582/0x770 [ 152.470534][ T5668] kthread+0x489/0x510 [ 152.470561][ T5668] ? __pfx_worker_thread+0x10/0x10 [ 152.470630][ T5668] ? __pfx_kthread+0x10/0x10 [ 152.470664][ T5668] ret_from_fork+0x149/0x290 [ 152.470690][ T5668] ? __pfx_kthread+0x10/0x10 [ 152.470790][ T5668] ret_from_fork_asm+0x1a/0x30 [ 152.470821][ T5668] [ 152.677604][ T5668] memory: usage 307200kB, limit 307200kB, failcnt 698 [ 152.684439][ T5668] memory+swap: usage 309628kB, limit 9007199254740988kB, failcnt 0 [ 152.692389][ T5668] kmem: usage 306156kB, limit 9007199254740988kB, failcnt 0 [ 152.699693][ T5668] Memory cgroup stats for /syz1: [ 152.764759][T12419] SELinux: policydb version 0 does not match my version range 15-35 [ 152.777972][T12419] SELinux: failed to load policy [ 152.790838][ T29] audit: type=1326 audit(1768380127.143:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12420 comm="syz.3.3599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 152.801177][ T5668] cache 1056768 [ 152.818087][ T5668] rss 0 [ 152.820916][ T5668] shmem 0 [ 152.823877][ T5668] mapped_file 0 [ 152.827484][ T5668] dirty 0 [ 152.830671][ T5668] writeback 1052672 [ 152.834509][ T5668] workingset_refault_anon 963 [ 152.839217][ T5668] workingset_refault_file 910 [ 152.844054][ T5668] swap 2486272 [ 152.847444][ T5668] swapcached 8192 [ 152.851124][ T5668] pgpgin 101440 [ 152.854590][ T5668] pgpgout 101179 [ 152.858156][ T5668] pgfault 140230 [ 152.861760][ T5668] pgmajfault 70 [ 152.865290][ T5668] inactive_anon 8192 [ 152.866007][ T29] audit: type=1326 audit(1768380127.173:3724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12420 comm="syz.3.3599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 152.869194][ T5668] active_anon 0 [ 152.869204][ T5668] inactive_file 1052672 [ 152.869215][ T5668] active_file 0 [ 152.869224][ T5668] unevictable 0 [ 152.892709][ T29] audit: type=1326 audit(1768380127.173:3725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12420 comm="syz.3.3599" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 152.896178][ T5668] hierarchical_memory_limit 314572800 [ 152.896191][ T5668] hierarchical_memsw_limit 9223372036854771712 [ 152.896200][ T5668] total_cache 1056768 [ 152.896207][ T5668] total_rss 0 [ 152.896213][ T5668] total_shmem 0 [ 152.896221][ T5668] total_mapped_file 0 [ 152.957298][ T5668] total_dirty 0 [ 152.960851][ T5668] total_writeback 1052672 [ 152.965205][ T5668] total_workingset_refault_anon 963 [ 152.970457][ T5668] total_workingset_refault_file 910 [ 152.975677][ T5668] total_swap 2486272 [ 152.979673][ T5668] total_swapcached 8192 [ 152.983898][ T5668] total_pgpgin 101440 [ 152.987933][ T5668] total_pgpgout 101179 [ 152.992060][ T5668] total_pgfault 140230 [ 152.996144][ T5668] total_pgmajfault 70 [ 153.000170][ T5668] total_inactive_anon 8192 [ 153.004655][ T5668] total_active_anon 0 [ 153.008730][ T5668] total_inactive_file 1052672 [ 153.013455][ T5668] total_active_file 0 [ 153.017529][ T5668] total_unevictable 0 [ 153.021551][ T5668] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.3566,pid=12323,uid=0 [ 153.036381][ T5668] Memory cgroup out of memory: Killed process 12323 (syz.1.3566) total-vm:96016kB, anon-rss:1264kB, file-rss:22376kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 153.057000][T12417] loop5: detected capacity change from 0 to 512 [ 153.070631][T12417] EXT4-fs: Ignoring removed oldalloc option [ 153.076710][T12417] ext4: Unknown parameter 'nouser_xattr' [ 153.180525][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.331073][T12442] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3608'. [ 153.632842][T12470] SELinux: security_context_str_to_sid (Ð-šXܘ7.H\¹ÿ %ºu@) failed with errno=-22 [ 153.937115][T12498] loop5: detected capacity change from 0 to 1764 [ 154.026266][T12510] loop3: detected capacity change from 0 to 512 [ 154.048212][T12510] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.061481][T12510] ext4 filesystem being mounted at /725/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 154.072927][T12516] sctp: [Deprecated]: syz.5.3639 (pid 12516) Use of int in maxseg socket option. [ 154.072927][T12516] Use struct sctp_assoc_value instead [ 154.098760][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.119824][T12519] netlink: 'syz.2.3641': attribute type 3 has an invalid length. [ 154.230804][T12537] loop5: detected capacity change from 0 to 512 [ 154.237551][T12537] EXT4-fs: Ignoring removed oldalloc option [ 154.244392][T12537] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 154.264278][T12537] EXT4-fs (loop5): too many log groups per flexible block group [ 154.276564][T12537] EXT4-fs (loop5): failed to initialize mballoc (-12) [ 154.289302][T12537] EXT4-fs (loop5): mount failed [ 154.726695][T12573] loop1: detected capacity change from 0 to 128 [ 155.009211][T12595] __nla_validate_parse: 9 callbacks suppressed [ 155.009228][T12595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3671'. [ 155.874862][T12648] loop1: detected capacity change from 0 to 1024 [ 155.875757][T12648] EXT4-fs: Ignoring removed mblk_io_submit option [ 155.910809][T12648] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 156.070711][T12669] netlink: 'syz.5.3700': attribute type 21 has an invalid length. [ 156.070756][T12669] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3700'. [ 156.070772][T12669] netlink: 'syz.5.3700': attribute type 1 has an invalid length. [ 156.163758][ T3318] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.179568][ T5531] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4 [ 156.179645][ T5531] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2 [ 156.179687][ T5531] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x3 [ 156.181356][ T5531] hid-generic 0000:3000000:0000.0006: hidraw0: HID v0.00 Device [sy] on syz0 [ 156.323924][T12706] xt_policy: neither incoming nor outgoing policy selected [ 156.395723][T12711] SELinux: failed to load policy [ 156.709734][T12733] syz.3.3719 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 156.724030][T12733] CPU: 1 UID: 0 PID: 12733 Comm: syz.3.3719 Not tainted syzkaller #0 PREEMPT(voluntary) [ 156.724070][T12733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 156.724084][T12733] Call Trace: [ 156.724091][T12733] [ 156.724098][T12733] __dump_stack+0x1d/0x30 [ 156.724124][T12733] dump_stack_lvl+0x95/0xd0 [ 156.724151][T12733] dump_stack+0x15/0x1b [ 156.724210][T12733] dump_header+0x81/0x240 [ 156.724236][T12733] oom_kill_process+0x295/0x350 [ 156.724338][T12733] out_of_memory+0x97b/0xb80 [ 156.724361][T12733] try_charge_memcg+0x610/0xa10 [ 156.724472][T12733] obj_cgroup_charge_pages+0xa6/0x150 [ 156.724514][T12733] __memcg_kmem_charge_page+0x9f/0x170 [ 156.724553][T12733] __alloc_frozen_pages_noprof+0x18f/0x360 [ 156.724597][T12733] alloc_pages_mpol+0xb3/0x260 [ 156.724695][T12733] alloc_pages_noprof+0x90/0x130 [ 156.724733][T12733] __vmalloc_node_range_noprof+0xa7b/0x1310 [ 156.724781][T12733] __kvmalloc_node_noprof+0x492/0x6b0 [ 156.724871][T12733] ? ip_set_alloc+0x24/0x30 [ 156.724908][T12733] ? ip_set_alloc+0x24/0x30 [ 156.724942][T12733] ip_set_alloc+0x24/0x30 [ 156.725008][T12733] hash_netiface_create+0x282/0x740 [ 156.725064][T12733] ? __pfx_hash_netiface_create+0x10/0x10 [ 156.725107][T12733] ip_set_create+0x3cc/0x970 [ 156.725127][T12733] ? _raw_spin_unlock+0x26/0x50 [ 156.725170][T12733] nfnetlink_rcv_msg+0x4c6/0x590 [ 156.725296][T12733] netlink_rcv_skb+0x123/0x220 [ 156.725336][T12733] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 156.725393][T12733] nfnetlink_rcv+0x167/0x16c0 [ 156.725427][T12733] ? kmem_cache_free+0xe3/0x3a0 [ 156.725461][T12733] ? __kfree_skb+0x109/0x150 [ 156.725494][T12733] ? nlmon_xmit+0x4f/0x60 [ 156.725521][T12733] ? consume_skb+0x49/0x150 [ 156.725666][T12733] ? nlmon_xmit+0x4f/0x60 [ 156.725686][T12733] ? dev_hard_start_xmit+0x3b0/0x3e0 [ 156.725723][T12733] ? __dev_queue_xmit+0x13a6/0x1ee0 [ 156.725762][T12733] ? __dev_queue_xmit+0x148/0x1ee0 [ 156.725804][T12733] ? ref_tracker_free+0x37d/0x3e0 [ 156.725910][T12733] ? __netlink_deliver_tap+0x4dc/0x500 [ 156.725956][T12733] netlink_unicast+0x5c0/0x690 [ 156.725999][T12733] netlink_sendmsg+0x58b/0x6b0 [ 156.726075][T12733] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.726154][T12733] __sock_sendmsg+0x145/0x180 [ 156.726182][T12733] ____sys_sendmsg+0x31e/0x4a0 [ 156.726225][T12733] ___sys_sendmsg+0x17b/0x1d0 [ 156.726322][T12733] __x64_sys_sendmsg+0xd4/0x160 [ 156.726519][T12733] x64_sys_call+0x17ba/0x3000 [ 156.726603][T12733] do_syscall_64+0xca/0x2b0 [ 156.726726][T12733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.726792][T12733] RIP: 0033:0x7fe893fbf749 [ 156.726851][T12733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.726951][T12733] RSP: 002b:00007fe892a1f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 156.727016][T12733] RAX: ffffffffffffffda RBX: 00007fe894215fa0 RCX: 00007fe893fbf749 [ 156.727065][T12733] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005 [ 156.727108][T12733] RBP: 00007fe894043f91 R08: 0000000000000000 R09: 0000000000000000 [ 156.727150][T12733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.727186][T12733] R13: 00007fe894216038 R14: 00007fe894215fa0 R15: 00007ffedadf3ec8 [ 156.727300][T12733] [ 156.727322][T12733] memory: usage 307200kB, limit 307200kB, failcnt 291 [ 157.056938][T12733] memory+swap: usage 307552kB, limit 9007199254740988kB, failcnt 0 [ 157.056970][T12733] kmem: usage 307176kB, limit 9007199254740988kB, failcnt 0 [ 157.056985][T12733] Memory cgroup stats for /syz3: [ 157.091899][T12733] cache 4096 [ 157.091912][T12733] rss 4096 [ 157.091921][T12733] shmem 0 [ 157.091945][T12733] mapped_file 4096 [ 157.091954][T12733] dirty 0 [ 157.091963][T12733] writeback 0 [ 157.091972][T12733] workingset_refault_anon 272 [ 157.091981][T12733] workingset_refault_file 327 [ 157.091989][T12733] swap 360448 [ 157.091996][T12733] swapcached 16384 [ 157.092047][T12733] pgpgin 138909 [ 157.092055][T12733] pgpgout 138903 [ 157.092064][T12733] pgfault 143543 [ 157.092073][T12733] pgmajfault 41 [ 157.092082][T12733] inactive_anon 8192 [ 157.092116][T12733] active_anon 8192 [ 157.092123][T12733] inactive_file 4096 [ 157.092204][T12733] active_file 4096 [ 157.092213][T12733] unevictable 0 [ 157.092223][T12733] hierarchical_memory_limit 314572800 [ 157.092234][T12733] hierarchical_memsw_limit 9223372036854771712 [ 157.092246][T12733] total_cache 4096 [ 157.092255][T12733] total_rss 4096 [ 157.092264][T12733] total_shmem 0 [ 157.092311][T12733] total_mapped_file 4096 [ 157.092318][T12733] total_dirty 0 [ 157.092325][T12733] total_writeback 0 [ 157.092332][T12733] total_workingset_refault_anon 272 [ 157.092340][T12733] total_workingset_refault_file 327 [ 157.092348][T12733] total_swap 360448 [ 157.092408][T12733] total_swapcached 16384 [ 157.092416][T12733] total_pgpgin 138909 [ 157.092423][T12733] total_pgpgout 138903 [ 157.092430][T12733] total_pgfault 143548 [ 157.092437][T12733] total_pgmajfault 41 [ 157.092444][T12733] total_inactive_anon 8192 [ 157.092452][T12733] total_active_anon 8192 [ 157.092459][T12733] total_inactive_file 4096 [ 157.092467][T12733] total_active_file 4096 [ 157.092474][T12733] total_unevictable 0 [ 157.092532][T12733] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.3719,pid=12732,uid=0 [ 157.092721][T12733] Memory cgroup out of memory: Killed process 12732 (syz.3.3719) total-vm:95884kB, anon-rss:1264kB, file-rss:22184kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 157.228304][T12766] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3728'. [ 157.324109][T12778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 157.324239][T12778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.488527][ T29] kauditd_printk_skb: 99 callbacks suppressed [ 157.488546][ T29] audit: type=1400 audit(157.450:3825): avc: denied { setopt } for pid=12786 comm="syz.5.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 157.557335][ T29] audit: type=1326 audit(157.520:3826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12794 comm="syz.5.3736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.596706][ T29] audit: type=1326 audit(157.550:3827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12794 comm="syz.5.3736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.619695][ T29] audit: type=1326 audit(157.550:3828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12794 comm="syz.5.3736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=241 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.642893][ T29] audit: type=1326 audit(157.550:3829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12794 comm="syz.5.3736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.665845][ T29] audit: type=1326 audit(157.550:3830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12794 comm="syz.5.3736" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.717483][T12811] netlink: 'syz.5.3738': attribute type 3 has an invalid length. [ 157.741702][ T29] audit: type=1326 audit(157.710:3831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12815 comm="syz.5.3739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.770923][ T29] audit: type=1326 audit(157.710:3832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12815 comm="syz.5.3739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.793937][ T29] audit: type=1326 audit(157.710:3833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12815 comm="syz.5.3739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.817073][ T29] audit: type=1326 audit(157.710:3834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12815 comm="syz.5.3739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 157.891865][T12833] syz.5.3743: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 157.906449][T12833] CPU: 1 UID: 0 PID: 12833 Comm: syz.5.3743 Not tainted syzkaller #0 PREEMPT(voluntary) [ 157.906486][T12833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 157.906503][T12833] Call Trace: [ 157.906510][T12833] [ 157.906518][T12833] __dump_stack+0x1d/0x30 [ 157.906552][T12833] dump_stack_lvl+0x95/0xd0 [ 157.906656][T12833] dump_stack+0x15/0x1b [ 157.906763][T12833] warn_alloc+0x12b/0x1a0 [ 157.906804][T12833] __vmalloc_node_range_noprof+0xa0/0x1310 [ 157.906841][T12833] ? tracing_record_taskinfo_sched_switch+0x71/0x260 [ 157.906890][T12833] ? probe_sched_wakeup+0x85/0xa0 [ 157.906944][T12833] ? kvm_sched_clock_read+0x11/0x20 [ 157.906977][T12833] ? sched_clock+0x3f/0x60 [ 157.907014][T12833] ? __rcu_read_unlock+0x4f/0x70 [ 157.907041][T12833] ? avc_has_perm_noaudit+0xab/0x130 [ 157.907087][T12833] ? should_fail_ex+0x30/0x280 [ 157.907171][T12833] ? should_failslab+0x8c/0xb0 [ 157.907204][T12833] vmalloc_user_noprof+0x7d/0xb0 [ 157.907280][T12833] ? xskq_create+0x80/0xe0 [ 157.907303][T12833] xskq_create+0x80/0xe0 [ 157.907320][T12833] xsk_init_queue+0x95/0xf0 [ 157.907407][T12833] xsk_setsockopt+0x3f5/0x640 [ 157.907450][T12833] ? __pfx_xsk_setsockopt+0x10/0x10 [ 157.907653][T12833] __sys_setsockopt+0x184/0x200 [ 157.907703][T12833] __x64_sys_setsockopt+0x64/0x80 [ 157.907741][T12833] x64_sys_call+0x21d5/0x3000 [ 157.907776][T12833] do_syscall_64+0xca/0x2b0 [ 157.907879][T12833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.907910][T12833] RIP: 0033:0x7f7491c3f749 [ 157.907930][T12833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.907956][T12833] RSP: 002b:00007f74906a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 157.907983][T12833] RAX: ffffffffffffffda RBX: 00007f7491e95fa0 RCX: 00007f7491c3f749 [ 157.908006][T12833] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006 [ 157.908023][T12833] RBP: 00007f7491cc3f91 R08: 0000000000000004 R09: 0000000000000000 [ 157.908040][T12833] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.908057][T12833] R13: 00007f7491e96038 R14: 00007f7491e95fa0 R15: 00007fff5446ee08 [ 157.908083][T12833] [ 157.908143][T12833] Mem-Info: [ 158.112008][T12843] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 64993 [ 158.116843][T12833] active_anon:7794 inactive_anon:2 isolated_anon:0 [ 158.116843][T12833] active_file:16660 inactive_file:2285 isolated_file:0 [ 158.116843][T12833] unevictable:16393 dirty:75 writeback:0 [ 158.116843][T12833] slab_reclaimable:3345 slab_unreclaimable:159952 [ 158.116843][T12833] mapped:28884 shmem:175 pagetables:1441 [ 158.116843][T12833] sec_pagetables:0 bounce:0 [ 158.116843][T12833] kernel_misc_reclaimable:0 [ 158.116843][T12833] free:1704306 free_pcp:28995 free_cma:0 [ 158.184860][T12833] Node 0 active_anon:31176kB inactive_anon:8kB active_file:66640kB inactive_file:9140kB unevictable:65572kB isolated(anon):0kB isolated(file):0kB mapped:115536kB dirty:300kB writeback:0kB shmem:700kB kernel_stack:4912kB pagetables:5880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 158.212316][T12833] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 158.242043][T12833] lowmem_reserve[]: 0 2880 7859 7859 [ 158.247398][T12833] Node 0 DMA32 free:2945992kB boost:0kB min:4132kB low:7060kB high:9988kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:3129332kB managed:2949520kB mlocked:0kB bounce:0kB free_pcp:3528kB local_pcp:0kB free_cma:0kB [ 158.278587][T12833] lowmem_reserve[]: 0 0 4978 4978 [ 158.283734][T12833] Node 0 Normal free:3855872kB boost:0kB min:7188kB low:12284kB high:17380kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31060kB inactive_anon:8kB active_file:66640kB inactive_file:9140kB unevictable:65572kB writepending:300kB zspages:0kB present:5242880kB managed:5098240kB mlocked:0kB bounce:0kB free_pcp:112092kB local_pcp:91628kB free_cma:0kB [ 158.317219][T12833] lowmem_reserve[]: 0 0 0 0 [ 158.321812][T12833] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 158.334752][T12833] Node 0 DMA32: 2*4kB (M) 2*8kB (M) 3*16kB (M) 4*32kB (M) 4*64kB (M) 2*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (M) 3*2048kB (M) 716*4096kB (M) = 2945992kB [ 158.350951][T12833] Node 0 Normal: 1008*4kB (UME) 780*8kB (UM) 430*16kB (UME) 587*32kB (UM) 780*64kB (UM) 439*128kB (UM) 327*256kB (UME) 240*512kB (UME) 223*1024kB (UM) 137*2048kB (UM) 732*4096kB (UM) = 3855840kB [ 158.370437][T12833] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 158.379858][T12833] 35528 total pagecache pages [ 158.384580][T12833] 21 pages in swap cache [ 158.388895][T12833] Free swap = 124024kB [ 158.393163][T12833] Total swap = 124996kB [ 158.397389][T12833] 2097051 pages RAM [ 158.401279][T12833] 0 pages HighMem/MovableOnly [ 158.405978][T12833] 81271 pages reserved [ 158.555025][T12871] loop3: detected capacity change from 0 to 2048 [ 158.597091][T12871] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.636935][T12871] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 158.667496][T12871] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 30 with max blocks 1 with error 28 [ 158.680049][T12871] EXT4-fs (loop3): This should not happen!! Data will be lost [ 158.680049][T12871] [ 158.689822][T12871] EXT4-fs (loop3): Total free blocks count 0 [ 158.695945][T12871] EXT4-fs (loop3): Free/Dirty block details [ 158.701929][T12871] EXT4-fs (loop3): free_blocks=2415919104 [ 158.707753][T12871] EXT4-fs (loop3): dirty_blocks=32 [ 158.712975][T12871] EXT4-fs (loop3): Block reservation details [ 158.718980][T12871] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 158.741531][ T5674] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 158.817434][T12911] IPv6: NLM_F_CREATE should be specified when creating new route [ 158.933819][T12929] bridge0: entered promiscuous mode [ 158.945687][T12929] bridge0: port 2(macvtap1) entered blocking state [ 158.952299][T12929] bridge0: port 2(macvtap1) entered disabled state [ 158.959330][T12929] macvtap1: entered allmulticast mode [ 158.964837][T12929] bridge0: entered allmulticast mode [ 158.970917][T12929] macvtap1: left allmulticast mode [ 158.976085][T12929] bridge0: left allmulticast mode [ 158.981889][T12929] bridge0: left promiscuous mode [ 159.048069][T12938] netlink: 'syz.5.3762': attribute type 33 has an invalid length. [ 159.056016][T12938] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3762'. [ 159.066771][T12938] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3762'. [ 159.174486][T12947] netlink: 'syz.1.3766': attribute type 10 has an invalid length. [ 159.182462][T12947] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3766'. [ 159.192170][T12947] dummy0: entered promiscuous mode [ 159.197689][T12947] bridge0: port 2(dummy0) entered blocking state [ 159.204218][T12947] bridge0: port 2(dummy0) entered disabled state [ 159.216787][T12947] dummy0: entered allmulticast mode [ 159.223185][T12947] bridge0: port 2(dummy0) entered blocking state [ 159.229738][T12947] bridge0: port 2(dummy0) entered forwarding state [ 159.334828][T12960] loop3: detected capacity change from 0 to 2048 [ 159.353426][T12969] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3776'. [ 159.370546][T12960] loop3: p2 < > p3 < p5 > p4 [ 159.375359][T12960] loop3: partition table partially beyond EOD, truncated [ 159.409745][T12977] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3780'. [ 159.416020][T12960] loop3: p2 start 4278190080 is beyond EOD, truncated [ 159.441802][T12960] loop3: p4 size 8192 extends beyond EOD, truncated [ 159.449267][T12960] loop3: p5 size 8192 extends beyond EOD, truncated [ 159.618664][T13008] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3792'. [ 159.629689][T13008] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3792'. [ 160.151326][T13096] SELinux: ebitmap: empty map [ 160.159139][T13096] SELinux: failed to load policy [ 160.204562][T13107] 9p: Bad value for 'source' [ 160.332003][T13125] gre0: entered promiscuous mode [ 160.337051][T13125] gre0: entered allmulticast mode [ 160.711135][T13190] loop5: detected capacity change from 0 to 1024 [ 160.717900][T13190] EXT4-fs: Ignoring removed orlov option [ 160.731853][T13190] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.759507][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.786276][T13201] netlink: 'syz.5.3838': attribute type 3 has an invalid length. [ 161.216196][T13269] __nla_validate_parse: 1 callbacks suppressed [ 161.216221][T13269] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3856'. [ 161.231519][T13269] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3856'. [ 161.285981][T13278] loop5: detected capacity change from 0 to 2048 [ 161.320432][T13278] loop5: p2 < > p3 < p5 > p4 [ 161.325166][T13278] loop5: partition table partially beyond EOD, truncated [ 161.332527][T13278] loop5: p2 start 4278190080 is beyond EOD, truncated [ 161.340494][T13278] loop5: p4 size 8192 extends beyond EOD, truncated [ 161.347554][T13278] loop5: p5 size 8192 extends beyond EOD, truncated [ 161.681720][T13306] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3873'. [ 161.691675][T13303] usb usb8: usbfs: process 13303 (syz.3.3872) did not claim interface 0 before use [ 161.792402][T13321] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 161.805775][T13323] netlink: 'syz.5.3881': attribute type 7 has an invalid length. [ 162.335976][T13370] netlink: 'syz.5.3903': attribute type 10 has an invalid length. [ 162.343917][T13370] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3903'. [ 162.369525][T13372] netlink: 'syz.2.3904': attribute type 29 has an invalid length. [ 162.461613][T13373] delete_channel: no stack [ 162.695295][ T29] kauditd_printk_skb: 277 callbacks suppressed [ 162.695313][ T29] audit: type=1326 audit(162.660:4112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13392 comm="syz.5.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 162.770523][T13399] netlink: 'syz.2.3917': attribute type 13 has an invalid length. [ 162.789456][ T29] audit: type=1326 audit(162.660:4113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13392 comm="syz.5.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 162.812427][ T29] audit: type=1326 audit(162.660:4114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13392 comm="syz.5.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 162.812524][ T29] audit: type=1326 audit(162.670:4115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13392 comm="syz.5.3914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7491c3f749 code=0x7ffc0000 [ 162.884607][T13399] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 162.926537][T13401] loop5: detected capacity change from 0 to 4096 [ 162.941527][T13401] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.967332][ T29] audit: type=1400 audit(162.930:4116): avc: denied { add_name } for pid=13400 comm="syz.5.3918" name="file4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 162.987645][ T29] audit: type=1400 audit(162.930:4117): avc: denied { create } for pid=13400 comm="syz.5.3918" name="file4" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 163.012624][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.068878][ T29] audit: type=1400 audit(163.030:4118): avc: denied { firmware_load } for pid=13413 comm="syz.0.3924" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1 [ 163.180190][ T29] audit: type=1400 audit(163.090:4119): avc: denied { shutdown } for pid=13412 comm="syz.5.3923" lport=59247 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 163.200516][ T29] audit: type=1400 audit(163.100:4120): avc: denied { read } for pid=13412 comm="syz.5.3923" lport=59247 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 163.324855][ T29] audit: type=1400 audit(163.220:4121): avc: denied { create } for pid=13427 comm="syz.2.3931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 163.375816][T13448] loop5: detected capacity change from 0 to 256 [ 163.566192][T13481] netlink: 'syz.1.3954': attribute type 22 has an invalid length. [ 163.574193][T13481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3954'. [ 163.619226][T13481] netlink: 'syz.1.3954': attribute type 22 has an invalid length. [ 163.619220][ T9463] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 163.619325][ T9463] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 163.627223][T13481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3954'. [ 163.740931][ T9463] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 163.770034][ T9463] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.094586][T13536] block device autoloading is deprecated and will be removed. [ 164.247340][T13561] loop5: detected capacity change from 0 to 512 [ 164.254297][T13561] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 164.354104][T13572] loop1: detected capacity change from 0 to 256 [ 165.070631][T13590] netlink: 'syz.3.4001': attribute type 21 has an invalid length. [ 165.081507][T13590] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4001'. [ 165.090678][T13590] netlink: 'syz.3.4001': attribute type 1 has an invalid length. [ 165.161045][T13601] netlink: 68 bytes leftover after parsing attributes in process `syz.5.4004'. [ 165.191668][T13602] bridge0: entered promiscuous mode [ 165.218834][T13602] bridge0: port 1(macvtap1) entered blocking state [ 165.225483][T13602] bridge0: port 1(macvtap1) entered disabled state [ 165.242122][T13602] macvtap1: entered allmulticast mode [ 165.247566][T13602] bridge0: entered allmulticast mode [ 165.295046][T13602] macvtap1: left allmulticast mode [ 165.300304][T13602] bridge0: left allmulticast mode [ 165.310303][T13602] bridge0: left promiscuous mode [ 165.509320][T13642] xt_hashlimit: max too large, truncated to 1048576 [ 165.534990][T13642] xt_CT: You must specify a L4 protocol and not use inversions on it [ 165.641354][T13665] loop1: detected capacity change from 0 to 256 [ 165.923330][T13718] loop1: detected capacity change from 0 to 1024 [ 165.930865][T13718] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 165.941859][T13718] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 165.953341][T13718] JBD2: no valid journal superblock found [ 165.959254][T13718] EXT4-fs (loop1): Could not load journal inode [ 166.022778][T13730] serio: Serial port ptm0 [ 166.052209][T13740] sch_tbf: burst 22 is lower than device lo mtu (65550) ! [ 166.182955][T13769] netlink: 96 bytes leftover after parsing attributes in process `syz.5.4037'. [ 166.411322][T13815] loop3: detected capacity change from 0 to 764 [ 166.893388][T13850] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4063'. [ 167.001588][T13859] program syz.0.4067 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 167.011677][T13859] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 167.058745][T13867] bridge0: entered promiscuous mode [ 167.064821][T13867] bridge0: port 1(macvtap1) entered blocking state [ 167.071430][T13867] bridge0: port 1(macvtap1) entered disabled state [ 167.078242][T13867] macvtap1: entered allmulticast mode [ 167.083693][T13867] bridge0: entered allmulticast mode [ 167.089440][T13867] macvtap1: left allmulticast mode [ 167.094576][T13867] bridge0: left allmulticast mode [ 167.100017][T13867] bridge0: left promiscuous mode [ 167.176089][T13875] netlink: 536 bytes leftover after parsing attributes in process `syz.0.4075'. [ 167.185401][T13875] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4075'. [ 167.200078][T13877] netlink: 'syz.1.4076': attribute type 1 has an invalid length. [ 167.207955][T13877] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4076'. [ 167.263239][T13889] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4081'. [ 167.272355][T13889] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 167.284827][T13891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4082'. [ 167.294219][T13891] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 167.406749][T13903] Cannot find add_set index 0 as target [ 167.469251][T13915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.481040][T13915] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.492728][T13918] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13918 comm=syz.1.4094 [ 167.709671][ T29] kauditd_printk_skb: 205 callbacks suppressed [ 167.709687][ T29] audit: type=1326 audit(167.670:4327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.754227][ T29] audit: type=1326 audit(167.700:4328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.777252][ T29] audit: type=1326 audit(167.700:4329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.800217][ T29] audit: type=1326 audit(167.700:4330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.823263][ T29] audit: type=1326 audit(167.700:4331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.846181][ T29] audit: type=1326 audit(167.700:4332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.869121][ T29] audit: type=1326 audit(167.710:4333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.892086][ T29] audit: type=1326 audit(167.710:4334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.915053][ T29] audit: type=1326 audit(167.710:4335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.938021][ T29] audit: type=1326 audit(167.710:4336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13940 comm="syz.0.4105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 167.983746][T13948] netlink: 14 bytes leftover after parsing attributes in process `syz.5.4108'. [ 167.997119][T13948] hsr_slave_0: left promiscuous mode [ 168.010583][T13948] hsr_slave_1: left promiscuous mode [ 168.057172][T13952] tap0: tun_chr_ioctl cmd 2148553947 [ 168.531123][T13984] SELinux: failed to load policy [ 168.844428][T14024] loop5: detected capacity change from 0 to 128 [ 169.159291][T14042] SELinux: Context system_u:object_r:netutils_exec_t:s0 is not valid (left unmapped). [ 169.691790][T14074] program syz.1.4159 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 169.701562][T14071] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4158'. [ 169.713598][T14073] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4160'. [ 169.875472][T14095] lo: entered promiscuous mode [ 169.880468][T14095] lo: entered allmulticast mode [ 169.892567][T14095] tunl0: entered promiscuous mode [ 169.897706][T14095] tunl0: entered allmulticast mode [ 169.903763][T14095] gre0: entered promiscuous mode [ 169.908743][T14095] gre0: entered allmulticast mode [ 169.914549][T14095] gretap0: entered promiscuous mode [ 169.919771][T14095] gretap0: entered allmulticast mode [ 169.925805][T14095] erspan0: entered promiscuous mode [ 169.931112][T14095] erspan0: entered allmulticast mode [ 169.937434][T14095] ip_vti0: entered promiscuous mode [ 169.942691][T14095] ip_vti0: entered allmulticast mode [ 169.948580][T14095] ip6_vti0: entered promiscuous mode [ 169.953961][T14095] ip6_vti0: entered allmulticast mode [ 169.960481][T14095] sit0: entered promiscuous mode [ 169.965454][T14095] sit0: entered allmulticast mode [ 169.971417][T14095] ip6tnl0: entered promiscuous mode [ 169.976662][T14095] ip6tnl0: entered allmulticast mode [ 169.992406][T14095] ip6gre0: entered promiscuous mode [ 169.997648][T14095] ip6gre0: entered allmulticast mode [ 170.003483][T14095] bridge0: entered promiscuous mode [ 170.008774][T14095] bridge0: entered allmulticast mode [ 170.014834][T14095] vcan0: entered promiscuous mode [ 170.019999][T14095] vcan0: entered allmulticast mode [ 170.025966][T14095] bond0: entered promiscuous mode [ 170.031066][T14095] bond0: entered allmulticast mode [ 170.037535][T14095] team0: entered promiscuous mode [ 170.042635][T14095] team0: entered allmulticast mode [ 170.064169][T14095] dummy0: entered promiscuous mode [ 170.069359][T14095] dummy0: entered allmulticast mode [ 170.076152][T14095] nlmon0: entered promiscuous mode [ 170.081310][T14095] nlmon0: entered allmulticast mode [ 170.097364][T14095] caif0: entered promiscuous mode [ 170.102481][T14095] caif0: entered allmulticast mode [ 170.107679][T14095] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 170.318677][T14135] sch_tbf: burst 22 is lower than device lo mtu (65550) ! [ 170.340397][T14135] sch_tbf: burst 22 is lower than device lo mtu (65550) ! [ 170.477318][T14153] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4187'. [ 170.512143][T14158] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=14158 comm=syz.2.4189 [ 170.554420][T14163] lo speed is unknown, defaulting to 1000 [ 170.561722][T14163] lo speed is unknown, defaulting to 1000 [ 170.568841][T14163] lo speed is unknown, defaulting to 1000 [ 170.638736][T14163] infiniband syz1: set active [ 170.643545][T14163] infiniband syz1: added lo [ 170.648302][ T5531] lo speed is unknown, defaulting to 1000 [ 170.673278][T14163] RDS/IB: syz1: added [ 170.682027][T14163] smc: adding ib device syz1 with port count 1 [ 170.698655][T14163] smc: ib device syz1 port 1 has no pnetid [ 170.705058][ T5531] lo speed is unknown, defaulting to 1000 [ 170.711151][T14163] lo speed is unknown, defaulting to 1000 [ 170.748417][T14163] lo speed is unknown, defaulting to 1000 [ 170.788344][T14163] lo speed is unknown, defaulting to 1000 [ 170.805493][T14178] program syz.3.4198 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 170.831723][T14163] lo speed is unknown, defaulting to 1000 [ 170.877771][T14163] lo speed is unknown, defaulting to 1000 [ 170.970044][T14163] lo speed is unknown, defaulting to 1000 [ 171.242943][T14225] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 171.588486][T14256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.597294][T14256] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 171.895335][T14271] lo: entered promiscuous mode [ 171.900213][T14271] lo: entered allmulticast mode [ 171.910451][T14271] tunl0: entered promiscuous mode [ 171.915531][T14271] tunl0: entered allmulticast mode [ 171.925964][T14271] gre0: entered promiscuous mode [ 171.931091][T14271] gre0: entered allmulticast mode [ 171.937548][T14271] gretap0: entered promiscuous mode [ 171.942829][T14271] gretap0: entered allmulticast mode [ 171.948981][T14271] erspan0: entered promiscuous mode [ 171.954256][T14271] erspan0: entered allmulticast mode [ 171.960369][T14271] ip_vti0: entered promiscuous mode [ 171.965633][T14271] ip_vti0: entered allmulticast mode [ 171.971703][T14271] ip6_vti0: entered promiscuous mode [ 171.977031][T14271] ip6_vti0: entered allmulticast mode [ 171.983349][T14271] sit0: entered promiscuous mode [ 171.988351][T14271] sit0: entered allmulticast mode [ 171.994113][T14271] ip6tnl0: entered promiscuous mode [ 171.999427][T14271] ip6tnl0: entered allmulticast mode [ 172.005523][T14271] ip6gre0: entered promiscuous mode [ 172.010905][T14271] ip6gre0: entered allmulticast mode [ 172.017824][T14271] syz_tun: entered promiscuous mode [ 172.023140][T14271] syz_tun: entered allmulticast mode [ 172.029109][T14271] ip6gretap0: entered promiscuous mode [ 172.034652][T14271] ip6gretap0: entered allmulticast mode [ 172.041117][T14271] bridge0: entered promiscuous mode [ 172.046479][T14271] bridge0: entered allmulticast mode [ 172.052561][T14271] vcan0: entered promiscuous mode [ 172.057621][T14271] vcan0: entered allmulticast mode [ 172.063384][T14271] bond0: entered promiscuous mode [ 172.068447][T14271] bond0: entered allmulticast mode [ 172.075033][T14271] team0: entered promiscuous mode [ 172.080221][T14271] geneve1: entered promiscuous mode [ 172.085573][T14271] dummy0: entered promiscuous mode [ 172.090852][T14271] team0: entered allmulticast mode [ 172.096012][T14271] geneve1: entered allmulticast mode [ 172.101638][T14271] dummy0: entered allmulticast mode [ 172.109499][T14271] nlmon0: entered promiscuous mode [ 172.114746][T14271] nlmon0: entered allmulticast mode [ 172.120926][T14271] caif0: entered promiscuous mode [ 172.125972][T14271] caif0: entered allmulticast mode [ 172.131221][T14271] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.301132][T14293] loop3: detected capacity change from 0 to 512 [ 172.326747][T14293] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 172.347561][T14303] ------------[ cut here ]------------ [ 172.353103][T14303] verifier bug: REG INVARIANTS VIOLATION (true_reg1): range bounds violation u64=[0xffffdfcd, 0xffffffffffffdfcc] s64=[0x80000000ffffdfcd, 0x7fffffffffffdfcc] u32=[0xffffdfcd, 0xffffdfcc] s32=[0xffffdfcd, 0xffffdfcc] var_off=(0xffffdfcc, 0xffffffff00000000) [ 172.377699][T14303] WARNING: kernel/bpf/verifier.c:2748 at reg_bounds_sanity_check+0x15b/0x660, CPU#0: syz.1.4252/14303 [ 172.388888][T14303] Modules linked in: [ 172.392900][T14303] CPU: 0 UID: 0 PID: 14303 Comm: syz.1.4252 Not tainted syzkaller #0 PREEMPT(voluntary) [ 172.403142][T14303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 172.413427][T14303] RIP: 0010:reg_bounds_sanity_check+0x27d/0x660 [ 172.419713][T14303] Code: 24 78 4c 8b 44 24 70 4c 8b 4c 24 60 41 ff 74 24 20 41 55 53 ff 74 24 68 ff 74 24 78 ff b4 24 90 00 00 00 ff b4 24 b0 00 00 00 <67> 48 0f b9 3a 48 83 c4 38 4c 8b ac 24 98 00 00 00 49 8d 85 80 08 [ 172.439446][T14303] RSP: 0018:ffffc9000e4af3a0 EFLAGS: 00010246 [ 172.445609][T14303] RAX: ffff888123df2b90 RBX: 00000000ffffdfcc RCX: 00000000ffffdfcd [ 172.453623][T14303] RDX: ffffffff865fc107 RSI: ffffffff864c642d RDI: ffffffff86db6a10 [ 172.461669][T14303] RBP: ffff88810c823270 R08: ffffffffffffdfcc R09: 80000000ffffdfcd [ 172.469804][T14303] R10: 00000000000000d0 R11: 0000000000000002 R12: ffff88810c823230 [ 172.477843][T14303] R13: 00000000ffffdfcc R14: ffff88810c82327c R15: ffff88810c823268 [ 172.485895][T14303] FS: 00007f6703bdf6c0(0000) GS:ffff8882aedc5000(0000) knlGS:0000000000000000 [ 172.494867][T14303] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 172.501474][T14303] CR2: 0000200000001000 CR3: 0000000167042000 CR4: 00000000003506f0 [ 172.509494][T14303] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 172.517557][T14303] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 172.525580][T14303] Call Trace: [ 172.528871][T14303] [ 172.531894][T14303] reg_set_min_max+0x1c8/0x260 [ 172.536787][T14303] check_cond_jmp_op+0x13bd/0x1a80 [ 172.542174][T14303] do_check+0x3347/0x81f0 [ 172.546740][T14303] do_check_common+0xccf/0x1300 [ 172.551691][T14303] bpf_check+0x2f98/0xc860 [ 172.556216][T14303] ? __alloc_frozen_pages_noprof+0x18f/0x360 [ 172.562226][T14303] ? alloc_pages_bulk_noprof+0x4b9/0x540 [ 172.567883][T14303] ? __vmap_pages_range_noflush+0xbc4/0xcf0 [ 172.573887][T14303] ? try_charge_memcg+0x215/0xa10 [ 172.579000][T14303] ? pcpu_block_update+0x24e/0x3b0 [ 172.584159][T14303] ? pcpu_block_refresh_hint+0x157/0x170 [ 172.589813][T14303] ? pcpu_block_update_hint_alloc+0x63d/0x660 [ 172.595987][T14303] ? css_rstat_updated+0xbb/0x280 [ 172.601043][T14303] ? mod_memcg_state+0x182/0x270 [ 172.606083][T14303] ? __rcu_read_unlock+0x4f/0x70 [ 172.611091][T14303] ? pcpu_memcg_post_alloc_hook+0xec/0x170 [ 172.616922][T14303] ? bpf_prog_alloc+0x5b/0x150 [ 172.621785][T14303] ? pcpu_alloc_noprof+0xd0d/0x1240 [ 172.627084][T14303] ? should_fail_ex+0x30/0x280 [ 172.631904][T14303] ? __kmalloc_noprof+0x2b4/0x5a0 [ 172.637001][T14303] ? security_bpf_prog_load+0x60/0x140 [ 172.642498][T14303] ? selinux_bpf_prog_load+0xad/0xd0 [ 172.647871][T14303] ? security_bpf_prog_load+0x9e/0x140 [ 172.653428][T14303] bpf_prog_load+0xf6e/0x1140 [ 172.658195][T14303] ? security_bpf+0x2b/0x90 [ 172.662742][T14303] __sys_bpf+0x469/0x7c0 [ 172.667063][T14303] __x64_sys_bpf+0x41/0x50 [ 172.671626][T14303] x64_sys_call+0x28e1/0x3000 [ 172.676339][T14303] do_syscall_64+0xca/0x2b0 [ 172.680894][T14303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.686925][T14303] RIP: 0033:0x7f670517f749 [ 172.691479][T14303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.711157][T14303] RSP: 002b:00007f6703bdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 172.719613][T14303] RAX: ffffffffffffffda RBX: 00007f67053d5fa0 RCX: 00007f670517f749 [ 172.727609][T14303] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 172.735707][T14303] RBP: 00007f6705203f91 R08: 0000000000000000 R09: 0000000000000000 [ 172.743781][T14303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 172.751773][T14303] R13: 00007f67053d6038 R14: 00007f67053d5fa0 R15: 00007ffe72b469c8 [ 172.759912][T14303] [ 172.762950][T14303] ---[ end trace 0000000000000000 ]--- [ 172.774070][ T29] kauditd_printk_skb: 99 callbacks suppressed [ 172.774087][ T29] audit: type=1326 audit(172.740:4436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14304 comm="syz.2.4253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 172.845399][ T3316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.854726][ T29] audit: type=1326 audit(172.770:4437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14304 comm="syz.2.4253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 172.877658][ T29] audit: type=1326 audit(172.770:4438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14304 comm="syz.2.4253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 172.900842][ T29] audit: type=1326 audit(172.770:4439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14304 comm="syz.2.4253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 172.923799][ T29] audit: type=1326 audit(172.770:4440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14304 comm="syz.2.4253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 172.949030][ T29] audit: type=1326 audit(172.910:4441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14313 comm="syz.0.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 172.972013][ T29] audit: type=1326 audit(172.910:4442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14313 comm="syz.0.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 173.029652][ T29] audit: type=1326 audit(172.910:4443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14313 comm="syz.0.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 173.052758][ T29] audit: type=1326 audit(172.940:4444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14313 comm="syz.0.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 173.075717][ T29] audit: type=1326 audit(172.940:4445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14313 comm="syz.0.4258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ca47ff749 code=0x7ffc0000 [ 173.102108][T14322] __nla_validate_parse: 5 callbacks suppressed [ 173.102127][T14322] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4263'. [ 173.247843][T14358] netlink: 64 bytes leftover after parsing attributes in process `syz.2.4269'. [ 173.302256][T14366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.321273][T14366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.347176][T14371] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4273'. [ 173.563320][T14406] option changes via remount are deprecated (pid=14405 comm=syz.1.4281) [ 173.571788][T14406] cgroup: option or name mismatch, new: 0x0 "kmem_cache_free", old: 0x0 "" [ 174.640687][T14542] ALSA: seq fatal error: cannot create timer (-19) [ 174.787078][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.794633][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.802069][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.809707][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.817451][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.824972][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.832468][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.839911][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.847418][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.854885][ T5531] hid-generic 0003:0004:0000.0007: unknown main item tag 0x0 [ 174.863943][ T5531] hid-generic 0003:0004:0000.0007: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 174.988122][T14577] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4317'. [ 175.036797][T14580] bridge0: port 3(ipvlan2) entered blocking state [ 175.043707][T14580] bridge0: port 3(ipvlan2) entered disabled state [ 175.051522][T14580] ipvlan2: entered allmulticast mode [ 175.056894][T14580] bridge0: entered allmulticast mode [ 175.063009][T14583] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4319'. [ 175.074260][T14580] ipvlan2: left allmulticast mode [ 175.079328][T14580] bridge0: left allmulticast mode [ 175.092869][T14583] 8021q: adding VLAN 0 to HW filter on device bond2 [ 175.109297][T14583] bond2: (slave batadv1): Opening slave failed [ 175.169380][T14588] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4321'. [ 175.178377][T14588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4321'. [ 175.219248][T14590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4322'. [ 175.230724][T14588] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4321'. [ 175.239662][T14588] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4321'. [ 175.380309][ T5531] Process accounting resumed [ 175.415590][T14606] ref_ctr_offset mismatch. inode: 0x1083 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018 [ 175.452241][T14610] vlan2: entered promiscuous mode [ 175.560369][T14622] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 175.648594][T14626] atomic_op ffff8881039f9d28 conn xmit_atomic 0000000000000000 [ 175.812359][T14643] netlink: 'syz.5.4348': attribute type 2 has an invalid length. [ 175.974700][T14656] loop5: detected capacity change from 0 to 1024 [ 176.008976][T14656] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.044911][ T6068] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.185446][T14682] can0: slcan on ttyS3. [ 176.190774][T14684] rdma_rxe: rxe_newlink: failed to add lo [ 176.230249][T14681] can0 (unregistered): slcan off ttyS3. [ 176.274802][T14696] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=14696 comm=syz.5.4370 [ 176.287498][T14696] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=14696 comm=syz.5.4370 [ 176.598344][T14741] netlink: 'syz.1.4391': attribute type 1 has an invalid length. [ 176.846506][T14779] ip6gre2: entered promiscuous mode [ 176.851874][T14779] ip6gre2: entered allmulticast mode [ 176.858326][ T5683] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 176.865933][ T5683] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 176.876237][T14779] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 176.884140][ T8796] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 176.918506][T14784] loop3: detected capacity change from 0 to 128 [ 177.052496][ T5531] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 177.238762][T14805] netlink: 'syz.3.4418': attribute type 1 has an invalid length. [ 177.277032][T14805] 8021q: adding VLAN 0 to HW filter on device bond3 [ 177.320285][ T8796] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 177.349422][T14805] bond3: (slave geneve2): making interface the new active one [ 177.359799][T14805] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 177.368749][ T5668] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.379507][ T5668] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.401061][T14808] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 177.417377][ T5668] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.446397][ T5668] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.702637][T14827] ALSA: seq fatal error: cannot create timer (-19) [ 177.783646][ T8796] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 178.024877][T14839] lo speed is unknown, defaulting to 1000 [ 178.475575][T14861] __nla_validate_parse: 13 callbacks suppressed [ 178.475612][T14861] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4442'. [ 178.554235][T14874] SELinux: policydb version 398647949 does not match my version range 15-35 [ 178.583501][T14874] SELinux: failed to load policy [ 178.641157][T14884] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4449'. [ 178.650182][T14884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4449'. [ 178.688758][ T5667] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.698714][T14884] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4449'. [ 178.707932][T14884] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4449'. [ 178.733221][ T5667] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.750028][ T5667] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.786565][ T5667] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 178.895217][T14918] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4460'. [ 178.904299][T14918] netlink: 108 bytes leftover after parsing attributes in process `syz.5.4460'. [ 178.945998][T14918] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4460'. [ 178.976967][T14918] netlink: 108 bytes leftover after parsing attributes in process `syz.5.4460'. [ 178.986125][T14918] netlink: 84 bytes leftover after parsing attributes in process `syz.5.4460'. [ 179.086717][T14946] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 179.097486][T14948] netlink: 'syz.1.4470': attribute type 21 has an invalid length. [ 179.122806][T14948] netlink: 'syz.1.4470': attribute type 1 has an invalid length. [ 179.133993][ T29] kauditd_printk_skb: 152 callbacks suppressed [ 179.134010][ T29] audit: type=1400 audit(2147483827.104:4598): avc: denied { map } for pid=14951 comm="syz.5.4471" path="/" dev="tmpfs" ino=3935 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 179.165559][ T29] audit: type=1400 audit(2147483827.104:4599): avc: denied { execute } for pid=14951 comm="syz.5.4471" path="/" dev="tmpfs" ino=3935 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 179.271906][ T29] audit: type=1400 audit(2147483827.244:4600): avc: denied { mount } for pid=14970 comm="syz.1.4477" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 179.350765][ T29] audit: type=1326 audit(2147483827.304:4601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14976 comm="syz.3.4480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 179.374592][ T29] audit: type=1326 audit(2147483827.304:4602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14976 comm="syz.3.4480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 179.398333][ T29] audit: type=1326 audit(2147483827.304:4603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14976 comm="syz.3.4480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 179.421897][ T29] audit: type=1326 audit(2147483827.304:4604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14976 comm="syz.3.4480" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe893fbf749 code=0x7ffc0000 [ 179.534462][ T29] audit: type=1400 audit(2147483827.504:4605): avc: denied { create } for pid=15001 comm="syz.5.4487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 179.684110][T15025] vlan3: entered promiscuous mode [ 180.278504][T15023] Set syz1 is full, maxelem 65536 reached [ 180.373244][T15106] netlink: 'syz.3.4499': attribute type 21 has an invalid length. [ 180.541496][ T5680] Bluetooth: hci0: Frame reassembly failed (-84) [ 180.549131][ T29] audit: type=1400 audit(2147483828.514:4606): avc: denied { ioctl } for pid=15144 comm="syz.3.4506" path="socket:[39213]" dev="sockfs" ino=39213 ioctlcmd=0x48f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 180.580248][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 180.796185][T15169] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 180.981515][ T29] audit: type=1326 audit(2147483828.954:4607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15206 comm="syz.2.4537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabcac6f749 code=0x7ffc0000 [ 181.049968][T15216] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15216 comm=syz.0.4541 [ 181.289016][T15240] lo speed is unknown, defaulting to 1000 [ 181.406582][T15247] hub 9-0:1.0: USB hub found [ 181.411542][T15247] hub 9-0:1.0: 8 ports detected [ 181.461148][T15253] batadv_slave_1: entered promiscuous mode [ 181.468396][T15253] batadv_slave_1 (unregistering): left promiscuous mode [ 182.179864][T15284] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 182.262619][T15272] ================================================================== [ 182.270868][T15272] BUG: KCSAN: data-race in shmem_file_splice_read / shmem_file_splice_read [ 182.279528][T15272] [ 182.281875][T15272] write to 0xffff88811cae8ca8 of 8 bytes by task 15274 on cpu 0: [ 182.289611][T15272] shmem_file_splice_read+0x470/0x600 [ 182.295019][T15272] splice_direct_to_actor+0x26f/0x680 [ 182.300421][T15272] do_splice_direct+0xda/0x150 [ 182.305214][T15272] do_sendfile+0x380/0x650 [ 182.309672][T15272] __x64_sys_sendfile64+0x105/0x150 [ 182.314913][T15272] x64_sys_call+0x2db1/0x3000 [ 182.319730][T15272] do_syscall_64+0xca/0x2b0 [ 182.324295][T15272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.330490][T15272] [ 182.332845][T15272] write to 0xffff88811cae8ca8 of 8 bytes by task 15272 on cpu 1: [ 182.340604][T15272] shmem_file_splice_read+0x470/0x600 [ 182.346024][T15272] splice_direct_to_actor+0x26f/0x680 [ 182.351450][T15272] do_splice_direct+0xda/0x150 [ 182.356254][T15272] do_sendfile+0x380/0x650 [ 182.360714][T15272] __x64_sys_sendfile64+0x105/0x150 [ 182.365949][T15272] x64_sys_call+0x2db1/0x3000 [ 182.370679][T15272] do_syscall_64+0xca/0x2b0 [ 182.375246][T15272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.381169][T15272] [ 182.383505][T15272] value changed: 0x0000000000001e06 -> 0x0000000000001e09 [ 182.390658][T15272] [ 182.393004][T15272] Reported by Kernel Concurrency Sanitizer on: [ 182.399172][T15272] CPU: 1 UID: 0 PID: 15272 Comm: syz.0.4567 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 182.410584][T15272] Tainted: [W]=WARN [ 182.414433][T15272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 182.424505][T15272] ================================================================== [ 182.570205][ T44] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 182.570436][ T4851] Bluetooth: hci0: command 0x1003 tx timeout [ 188.570268][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured!