last executing test programs: 11m7.934410721s ago: executing program 3 (id=4255): setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bind$unix(r0, &(0x7f0000000380)=@file={0x0, './bus\x00'}, 0x6e) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 11m3.441400029s ago: executing program 3 (id=4259): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = getpid() r1 = socket(0x10, 0x803, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) socket$nl_audit(0x10, 0x3, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b000000070000000f000100490000c701000071965641a833061f7e00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r5, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000140)='qdisc_enqueue\x00', r7, 0x0, 0x3}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r5, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r8}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") 10m58.858117868s ago: executing program 3 (id=4262): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000000000f6000000006debff00850000007b00"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) io_setup(0x3ff, &(0x7f0000000500)=0x0) io_destroy(r1) 10m58.434264465s ago: executing program 3 (id=4263): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 10m56.913536877s ago: executing program 3 (id=4267): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f00000006c0)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000300)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40)) pipe(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) 10m55.594066217s ago: executing program 3 (id=4271): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 10m39.109862997s ago: executing program 32 (id=4271): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 9m45.171190511s ago: executing program 5 (id=4407): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000e2b39393e01cbc21c4c6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000800006da500000000000000a6de0043e766b1007200000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020) creat(&(0x7f0000000600)='./file0\x00', 0xca) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r6 = dup(0xffffffffffffffff) write$P9_RLERRORu(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 9m42.60044665s ago: executing program 5 (id=4417): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bind$unix(r0, &(0x7f0000000380)=@file={0x0, './bus\x00'}, 0x6e) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r4}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 9m35.209514962s ago: executing program 5 (id=4429): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000e2b39393e01cbc21c4", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000800006da500000000000000a6de0043e766b1007200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020) creat(&(0x7f0000000600)='./file0\x00', 0xca) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r6 = dup(0xffffffffffffffff) write$P9_RLERRORu(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 9m29.578187876s ago: executing program 5 (id=4432): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x10200, 0x2, 0x0, 0x1000, &(0x7f00002e3000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0xffffffffffffffff, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6}) mkdir(&(0x7f0000000400)='./file0\x00', 0x99) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001b80)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 9m29.37806377s ago: executing program 5 (id=4438): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) open_tree(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x9101) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0300"/15, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000001a00000000000000000000000000000000080200"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRESHEX=r3, @ANYRES64=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r5, 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000200000000000000001809"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="00fb390208d3fbc22774f5c1839f8454631b342adc2bcc2dfe7f0069c93d01d29fb4292ae72e6a1d0180000000000000c13eb069ae9377edaa3db687478d6b6d8025eaa9a16c251603ea9746058f0bc479bd9baa8f84cbd6e9740190e762417c9c22bbc2283662637698e725a0bb84bcdf413297590c78e72c57a969440927fd733826e4468fe95ec526ca83a60ffb7d7451e42d3f000000000000000000"], 0x39, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000)={0x1f, @any, 0x8}, 0xa) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7}, {0x1}}, {{@in=@dev={0xac, 0x14, 0x14, 0x1d}, 0x0, 0x6c}, 0x0, @in6=@dev}}, 0xe8) syz_emit_ethernet(0x3e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaf368656e065b0800450000300000000000019078ac1e0001e00000010400907803000000450000000000000000000000ac141400ac141400732958c7308bf61649b2efca4fe8bc31a77bc7412784e87fddb0e7b177efc23869f577075a82635d05fe0031116f3e24849bf073cd3ffdc844f8f729b68237"], 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r7}, 0x38) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r8}, 0x10) 9m28.869392127s ago: executing program 5 (id=4439): socket(0x10, 0x3, 0x0) getpgrp(0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}}) gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8001}, 0x4000c8c4) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1, 0x0, 0x0, 0x48040}, 0x20000000) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x9) recvmsg(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) read$ptp(r3, 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r7}, 0x0, &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r8, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40002002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) fstat(r9, &(0x7f0000007f80)) 9m27.738875244s ago: executing program 33 (id=4439): socket(0x10, 0x3, 0x0) getpgrp(0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}}) gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00'}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8001}, 0x4000c8c4) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendmsg$tipc(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1, 0x0, 0x0, 0x48040}, 0x20000000) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x9) recvmsg(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) read$ptp(r3, 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r6, 0x1, 0x0, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r7}, 0x0, &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r8, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40002002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) fstat(r9, &(0x7f0000007f80)) 19.518100151s ago: executing program 0 (id=6095): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x6c, r2, 0x1, 0x70bd27, 0x8, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4, 0x2, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @remote, 0xdd}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}]}, 0x6c}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) ioprio_set$uid(0x0, 0x0, 0x4000) 19.308947604s ago: executing program 0 (id=6096): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc66"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bind$unix(r1, &(0x7f0000000380)=@file={0x0, './bus\x00'}, 0x6e) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) 15.02626887s ago: executing program 1 (id=6102): bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1600000004000000040000000500000000000000", @ANYRES32, @ANYBLOB="000000000000fcffcadac9da896bac847d676b00009400400000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000f00)=ANY=[@ANYBLOB="61128c030000000061138c8800000000bf30000000000000150000000009240b2d03010000000000950000a7000000006916700000000000bf67000000000000b5070000fcff0304670600001f000000370300000ef90060bf050000000000007e650000000000006507f9ff01000000470700004c0000005f75000000000000bf54000000000000070400000400f9fead4301000000000095000000000000000500000000000000950000000000000032ed3c5be9529914953170d2d7ffffff8ecf264e9981db7d04df3244c7bd7e7e7f2f1754558f2278af6d71c19a5e12814cb1d8a5d4601d15871637b65f8903dc8700a0b9bdb7dd399700d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fc9de56c9d8a814261bd81762bab839dfa66810b5b40d893ea8fe0185473d51b546c087431d770000000767c955cfa1f6ab689fde4de5f832c8b664e73b99b6c2e0ab330e1c7feada70600000000000000b7010001000000009af619e3cca4d19e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d9fee0000000000000000c8fb735fd552bdc206004aeb0743eb3dc819b6cf5c8a0700000000000000a13d0045fb3cdaffa673a6bb55d8c85f21dce44aba5387e35350481aedac065b5031e56723888fb126a163f16fb2ad9bc1172bec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f11294b4800a045ea11b3566bf3a649878e582f2af97787f696649a462e7ee4bcf89cbf2f0800000000000000b2c4acb07a10d6732f54beb40000040000000000000000000000000200f674629709e7e78f4ddc211bc304f0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46e4e827f3477523dcfa17690884f8d2001e03a651bb96589a7eab010e861bbd0000000000000000c5904c647802cf86f1b4c3005f33d83f84e98a72fbbecd106425563d80bd0d0d703f37ca153f601a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socket$key(0xf, 0x3, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000fa31aea9639d57eef01699074480ae111b317619c0a4a81749687d41b7fa7ba294ee9c3dbdc8d09d4decd12b0085e55e71e5fc78b940028f6a4a"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f0000000500)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") creat(&(0x7f00000000c0)='./bus\x00', 0x182) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) writev(r4, &(0x7f0000000500)=[{&(0x7f0000000400)="db83706903dd5bbda1b912", 0xb}, {&(0x7f00000005c0)='>h', 0x2}, {&(0x7f0000000300)="5388", 0x2}], 0x3) 14.888119942s ago: executing program 2 (id=6103): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = socket(0x10, 0x803, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b000000070000000f000100490000c701000071965641a833061f7e00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000140)='qdisc_enqueue\x00', r6, 0x0, 0x3}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000530464"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") 14.694803155s ago: executing program 6 (id=6105): bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1600000004000000040000000500000000000000", @ANYRES32, @ANYBLOB="000000000000fcffcadac9da896bac847d676b00009400400000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000f00)=ANY=[@ANYBLOB="61128c030000000061138c8800000000bf30000000000000150000000009240b2d03010000000000950000a7000000006916700000000000bf67000000000000b5070000fcff0304670600001f000000370300000ef90060bf050000000000007e650000000000006507f9ff01000000470700004c0000005f75000000000000bf54000000000000070400000400f9fead4301000000000095000000000000000500000000000000950000000000000032ed3c5be9529914953170d2d7ffffff8ecf264e9981db7d04df3244c7bd7e7e7f2f1754558f2278af6d71c19a5e12814cb1d8a5d4601d15871637b65f8903dc8700a0b9bdb7dd399700d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fc9de56c9d8a814261bd81762bab839dfa66810b5b40d893ea8fe0185473d51b546c087431d770000000767c955cfa1f6ab689fde4de5f832c8b664e73b99b6c2e0ab330e1c7feada70600000000000000b7010001000000009af619e3cca4d19e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d9fee0000000000000000c8fb735fd552bdc206004aeb0743eb3dc819b6cf5c8a0700000000000000a13d0045fb3cdaffa673a6bb55d8c85f21dce44aba5387e35350481aedac065b5031e56723888fb126a163f16fb2ad9bc1172bec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f11294b4800a045ea11b3566bf3a649878e582f2af97787f696649a462e7ee4bcf89cbf2f0800000000000000b2c4acb07a10d6732f54beb40000040000000000000000000000000200f674629709e7e78f4ddc211bc304f0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46e4e827f3477523dcfa17690884f8d2001e03a651bb96589a7eab010e861bbd0000000000000000c5904c647802cf86f1b4c3005f33d83f84e98a72fbbecd106425563d80bd0d0d703f37ca153f601a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socket$key(0xf, 0x3, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000fa31aea9639d57eef01699074480ae111b317619c0a4a81749687d41b7fa7ba294ee9c3dbdc8d09d4decd12b0085e55e71e5fc78b940028f6a4a"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f0000000500)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") creat(&(0x7f00000000c0)='./bus\x00', 0x182) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) writev(r4, &(0x7f0000000500)=[{&(0x7f0000000400)="db83706903dd5bbda1b912", 0xb}, {&(0x7f00000005c0)='>h', 0x2}, {&(0x7f0000000300)="5388", 0x2}], 0x3) 14.631408116s ago: executing program 1 (id=6106): socket(0x10, 0x3, 0x0) getpgrp(0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000000)={0x2, {0xc, 0xa00, 0x0, 0x101, 0x100}}) r1 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00'}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x8001}, 0x4000c8c4) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) sendmsg$tipc(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811dbf40b3a7da5a8a64db04ed6dd26eea2e37229c339b1f91201c2796173864", 0x3d}], 0x1, 0x0, 0x0, 0x48040}, 0x20000000) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e0000008500"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x9) recvmsg(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x40fd) read$ptp(r4, 0x0, 0x0) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r7, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r8}, 0x0, 0x0}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40002002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f000000000000000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) fstat(r10, &(0x7f0000007f80)) 12.40670478s ago: executing program 1 (id=6107): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000e2b39393e01cbc21c4c6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000800006da500000000000000a6de0043e766b1007200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020) creat(&(0x7f0000000600)='./file0\x00', 0xca) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000"], 0x15) r6 = dup(0xffffffffffffffff) write$P9_RLERRORu(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 10.958212552s ago: executing program 1 (id=6110): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f00000006c0)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000300)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) pipe(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 10.813336925s ago: executing program 1 (id=6112): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) open_tree(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x9101) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000001a00000000000000000000000000000000080200"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRESHEX=r3, @ANYRES64=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r5, 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000200000000000000001809"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="00fb390208d3fbc22774f5c1839f8454631b342adc2bcc2dfe7f0069c93d01d29fb4292ae72e6a1d0180000000000000c13eb069ae9377edaa3db687478d6b6d8025eaa9a16c251603ea9746058f0bc479bd9baa8f84cbd6e9740190e762417c9c22bbc2283662637698e725a0bb84bcdf413297590c78e72c57a969440927fd733826e4468fe95ec526ca83a60ffb7d7451e42d3f000000000000000000"], 0x39, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r4}, 0x18) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r7, &(0x7f0000000000)={0x1f, @any, 0x8}, 0xa) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7}, {0x1}}, {{@in=@dev={0xac, 0x14, 0x14, 0x1d}, 0x0, 0x6c}, 0x0, @in6=@dev}}, 0xe8) syz_emit_ethernet(0x3e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaf368656e065b0800450000300000000000019078ac1e0001e00000010400907803000000450000000000000000000000ac141400ac141400732958c7308bf61649b2efca4fe8bc31a77bc7412784e87fddb0e7b177efc23869f577075a82635d05fe0031116f3e24849bf073cd3ffdc844f8f729b68237"], 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r8}, 0x38) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r9}, 0x10) 10.803508185s ago: executing program 4 (id=6113): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 10.755564955s ago: executing program 6 (id=6114): r0 = socket(0x1e, 0x805, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6(0xa, 0x3, 0xff) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x0, 0x1}, 0x2}}, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="0200000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 10.734345696s ago: executing program 4 (id=6115): bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1600000004000000040000000500000000000000", @ANYRES32, @ANYBLOB="000000000000fcffcadac9da896bac847d676b00009400400000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000400"/28], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000f00)=ANY=[@ANYBLOB="61128c030000000061138c8800000000bf30000000000000150000000009240b2d03010000000000950000a7000000006916700000000000bf67000000000000b5070000fcff0304670600001f000000370300000ef90060bf050000000000007e650000000000006507f9ff01000000470700004c0000005f75000000000000bf54000000000000070400000400f9fead4301000000000095000000000000000500000000000000950000000000000032ed3c5be9529914953170d2d7ffffff8ecf264e9981db7d04df3244c7bd7e7e7f2f1754558f2278af6d71c19a5e12814cb1d8a5d4601d15871637b65f8903dc8700a0b9bdb7dd399700d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fc9de56c9d8a814261bd81762bab839dfa66810b5b40d893ea8fe0185473d51b546c087431d770000000767c955cfa1f6ab689fde4de5f832c8b664e73b99b6c2e0ab330e1c7feada70600000000000000b7010001000000009af619e3cca4d19e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d9fee0000000000000000c8fb735fd552bdc206004aeb0743eb3dc819b6cf5c8a0700000000000000a13d0045fb3cdaffa673a6bb55d8c85f21dce44aba5387e35350481aedac065b5031e56723888fb126a163f16fb2ad9bc1172bec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f11294b4800a045ea11b3566bf3a649878e582f2af97787f696649a462e7ee4bcf89cbf2f0800000000000000b2c4acb07a10d6732f54beb40000040000000000000000000000000200f674629709e7e78f4ddc211bc304f0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46e4e827f3477523dcfa17690884f8d2001e03a651bb96589a7eab010e861bbd0000000000000000c5904c647802cf86f1b4c3005f33d83f84e98a72fbbecd106425563d80bd0d0d703f37ca153f601a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socket$key(0xf, 0x3, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000fa31aea9639d57eef01699074480ae111b317619c0a4a81749687d41b7fa7ba294ee9c3dbdc8d09d4decd12b0085e55e71e5fc78b940028f6a4af17fed8c04b6df0e12e34ebcc29600"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r3}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_page_alloc\x00', r2}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@usrjquota}]}, 0xff, 0x240, &(0x7f0000000500)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") creat(&(0x7f00000000c0)='./bus\x00', 0x182) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) writev(r4, &(0x7f0000000500)=[{&(0x7f0000000400)="db83706903dd5bbda1b912", 0xb}, {&(0x7f00000005c0)='>h', 0x2}, {&(0x7f0000000300)="5388", 0x2}], 0x3) 10.527978289s ago: executing program 0 (id=6100): bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32], 0x18}, 0x8810) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) sendmsg$unix(r0, 0x0, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='sched_kthread_work_queue_work\x00'}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) 10.112400735s ago: executing program 1 (id=6116): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) r0 = socket(0x10, 0x803, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b000000070000000f000100490000c701000071965641a833061f7e00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000140)='qdisc_enqueue\x00', r6, 0x0, 0x3}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000530464"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") 10.110387565s ago: executing program 2 (id=6117): bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32], 0x18}, 0x8810) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r2, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f00000002c0)='sched_kthread_work_queue_work\x00', r3}, 0x10) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="08f272f808af"}) 9.777447431s ago: executing program 6 (id=6118): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x20040849}, 0x8010) r5 = socket(0x10, 0x2, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x2b, 0x3, 0x200) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x6, 0x5, 0x5) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x10, 0x3}, {0x0, 0xfff1}, {0xf, 0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x29, 0x0, 0x40, 0x0, 0x1a, @mcast1, @mcast2={0xff, 0x3}, 0x0, 0x8, 0xfffffffe, 0xffffffff}}) 9.15339822s ago: executing program 4 (id=6119): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x1, 0xfffffffffffffd22, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000740)=""/67, 0x0, 0xd000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000ac0)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000000)={0x2}) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(&(0x7f0000001900), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000280)={{0x0, 0x0, 0x2, 0x3, 0x3}, 0x392a92e9, 0x1, 'id1\x00', 'timer1\x00', 0x0, 0x100, 0x8, 0x3, 0x3}) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0xffff, 0x0, 0x1c42}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_IF_ID={0x8, 0x2, 0xfffffffe}]}}}, @IFLA_IFNAME={0x14, 0x3, 'xfrm0\x00'}]}, 0x50}}, 0x0) 9.14569019s ago: executing program 2 (id=6120): openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="00000000000000000000e2b39393e01cbc21c4c6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0e000000040000000800006da500000000000000a6de0043e766b1007200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) read$FUSE(r0, &(0x7f000000c400)={0x2020}, 0x2020) creat(&(0x7f0000000600)='./file0\x00', 0xca) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000"], 0x15) r6 = dup(0xffffffffffffffff) write$P9_RLERRORu(r6, &(0x7f0000000300)=ANY=[@ANYBLOB='S\x00\x00\x00\a'], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 9.031177362s ago: executing program 0 (id=6121): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) open_tree(0xffffffffffffffff, &(0x7f00000000c0)='.\x00', 0x9101) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0300"/15, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000001a00000000000000000000000000000000080200"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRESHEX=r3, @ANYRES64=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r5, 0x2000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="0000000000000000b708"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000200000000000000001809"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100), &(0x7f0000000240)=ANY=[@ANYBLOB="00fb390208d3fbc22774f5c1839f8454631b342adc2bcc2dfe7f0069c93d01d29fb4292ae72e6a1d0180000000000000c13eb069ae9377edaa3db687478d6b6d8025eaa9a16c251603ea9746058f0bc479bd9baa8f84cbd6e9740190e762417c9c22bbc2283662637698e725a0bb84bcdf413297590c78e72c57a969440927fd733826e4468fe95ec526ca83a60ffb7d7451e42d3f000000000000000000"], 0x39, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r7, &(0x7f0000000000)={0x1f, @any, 0x8}, 0xa) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7}, {0x1}}, {{@in=@dev={0xac, 0x14, 0x14, 0x1d}, 0x0, 0x6c}, 0x0, @in6=@dev}}, 0xe8) syz_emit_ethernet(0x3e, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaf368656e065b0800450000300000000000019078ac1e0001e00000010400907803000000450000000000000000000000ac141400ac141400732958c7308bf61649b2efca4fe8bc31a77bc7412784e87fddb0e7b177efc23869f577075a82635d05fe0031116f3e24849bf073cd3ffdc844f8f729b68237"], 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000040), 0x81, r8}, 0x38) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r9}, 0x10) 8.312352113s ago: executing program 4 (id=6122): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f00000006c0)=""/62, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000300)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) pipe(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 7.83095069s ago: executing program 0 (id=6123): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc66"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bind$unix(r1, &(0x7f0000000380)=@file={0x0, './bus\x00'}, 0x6e) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) 7.763337291s ago: executing program 4 (id=6124): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newtaction={0x14, 0x31, 0x1, 0x0, 0x0, {0x0, 0x0, 0x1300}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wg2\x00'}) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prctl$PR_SVE_GET_VL(0x33, 0x197d) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000740)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@grpjquota}, {@grpjquota}, {@noquota}, {@auto_da_alloc}, {@noload}, {@nodiscard}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) 7.762298242s ago: executing program 2 (id=6125): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_open_dev$loop(0x0, 0x5, 0x80000) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000203010200000000000000000000000008000340000000000900020000000000020000000800010001"], 0x30}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c000000020301040000000000000000000000100800010001"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000020301"], 0x50}, 0x1, 0x0, 0x0, 0x400c08c}, 0x24004856) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = getpid() recvmmsg(0xffffffffffffffff, &(0x7f00000037c0), 0x0, 0x2000, &(0x7f0000003700)={0x77359400}) getpgid(r7) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f00000014c0)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x398, 0x2a0, 0xffffffff, 0xe0, 0x188, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'pim6reg\x00', {0xff}}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490) pipe(0x0) socket$nl_route(0x10, 0x3, 0x0) 7.578860744s ago: executing program 6 (id=6126): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) 1.281443281s ago: executing program 4 (id=6127): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc66"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) bind$unix(r1, &(0x7f0000000380)=@file={0x0, './bus\x00'}, 0x6e) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, 0x0, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x2008002, &(0x7f0000001780)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x7}}, {@nodiscard}, {@auto_da_alloc}]}, 0x1, 0x558, &(0x7f0000000680)="$eJzs3c9vI1cdAPDvTH52d9vsQg9QAbtAYUGrtTfedlX10nIBoaoSouKAOGxD4o3C2nGIndKESKR/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACbZA4GM14kriJw5rEsdn485Fm58ebme979s6852dnXgBj60ZE7ETEdES8GRFzxfakmOLVzpTt92h3e3Fvd3sxiXb7jb8leXq2LbqOyVwuzjkbEV/9UsQ3k+Nxm5tbDxdqtep6sV5u1dfKzc2t2yv1heXqcnW1Urk3f+/OS3dfrAysrNfrP3v/iyuvfe2Xv/j4e7/Z+fx3s2xdKdK6yzFInaJPHcTJTEbEa+cRbAQmivn0iPPB6aQR8aGI+FR+/c/FRP6/EwC4yNrtuWjPda8DABddmveBJWkpItK0aASUOn14z8altNZotm49aGysLnX6yq7GVPpgpVa9c23md9/Od55KsvX5PC1Pz9crR9bvRsS1iPjBzFP5emmxUVsaTZMHAMbe5e76PyL+OZOmpVJfh/b4Vg8AeGLMjjoDAMDQqf8BYPyo/wFg/PRR/xdf9u+ce14AgOHw+R8Axo/6HwDGj/ofAMbKV15/PZvae8Xzr5fe2tx42Hjr9lK1+bBU31gsLTbW10rLjcZy/sye+uPOV2s01uZfiI23y61qs1Vubm7drzc2Vlv38+d6369ODaVUAMB/c+36u79NImLn5afyKbrGclBXw8WWDnAv4MkycZaDNRDgiWa0LxhffVXheSPh1+eeF2A0ej7Me7bn4gf96H8I4ndG8H/l5kf77/83xjNcLHr2YXydrv//lYHnAxi+U/f//2Gw+QCGr91Ojo75P32QBABcSGf4CV/7e4NqhAAj9bjBvAfy/T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcMFci4luRpKV8LPA0+zctlSKejoirMZU8WKlV70TEM3E9IqZmsvX5UWcaADij9C9JMf7XzbnnrxxNnU7+NZPPI+I7P37jh28vtFrr89n2vx9sn9kfPqxyeNwZxhUEAPr3p352yuvvSjHv+iD/aHd7cX86xzwe8/4XDgYfXdzb3c6nTspktNvtdsRs3pa49I8kJotjZiPiuYiYGED8nXci4iO9yp/kfSNXi5FPu+NHEfvpocZPPxA/zdM68+zl+/AA8gLj5t3s/vNqr+svjRv5vPf1P5vfoc4uv//NRuzf+/a64k8WkSZ6xM+u+Rv9xnjhV18+trE910l7J+K5yV7xk4P4yQnxn+8z/u8/9onvv3JCWvsnETejd/zuWOVWfa3c3Ny6vVJfWK4uV1crlXvz9+68dPfFSjnvoy7v91Qf99eXbz1zUt6y8l86IX7nnb98pPzTB8d+ps/y//Tfb37jk4erM0fjf+7Tvd//Z/N579c/qxM/22f8hUs/P3H47iz+0gnlf9z7f6vP+O/9eWupz10BgCFobm49XKjVqutnWsg+hQ7iPMcWsiz2t/N+c/FsQf8Y+cLhy5JEEoMuV9YY62fnqfN6Vc99YfKgrTjYM389O+OQi5MOvBSnWYirxcKjYQUd3T0JGI7Di37UOQEAAAAAAAAAAAAAAE4yjL9hGnUZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+EwAA//8GP8IF") syz_mount_image$exfat(0x0, &(0x7f0000000180)='./bus\x00', 0x1004030, 0x0, 0xfb, 0x0, &(0x7f0000000000)) 1.255463161s ago: executing program 0 (id=6128): syz_usb_connect(0x3, 0xf5, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e010005202406"], 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000940), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f00"], 0x28}}, 0x80) syz_genetlink_get_family_id$net_dm(&(0x7f0000000000), r0) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000040000000500000008"], 0x50) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f0000000080)=0x14) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r4}, 0x10) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x18, 0x5a, 0x1, 0x0, 0x0, {}, [@nested={0x4, 0x5}]}, 0x18}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000340)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) connect$inet6(r3, &(0x7f0000000340)={0xa, 0x4e21, 0xfffffffd, @local, 0x8}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8001, 0x0, 0x0, 0x0, 0x25, '\x00', r2, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.219609142s ago: executing program 2 (id=6129): syz_emit_ethernet(0x7a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd601569fe00442f00fc020000000000000000000000000000ff020000000000000000000000000001242088a80000000000000800000086dd88a888be81000000100000040100000000000000080022eb00000000200000000200000000000000000000220800655800000000"], 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0) syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[], 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000280), &(0x7f0000000240)}, 0xb456b9b79abf027a) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x82000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x310, 0x0, 0x12, 0x610, 0x3, 0x202, 0x240, 0x2e8, 0x2e8, 0x240, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'xfrm0\x00'}, 0x0, 0x108, 0x138, 0x0, {}, [@common=@unspec=@statistic={{0x38}, {0x0, 0x2}}, @common=@inet=@socket2={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private2, @mcast2, [], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xc}, &(0x7f0000000580), &(0x7f0000000540)) r6 = gettid() r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000009006c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000feffffff850000002d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)=0x0) timer_settime(r8, 0x1, &(0x7f0000000780)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000000), 0x208e24b) 1.180766672s ago: executing program 6 (id=6130): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r1 = socket$netlink(0x10, 0x3, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8=r0, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) r4 = socket(0x10, 0x3, 0x0) connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PRIORITY={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) mount$9p_rdma(0x0, 0x0, 0x0, 0x800, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001bc0)={0x3c, r8, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008015}, 0x4000080) r9 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000240), 0x35c, 0x0) preadv(r9, &(0x7f0000000180)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1, 0x5, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x4, 0x2ffffffff}, 0x2e) syz_mount_image$ext4(&(0x7f0000000740)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x1040000, &(0x7f0000000080), 0xfe, 0x481, &(0x7f0000000c00)="$eJzs289vFFUcAPDvzG4BQWhFREGQKpo0/mhpQeVgYjSaeNDERA94rG0hSKGG1kRIo9UYPBoS78ajiX+BJ09GPZl4xaOJISFKTEAvrpndmdIuu/0B207T/XyShXkzb9573533Zt/8aABdqz/7J4m4NyKuRERvI7k4Q3/jv5vXZ8f+uT47lkSt9tafST3fjeuzY7Vcsd+OvMyBNCL9LMkriZ6FxU5fuHhmdHJy4nyeHpo5+/7Q9IWLz5w+O3pq4tTEuZHjx48dHX7+uZFnW7T698urjTOL78b+j6YO7HvtnctvjJ24/O5P32bt3XuwsT2LY7VlLqc/C/yvxnfTvO2JTldWsv9qt+JMqmW3hpWqREQ1H5xXojcqcevg9carn5baOGBNZefsre03z9WATSyJslsAlKP4oc+uf4vPOk09NoRrLzUugLK4b+afxpZqpHmenjWsvz8iTsz9+1X2iab7ELUW9w3mucYGAO7Q99n85+lW87809i7Ityt/NtQXEfdFxO6IuD8i9kTEAxH1vA9GxEOrrL+/KX37/DO9ekeBrVA2/3shf7a1eP5XzP6ir5Kndtbj70lOnp6cOJJ/JwPRszVLD7cqvCjilV+/aFf/wvlf9snqL+aCeSFXq40bdNuKNeOjM6OdmpRe+yRif7VV/Mn8FDOJiH0RsX91Re8qFk4/+c2BdpmWj38JHZgD174uCpmdi6b4C8nSzyeHtsXkxJGholfc7udfLr3Zrv4l4t9599EtLzv+2xf3/6YcvX8nC5/XTs9veHGldVz67fO215TVlff/eVn/35K8XX+muyVf9+HozMz54Ygtyev19KL1I7f2LdJF/iz+gcOtx//ufJ8s/ocjIuvEByPikYg4lB+7RyPisYg4vET8P778+Hvttt1V/++ALP7xlue/+f7ft/j4r36hcuaH79rVv7Lz37H60kC+pn7+W0b75hSn0abeDAAAAJtYWn83PkkH55fTdHCw8Q7/ntieTk5Nzzx1cuqDc+ONd+j7oict7nT1LrgfOpzM5SU20iP5veJi+9H8vvGXlXvq6cGxqcnxkmOHbrejzfjP/FEpu3XAmvMuGXSv5vGfltQOYP35/YfuZfxD9zL+oXu1Gv8fN6U9C4DNqNZbdguA8pj/Q/daavybHMDm5vcfutLd/F3/Wi1Ul/jr/TVf2LZBvoQNvxDputRVKS3ArRGxir0ObaDRVO3A6C75xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAh/wcAAP//rJr24A==") ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r10, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) listen(r10, 0x2) r11 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r11, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10) r12 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r12, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10) 629.381181ms ago: executing program 2 (id=6131): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e22, @loopback}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b000000070000000f000100490000c701000071965641a833061f7e00", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r4, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000140)='qdisc_enqueue\x00', r6, 0x0, 0x3}, 0x18) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r4, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000530464"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") 0s ago: executing program 6 (id=6132): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) syz_open_dev$loop(0x0, 0x5, 0x80000) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000000203010200000000000000000000000008000340000000000900020000000000020000000800010001"], 0x30}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c000000020301040000000000000000000000100800010001"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000020301"], 0x50}, 0x1, 0x0, 0x0, 0x400c08c}, 0x24004856) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r6 = getpid() recvmmsg(0xffffffffffffffff, &(0x7f00000037c0), 0x0, 0x2000, &(0x7f0000003700)={0x77359400}) getpgid(r6) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f00000014c0)=@nat={'nat\x00', 0x62, 0x5, 0x430, 0x398, 0x2a0, 0xffffffff, 0xe0, 0x188, 0x398, 0x398, 0xffffffff, 0x398, 0x398, 0x5, 0x0, {[{{@ip={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe0, 0x0, {0x22e}, [@common=@unspec=@statistic={{0x38}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast1, @remote, @icmp_id, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast1, @empty, @gre_key, @icmp_id}}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00'}, 0x0, 0xe0, 0x118, 0x0, {}, [@common=@socket0={{0x20}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @gre_key}}}}, {{@ip={@remote, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'pim6reg\x00', {0xff}}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}, @common=@inet=@tcpmss={{0x28}, {0xf}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x16, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x490) pipe(0x0) kernel console output (not intermixed with test programs): aling mode [ 1753.232748][T21856] EXT4-fs (loop4): 1 truncate cleaned up [ 1753.238470][T21856] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1753.270820][T21862] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5863'. [ 1753.593179][T21876] loop4: detected capacity change from 0 to 512 [ 1754.913409][T21876] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1754.929779][T21876] ext4 filesystem being mounted at /444/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1754.945899][T21876] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5867: corrupted inode contents [ 1754.957989][T21876] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5867: mark_inode_dirty error [ 1754.969641][T21876] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5867: corrupted inode contents [ 1754.981904][T21876] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5867: mark_inode_dirty error [ 1755.077438][T21885] tipc: Enabling of bearer rejected, already enabled [ 1755.209504][T21887] loop0: detected capacity change from 0 to 512 [ 1755.415466][T21887] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1755.432311][T21887] ext4 filesystem being mounted at /544/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1755.462611][T21887] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5871: corrupted inode contents [ 1755.476675][T21887] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5871: mark_inode_dirty error [ 1755.489677][T21887] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5871: corrupted inode contents [ 1755.503978][T21887] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5871: mark_inode_dirty error [ 1755.819696][T21892] loop4: detected capacity change from 0 to 1024 [ 1755.842358][T21894] loop1: detected capacity change from 0 to 512 [ 1755.882895][T21894] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1755.909696][T21894] EXT4-fs (loop1): 1 truncate cleaned up [ 1755.915414][T21894] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1755.936967][T21892] EXT4-fs (loop4): Ignoring removed orlov option [ 1755.967096][T21892] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1756.011770][T21892] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1756.197164][T21903] loop6: detected capacity change from 0 to 1024 [ 1756.272871][T21903] EXT4-fs (loop6): Ignoring removed orlov option [ 1756.279737][T21903] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 1756.329805][T21903] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1756.333053][T21908] loop4: detected capacity change from 0 to 512 [ 1756.461558][T21908] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1756.486773][T21908] EXT4-fs (loop4): 1 truncate cleaned up [ 1756.492518][T21908] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1757.668241][T21930] loop1: detected capacity change from 0 to 512 [ 1757.682998][T21924] tipc: Enabling of bearer rejected, already enabled [ 1757.695661][T21926] loop6: detected capacity change from 0 to 1024 [ 1757.790183][T21930] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1757.807102][T21930] ext4 filesystem being mounted at /574/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1757.884155][T21930] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5882: corrupted inode contents [ 1757.897488][T21930] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.5882: mark_inode_dirty error [ 1757.910363][T21930] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5882: corrupted inode contents [ 1757.923298][T21930] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.5882: mark_inode_dirty error [ 1758.073670][ T30] kauditd_printk_skb: 111 callbacks suppressed [ 1758.073696][ T30] audit: type=1326 audit(1749254799.864:9466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21923 comm="syz.0.5885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1758.569526][T21926] EXT4-fs (loop6): Ignoring removed orlov option [ 1758.596284][T21926] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 1758.657754][ T30] audit: type=1326 audit(1749254800.364:9467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21923 comm="syz.0.5885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1758.682719][ T30] audit: type=1326 audit(1749254800.364:9468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21923 comm="syz.0.5885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1758.725492][T21926] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1758.972871][T21949] loop1: detected capacity change from 0 to 512 [ 1759.221326][T21949] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1759.238160][T21949] ext4 filesystem being mounted at /575/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1759.271485][T21949] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5887: corrupted inode contents [ 1759.284389][T21949] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.5887: mark_inode_dirty error [ 1759.296923][T21949] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5887: corrupted inode contents [ 1759.310046][T21949] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.5887: mark_inode_dirty error [ 1759.823711][T21954] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5888'. [ 1759.984606][T21966] loop0: detected capacity change from 0 to 1024 [ 1760.004747][T21966] EXT4-fs (loop0): Ignoring removed orlov option [ 1760.026165][T21966] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 1760.070480][T21966] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1760.244186][T21972] 9pnet: Insufficient options for proto=fd [ 1760.595322][T21976] loop0: detected capacity change from 0 to 512 [ 1760.608244][T21976] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1760.713234][T21976] EXT4-fs (loop0): 1 truncate cleaned up [ 1760.719150][T21976] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1760.811440][T21974] loop1: detected capacity change from 0 to 512 [ 1761.359526][T21980] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5897'. [ 1761.396790][T21974] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1761.425474][T21974] ext4 filesystem being mounted at /576/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1761.535302][T21988] loop4: detected capacity change from 0 to 128 [ 1761.589985][ T30] audit: type=1326 audit(1749254803.374:9469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1761.635836][T21974] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5892: corrupted inode contents [ 1761.641900][T21988] EXT4-fs (loop4): Ignoring removed nobh option [ 1761.711377][T21998] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5898'. [ 1761.874789][T21988] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1761.935764][ T30] audit: type=1326 audit(1749254803.374:9470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1761.943583][T21988] ext4 filesystem being mounted at /449/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1761.959952][ T30] audit: type=1326 audit(1749254803.374:9471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1761.994329][ T30] audit: type=1326 audit(1749254803.374:9472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1762.009619][T21974] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.5892: mark_inode_dirty error [ 1762.018082][ T30] audit: type=1326 audit(1749254803.374:9473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1762.029748][T21974] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5892: corrupted inode contents [ 1762.099612][ T30] audit: type=1326 audit(1749254803.374:9474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1762.125369][T21974] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.5892: mark_inode_dirty error [ 1762.137161][ T30] audit: type=1326 audit(1749254803.374:9475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21993 comm="syz.0.5901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1762.489115][T22005] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5902'. [ 1762.807520][T22012] loop2: detected capacity change from 0 to 512 [ 1763.272981][T22012] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1763.289683][T22012] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1763.303035][T22012] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5903: corrupted inode contents [ 1763.315861][T22012] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.5903: mark_inode_dirty error [ 1763.328034][T22012] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5903: corrupted inode contents [ 1763.340623][T22012] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.5903: mark_inode_dirty error [ 1763.779802][T22025] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5908'. [ 1764.114051][T22028] tipc: Enabling of bearer rejected, already enabled [ 1764.132965][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 1764.132982][ T30] audit: type=1326 audit(1749254805.924:9509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.245162][ T30] audit: type=1326 audit(1749254805.954:9510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.274851][ T30] audit: type=1326 audit(1749254805.954:9511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.299309][ T30] audit: type=1326 audit(1749254805.954:9512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.325675][ T30] audit: type=1326 audit(1749254805.954:9513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.355884][ T30] audit: type=1326 audit(1749254805.954:9514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.379752][ T30] audit: type=1326 audit(1749254805.954:9515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22027 comm="syz.0.5909" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1764.400878][T22034] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5910'. [ 1764.716300][T22036] loop4: detected capacity change from 0 to 512 [ 1764.722096][T22038] loop6: detected capacity change from 0 to 1024 [ 1764.790164][T22036] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1764.928251][T22038] EXT4-fs (loop6): Ignoring removed orlov option [ 1764.985754][T22036] EXT4-fs (loop4): 1 truncate cleaned up [ 1764.995276][T22038] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 1765.028879][T22036] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1765.193592][T22038] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1765.239290][T22046] loop0: detected capacity change from 0 to 128 [ 1765.301608][T22046] EXT4-fs (loop0): Ignoring removed nobh option [ 1765.380136][T22046] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1765.414182][T22046] ext4 filesystem being mounted at /558/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1765.624335][T22056] 9pnet: Insufficient options for proto=fd [ 1766.118197][T22058] loop6: detected capacity change from 0 to 1024 [ 1766.640739][T22058] EXT4-fs (loop6): Ignoring removed orlov option [ 1766.647143][T22058] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 1766.709912][T22058] EXT4-fs (loop6): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1766.789018][T22062] tipc: Enabling of bearer rejected, already enabled [ 1766.829552][ T30] audit: type=1326 audit(1749254808.624:9516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22061 comm="syz.2.5920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1766.892894][ T30] audit: type=1326 audit(1749254808.624:9517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22061 comm="syz.2.5920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1766.998948][ T30] audit: type=1326 audit(1749254808.624:9518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22061 comm="syz.2.5920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1768.178122][T22071] loop0: detected capacity change from 0 to 512 [ 1768.205992][T22072] loop2: detected capacity change from 0 to 512 [ 1768.894875][T22072] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1768.911519][T22072] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1768.924468][T22072] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5922: corrupted inode contents [ 1768.937417][T22072] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.5922: mark_inode_dirty error [ 1768.950738][T22072] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5922: corrupted inode contents [ 1768.963007][T22071] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1768.979522][T22071] ext4 filesystem being mounted at /560/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1769.055274][T22072] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.5922: mark_inode_dirty error [ 1769.067634][T22069] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5921: corrupted inode contents [ 1769.080446][T22069] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5921: mark_inode_dirty error [ 1769.094527][T22069] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5921: corrupted inode contents [ 1769.107201][T22069] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5921: mark_inode_dirty error [ 1769.606124][T22087] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5925'. [ 1770.111455][T22098] loop0: detected capacity change from 0 to 512 [ 1770.169679][T22100] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5928'. [ 1770.505032][T22098] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1770.530762][T22098] ext4 filesystem being mounted at /561/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1770.563232][T22104] loop6: detected capacity change from 0 to 128 [ 1770.598106][T22098] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5924: corrupted inode contents [ 1770.620558][T22098] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5924: mark_inode_dirty error [ 1770.633820][T22098] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5924: corrupted inode contents [ 1770.646991][T22098] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5924: mark_inode_dirty error [ 1770.660858][T22104] EXT4-fs (loop6): Ignoring removed nobh option [ 1770.742248][T22104] EXT4-fs (loop6): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1770.759133][T22104] ext4 filesystem being mounted at /310/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1771.080237][T22116] tipc: Enabling of bearer rejected, already enabled [ 1771.092029][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 1771.092045][ T30] audit: type=1326 audit(1749254812.884:9523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1771.193363][T22121] 9pnet: Insufficient options for proto=fd [ 1774.273481][T22132] loop4: detected capacity change from 0 to 512 [ 1774.933562][ T30] audit: type=1326 audit(1749254812.884:9524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1774.958011][ T30] audit: type=1326 audit(1749254812.884:9525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1774.982796][T22132] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1774.999076][T22132] ext4 filesystem being mounted at /454/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1775.012212][T22132] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5937: corrupted inode contents [ 1775.089406][T22132] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5937: mark_inode_dirty error [ 1775.101480][T22132] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5937: corrupted inode contents [ 1775.113867][T22132] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5937: mark_inode_dirty error [ 1775.148274][ T30] audit: type=1326 audit(1749254812.884:9526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1775.188837][ T30] audit: type=1326 audit(1749254812.884:9527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1775.276858][T22146] netlink: 60 bytes leftover after parsing attributes in process `syz.2.5939'. [ 1775.338287][ T30] audit: type=1326 audit(1749254812.884:9528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1775.373044][T22147] loop1: detected capacity change from 0 to 512 [ 1775.407139][ T30] audit: type=1326 audit(1749254812.884:9529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1775.520814][ T30] audit: type=1326 audit(1749254812.884:9530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1775.549863][T22147] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1775.625573][T22147] EXT4-fs (loop1): 1 truncate cleaned up [ 1775.648599][ T30] audit: type=1326 audit(1749254812.884:9531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1775.699768][T22147] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1775.736621][ T30] audit: type=1326 audit(1749254812.884:9532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22115 comm="syz.6.5933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1776.004665][T22160] loop2: detected capacity change from 0 to 128 [ 1776.059007][T22160] EXT4-fs (loop2): Ignoring removed nobh option [ 1776.089753][T22160] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1776.110620][T22160] ext4 filesystem being mounted at /82/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1776.178606][T22164] netlink: 60 bytes leftover after parsing attributes in process `syz.6.5943'. [ 1776.608022][T22168] tipc: Enabling of bearer rejected, already enabled [ 1776.650858][ T30] kauditd_printk_skb: 65 callbacks suppressed [ 1776.650902][ T30] audit: type=1326 audit(1749254818.444:9598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1776.826170][ T30] audit: type=1326 audit(1749254818.484:9599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1777.175203][T22174] loop4: detected capacity change from 0 to 512 [ 1777.826842][ T30] audit: type=1326 audit(1749254818.494:9600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1777.924778][ T30] audit: type=1326 audit(1749254818.494:9601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1778.030123][T22174] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1778.047094][T22174] ext4 filesystem being mounted at /456/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1778.125554][T22174] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5947: corrupted inode contents [ 1778.138678][T22174] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5947: mark_inode_dirty error [ 1778.151878][T22174] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5947: corrupted inode contents [ 1778.164909][T22174] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5947: mark_inode_dirty error [ 1778.778074][ T30] audit: type=1326 audit(1749254818.494:9602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1778.818512][ T30] audit: type=1326 audit(1749254818.494:9603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1778.868792][ T30] audit: type=1326 audit(1749254818.494:9604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22167 comm="syz.2.5946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc27b97929 code=0x7ffc0000 [ 1778.958085][T22184] loop6: detected capacity change from 0 to 512 [ 1778.974152][T22189] loop2: detected capacity change from 0 to 512 [ 1779.035181][T22184] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 1779.059221][T22189] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1779.119460][T22189] EXT4-fs (loop2): 1 truncate cleaned up [ 1779.125140][T22189] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1779.125871][T22184] EXT4-fs (loop6): 1 truncate cleaned up [ 1779.197904][T22199] loop0: detected capacity change from 0 to 512 [ 1779.341502][T22199] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1779.357892][T22199] ext4 filesystem being mounted at /562/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1779.373155][T22199] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5952: corrupted inode contents [ 1779.385303][T22199] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5952: mark_inode_dirty error [ 1779.397280][T22199] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5952: corrupted inode contents [ 1779.409588][T22199] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5952: mark_inode_dirty error [ 1779.511799][T22203] loop4: detected capacity change from 0 to 512 [ 1779.614047][T22203] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1779.691708][T22184] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1779.735104][T22203] ext4 filesystem being mounted at /458/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1779.766093][T22203] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5953: corrupted inode contents [ 1779.778310][T22203] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5953: mark_inode_dirty error [ 1779.790963][T22203] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5953: corrupted inode contents [ 1779.803421][T22203] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5953: mark_inode_dirty error [ 1780.160547][T22209] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5954'. [ 1780.936392][T22211] loop0: detected capacity change from 0 to 128 [ 1780.993452][T22211] EXT4-fs (loop0): Ignoring removed nobh option [ 1781.016175][T22211] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1781.028816][T22211] ext4 filesystem being mounted at /564/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1781.890182][T22217] loop0: detected capacity change from 0 to 40427 [ 1781.918690][T22217] F2FS-fs (loop0): invalid crc value [ 1781.940048][T22217] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1782.041749][T22217] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1782.307897][T22231] loop4: detected capacity change from 0 to 512 [ 1782.376959][T22231] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1782.393297][T22231] ext4 filesystem being mounted at /459/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1782.418501][T22231] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5959: corrupted inode contents [ 1782.430745][T22231] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5959: mark_inode_dirty error [ 1782.449024][T22231] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5959: corrupted inode contents [ 1782.461087][T22231] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5959: mark_inode_dirty error [ 1783.464264][T22253] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5964'. [ 1784.878240][T22254] loop0: detected capacity change from 0 to 512 [ 1784.974201][T22255] loop1: detected capacity change from 0 to 512 [ 1786.996889][T22254] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1787.014150][T22254] ext4 filesystem being mounted at /566/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1787.043278][T22255] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1787.060146][T22255] ext4 filesystem being mounted at /584/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1787.430865][T22254] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5962: corrupted inode contents [ 1787.444399][T22254] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5962: mark_inode_dirty error [ 1787.459499][T22254] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5962: corrupted inode contents [ 1787.472362][T22254] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5962: mark_inode_dirty error [ 1787.486158][T22250] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5963: corrupted inode contents [ 1787.513420][T22250] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.5963: mark_inode_dirty error [ 1787.526187][T22250] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5963: corrupted inode contents [ 1787.540268][T22250] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.5963: mark_inode_dirty error [ 1787.846841][ T30] audit: type=1326 audit(1749254829.634:9605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1787.893185][T22273] loop1: detected capacity change from 0 to 1024 [ 1787.917523][ T30] audit: type=1326 audit(1749254829.694:9606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1788.139981][T22279] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5969'. [ 1788.795808][T22281] loop2: detected capacity change from 0 to 512 [ 1788.819141][ T30] audit: type=1326 audit(1749254829.694:9607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1788.843383][ T30] audit: type=1326 audit(1749254829.694:9608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1788.843418][ T30] audit: type=1326 audit(1749254829.694:9609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1788.843452][ T30] audit: type=1326 audit(1749254829.694:9610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1788.843478][ T30] audit: type=1326 audit(1749254829.694:9611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22269 comm="syz.6.5971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9710efe929 code=0x7ffc0000 [ 1788.890607][T22273] EXT4-fs (loop1): Ignoring removed orlov option [ 1788.958693][T22273] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 1788.970362][T22288] loop4: detected capacity change from 0 to 512 [ 1789.094117][T22288] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1789.094182][T22281] ext4 filesystem being mounted at /89/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1789.110686][T22288] ext4 filesystem being mounted at /461/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1789.137055][T22280] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5970: corrupted inode contents [ 1789.149333][T22280] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.5970: mark_inode_dirty error [ 1789.149905][T22288] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5967: corrupted inode contents [ 1789.173027][T22288] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5967: mark_inode_dirty error [ 1789.173534][T22280] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5970: corrupted inode contents [ 1789.196429][T22280] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.5970: mark_inode_dirty error [ 1789.208115][T22288] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5967: corrupted inode contents [ 1789.221354][T22288] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5967: mark_inode_dirty error [ 1789.247807][T22273] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1789.480007][T22298] loop2: detected capacity change from 0 to 512 [ 1789.487111][T22298] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1789.510649][T22298] EXT4-fs (loop2): 1 truncate cleaned up [ 1789.516369][T22298] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1789.617173][T22301] loop2: detected capacity change from 0 to 2048 [ 1789.679612][T22301] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1789.702972][T22301] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1789.744996][T22308] loop1: detected capacity change from 0 to 512 [ 1790.063918][T22311] loop0: detected capacity change from 0 to 512 [ 1793.851405][T22308] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1793.868888][T22308] EXT4-fs: failed to create workqueue [ 1793.874300][T22308] EXT4-fs (loop1): mount failed [ 1793.970851][T22311] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1793.987425][T22311] ext4 filesystem being mounted at /569/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1794.053941][T22310] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5977: corrupted inode contents [ 1794.066103][T22310] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5977: mark_inode_dirty error [ 1794.077766][T22310] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5977: corrupted inode contents [ 1794.090840][T22310] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5977: mark_inode_dirty error [ 1794.139131][T22319] loop1: detected capacity change from 0 to 1024 [ 1794.206324][T22319] EXT4-fs (loop1): Ignoring removed orlov option [ 1794.313091][T22321] 9pnet: Insufficient options for proto=fd [ 1794.359147][T22319] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 1794.443753][T22319] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1795.377421][T22327] loop0: detected capacity change from 0 to 512 [ 1795.681798][T22327] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1795.698746][T22327] ext4 filesystem being mounted at /570/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1795.727201][T22327] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5980: corrupted inode contents [ 1795.740283][T22327] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.5980: mark_inode_dirty error [ 1795.752879][T22327] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.5980: corrupted inode contents [ 1795.766974][T22327] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.5980: mark_inode_dirty error [ 1796.311341][T22333] loop2: detected capacity change from 0 to 512 [ 1796.360584][ T30] audit: type=1326 audit(1749254838.154:9612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1796.397357][ T30] audit: type=1326 audit(1749254838.174:9613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1796.439912][ T30] audit: type=1326 audit(1749254838.174:9614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1796.511215][T22343] loop6: detected capacity change from 0 to 512 [ 1796.538597][ T30] audit: type=1326 audit(1749254838.184:9615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1796.695312][T22348] 9pnet: Insufficient options for proto=fd [ 1796.729875][T22343] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 1796.829952][ T30] audit: type=1326 audit(1749254838.184:9616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1796.897837][T22343] EXT4-fs (loop6): 1 truncate cleaned up [ 1796.903647][T22343] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1797.002790][T22333] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1797.680341][ T30] audit: type=1326 audit(1749254838.184:9617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1797.746523][T22333] ext4 filesystem being mounted at /93/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1797.757137][ T30] audit: type=1326 audit(1749254838.184:9618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1797.788669][ T30] audit: type=1326 audit(1749254838.184:9619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1797.829840][T22333] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5991: corrupted inode contents [ 1797.884961][ T30] audit: type=1326 audit(1749254838.184:9620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=284 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1797.888571][T22333] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.5991: mark_inode_dirty error [ 1797.923222][T22333] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.5991: corrupted inode contents [ 1797.940574][ T30] audit: type=1326 audit(1749254838.184:9621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22336 comm="syz.1.5982" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d7ca929 code=0x7ffc0000 [ 1797.969927][T22333] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.5991: mark_inode_dirty error [ 1797.993710][T22362] netlink: 60 bytes leftover after parsing attributes in process `syz.0.5988'. [ 1798.215403][T22365] loop4: detected capacity change from 0 to 512 [ 1798.231874][T22358] loop1: detected capacity change from 0 to 1024 [ 1798.250279][T22358] EXT4-fs (loop1): Ignoring removed orlov option [ 1798.257239][T22358] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 1798.269448][T22365] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1798.288827][T22365] ext4 filesystem being mounted at /463/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1798.300445][T22358] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1798.337958][T22360] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5986: corrupted inode contents [ 1798.359419][T22360] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.5986: mark_inode_dirty error [ 1798.384472][T22360] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.5986: corrupted inode contents [ 1798.417108][T22360] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.5986: mark_inode_dirty error [ 1798.667994][T22373] 9pnet: Insufficient options for proto=fd [ 1799.054522][T22377] tipc: Enabling of bearer rejected, already enabled [ 1799.891730][T22384] loop6: detected capacity change from 0 to 512 [ 1799.949842][T22384] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 1799.995140][T22384] EXT4-fs (loop6): 1 truncate cleaned up [ 1800.002333][T22384] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1800.104399][T22401] loop0: detected capacity change from 0 to 512 [ 1800.354413][T22401] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback. [ 1800.370722][T22401] ext4 filesystem being mounted at /575/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1801.307834][T22413] loop4: detected capacity change from 0 to 512 [ 1801.400594][T22416] tmpfs: Bad value for 'gid' [ 1801.527280][T22413] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1801.544315][T22413] ext4 filesystem being mounted at /467/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1801.576815][T22413] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.6001: corrupted inode contents [ 1801.590320][T22413] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.6001: mark_inode_dirty error [ 1801.603157][T22413] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.6001: corrupted inode contents [ 1801.616518][T22413] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.6001: mark_inode_dirty error [ 1801.649754][T22414] loop1: detected capacity change from 0 to 512 [ 1801.937354][T22414] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1801.985703][T22414] ext4 filesystem being mounted at /592/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1802.068146][T22409] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5998: corrupted inode contents [ 1802.100310][T22409] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.5998: mark_inode_dirty error [ 1802.138784][T22409] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.5998: corrupted inode contents [ 1802.178938][T22409] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.5998: mark_inode_dirty error [ 1802.263370][T22421] loop4: detected capacity change from 0 to 128 [ 1802.295088][T22421] EXT4-fs (loop4): Ignoring removed nobh option [ 1802.330142][T22421] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1802.357985][T22421] ext4 filesystem being mounted at /468/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1802.596145][T22433] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6005'. [ 1802.860108][T22435] loop0: detected capacity change from 0 to 1024 [ 1802.871840][T22435] EXT4-fs (loop0): Ignoring removed orlov option [ 1802.878504][T22435] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 1802.918572][T22435] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1803.294727][T22452] 9pnet: Insufficient options for proto=fd [ 1804.678837][T22454] 9pnet: Insufficient options for proto=fd [ 1805.254892][T22457] loop1: detected capacity change from 0 to 512 [ 1805.407930][T22467] tmpfs: Bad value for 'gid' [ 1805.439695][T22471] loop2: detected capacity change from 0 to 512 [ 1805.448186][T22457] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1805.464491][T22457] ext4 filesystem being mounted at /596/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1805.479242][T22457] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.6014: corrupted inode contents [ 1805.494768][T22457] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.6014: mark_inode_dirty error [ 1805.508032][T22457] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.6014: corrupted inode contents [ 1805.522066][T22457] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.6014: mark_inode_dirty error [ 1805.604145][T22471] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1805.620619][T22471] ext4 filesystem being mounted at /95/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1805.633013][T22471] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6015: corrupted inode contents [ 1805.645101][T22471] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.6015: mark_inode_dirty error [ 1805.657119][T22471] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6015: corrupted inode contents [ 1805.669268][T22471] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.6015: mark_inode_dirty error [ 1805.692205][T22448] loop0: detected capacity change from 0 to 40427 [ 1805.775432][T22448] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1805.808224][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 1805.808241][ T30] audit: type=1326 audit(1749254847.594:9630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1805.838092][T22448] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1805.923456][ T30] audit: type=1326 audit(1749254847.594:9631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1805.947728][ T30] audit: type=1400 audit(1749254847.594:9632): avc: denied { getattr } for pid=22483 comm="syz.4.6022" name="/" dev="dax" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 1805.970919][ T30] audit: type=1326 audit(1749254847.594:9633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1806.214737][T22448] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1806.302838][ T30] audit: type=1326 audit(1749254847.604:9634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1806.326913][ T30] audit: type=1326 audit(1749254847.604:9635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1806.354656][ T30] audit: type=1326 audit(1749254847.604:9636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1806.378414][ T30] audit: type=1326 audit(1749254847.604:9637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1806.402416][ T30] audit: type=1326 audit(1749254847.654:9638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22483 comm="syz.4.6022" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1806.635844][T22503] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6025'. [ 1806.966161][T22507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6027'. [ 1807.012663][ T30] audit: type=1400 audit(1749254848.804:9639): avc: denied { bind } for pid=22506 comm="syz.0.6027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 1807.073413][T22508] bridge0: port 1(bridge_slave_0) entered blocking state [ 1807.086821][T22508] bridge0: port 1(bridge_slave_0) entered disabled state [ 1807.094855][T22508] device bridge_slave_0 entered promiscuous mode [ 1807.110264][T22508] bridge0: port 2(bridge_slave_1) entered blocking state [ 1807.117495][T22508] bridge0: port 2(bridge_slave_1) entered disabled state [ 1807.125295][T22508] device bridge_slave_1 entered promiscuous mode [ 1807.251589][T22508] bridge0: port 2(bridge_slave_1) entered blocking state [ 1807.258694][T22508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1807.266028][T22508] bridge0: port 1(bridge_slave_0) entered blocking state [ 1807.273113][T22508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1807.281741][T22518] loop0: detected capacity change from 0 to 16 [ 1807.326808][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1807.334929][T15478] bridge0: port 1(bridge_slave_0) entered disabled state [ 1807.344228][T15478] bridge0: port 2(bridge_slave_1) entered disabled state [ 1807.349117][T22518] erofs: Unknown parameter 'ÿÿÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ01777777777777777777777184467440737095516150xffffffffffffffffÿÿÿÿ' [ 1807.379878][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1807.388482][T22524] loop6: detected capacity change from 0 to 1024 [ 1807.395925][T15478] bridge0: port 1(bridge_slave_0) entered blocking state [ 1807.396018][T22518] FAULT_INJECTION: forcing a failure. [ 1807.396018][T22518] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1807.403028][T15478] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1807.409520][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1807.416265][T22518] CPU: 1 PID: 22518 Comm: syz.0.6030 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1807.441344][T22518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1807.451531][T22518] Call Trace: [ 1807.454859][T22518] [ 1807.457795][T22518] __dump_stack+0x21/0x30 [ 1807.462128][T22518] dump_stack_lvl+0xee/0x150 [ 1807.466715][T22518] ? show_regs_print_info+0x20/0x20 [ 1807.471913][T22518] ? stack_trace_save+0x98/0xe0 [ 1807.476763][T22518] dump_stack+0x15/0x20 [ 1807.480915][T22518] should_fail+0x3c1/0x510 [ 1807.485329][T22518] should_fail_usercopy+0x1a/0x20 [ 1807.490362][T22518] _copy_from_user+0x20/0xd0 [ 1807.494969][T22518] iovec_from_user+0x1bc/0x2f0 [ 1807.499733][T22518] ? __copy_msghdr_from_user+0x302/0x5e0 [ 1807.505489][T22518] ? _kstrtoull+0x3c0/0x4d0 [ 1807.510005][T22518] __import_iovec+0x71/0x400 [ 1807.514598][T22518] ? __ia32_sys_shutdown+0x1e0/0x1e0 [ 1807.519884][T22518] ? kstrtouint_from_user+0x1a0/0x200 [ 1807.525261][T22518] import_iovec+0x7c/0xb0 [ 1807.529584][T22518] ___sys_sendmsg+0x1b9/0x260 [ 1807.534261][T22518] ? __sys_sendmsg+0x250/0x250 [ 1807.539025][T22518] ? __fdget+0x1a1/0x230 [ 1807.543264][T22518] __x64_sys_sendmsg+0x1e2/0x2a0 [ 1807.548193][T22518] ? ___sys_sendmsg+0x260/0x260 [ 1807.553041][T22518] ? ksys_write+0x1eb/0x240 [ 1807.557539][T22518] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1807.563730][T22518] x64_sys_call+0x4b/0x9a0 [ 1807.568186][T22518] do_syscall_64+0x4c/0xa0 [ 1807.572608][T22518] ? clear_bhb_loop+0x50/0xa0 [ 1807.577286][T22518] ? clear_bhb_loop+0x50/0xa0 [ 1807.582161][T22518] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1807.588069][T22518] RIP: 0033:0x7f7d27b90929 [ 1807.592484][T22518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1807.612089][T22518] RSP: 002b:00007f7d261d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1807.620597][T22518] RAX: ffffffffffffffda RBX: 00007f7d27db8080 RCX: 00007f7d27b90929 [ 1807.628660][T22518] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 000000000000000c [ 1807.636632][T22518] RBP: 00007f7d261d8090 R08: 0000000000000000 R09: 0000000000000000 [ 1807.644607][T22518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1807.652591][T22518] R13: 0000000000000000 R14: 00007f7d27db8080 R15: 00007ffe1b87cc28 [ 1807.660578][T22518] [ 1807.666592][T15478] bridge0: port 2(bridge_slave_1) entered blocking state [ 1807.673703][T15478] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1807.682989][T22523] tipc: Enabling of bearer rejected, already enabled [ 1807.694366][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1807.713634][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1807.747116][T22508] device veth0_vlan entered promiscuous mode [ 1807.754767][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1807.776976][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1807.797306][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1807.805013][T15478] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1807.840563][T22531] netlink: 60 bytes leftover after parsing attributes in process `syz.4.6032'. [ 1807.851680][T22530] loop2: detected capacity change from 0 to 256 [ 1807.914071][ T7434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1807.924659][T22508] device veth1_macvtap entered promiscuous mode [ 1807.958958][ T7434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1807.970232][ T7434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1808.076391][T22536] FAULT_INJECTION: forcing a failure. [ 1808.076391][T22536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1808.096856][T22536] CPU: 0 PID: 22536 Comm: syz.6.6033 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1808.106877][T22536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1808.116941][T22536] Call Trace: [ 1808.120226][T22536] [ 1808.123163][T22536] __dump_stack+0x21/0x30 [ 1808.127507][T22536] dump_stack_lvl+0xee/0x150 [ 1808.132103][T22536] ? show_regs_print_info+0x20/0x20 [ 1808.137304][T22536] ? walk_page_range+0x491/0x510 [ 1808.142293][T22536] dump_stack+0x15/0x20 [ 1808.146463][T22536] should_fail+0x3c1/0x510 [ 1808.150892][T22536] should_fail_usercopy+0x1a/0x20 [ 1808.155926][T22536] _copy_to_user+0x20/0x90 [ 1808.160438][T22536] __se_sys_mincore+0x50c/0x5f0 [ 1808.165299][T22536] __x64_sys_mincore+0x7b/0x90 [ 1808.170120][T22536] x64_sys_call+0x1c5/0x9a0 [ 1808.174629][T22536] do_syscall_64+0x4c/0xa0 [ 1808.179049][T22536] ? clear_bhb_loop+0x50/0xa0 [ 1808.183733][T22536] ? clear_bhb_loop+0x50/0xa0 [ 1808.188413][T22536] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1808.194322][T22536] RIP: 0033:0x7f9710efe929 [ 1808.198745][T22536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1808.218614][T22536] RSP: 002b:00007f970f525038 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 1808.227039][T22536] RAX: ffffffffffffffda RBX: 00007f9711126160 RCX: 00007f9710efe929 [ 1808.235019][T22536] RDX: 00002000000004c0 RSI: 0000000000003000 RDI: 0000200000f0c000 [ 1808.243001][T22536] RBP: 00007f970f525090 R08: 0000000000000000 R09: 0000000000000000 [ 1808.250985][T22536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1808.258964][T22536] R13: 0000000000000000 R14: 00007f9711126160 R15: 00007ffec489c968 [ 1808.266958][T22536] [ 1808.337278][T22540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6028'. [ 1809.079172][T22546] FAULT_INJECTION: forcing a failure. [ 1809.079172][T22546] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1809.103865][T22547] loop2: detected capacity change from 0 to 512 [ 1809.118682][T22546] CPU: 0 PID: 22546 Comm: syz.0.6037 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1809.128782][T22546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1809.138846][T22546] Call Trace: [ 1809.142129][T22546] [ 1809.145070][T22546] __dump_stack+0x21/0x30 [ 1809.149419][T22546] dump_stack_lvl+0xee/0x150 [ 1809.154035][T22546] ? show_regs_print_info+0x20/0x20 [ 1809.159290][T22546] dump_stack+0x15/0x20 [ 1809.163447][T22546] should_fail+0x3c1/0x510 [ 1809.167876][T22546] should_fail_usercopy+0x1a/0x20 [ 1809.172903][T22546] strncpy_from_user+0x24/0x2e0 [ 1809.177764][T22546] ? kmem_cache_alloc+0xf7/0x260 [ 1809.182727][T22546] getname_flags+0xf4/0x500 [ 1809.187252][T22546] __x64_sys_symlinkat+0x7c/0xb0 [ 1809.192206][T22546] x64_sys_call+0x74b/0x9a0 [ 1809.196714][T22546] do_syscall_64+0x4c/0xa0 [ 1809.201132][T22546] ? clear_bhb_loop+0x50/0xa0 [ 1809.205816][T22546] ? clear_bhb_loop+0x50/0xa0 [ 1809.210497][T22546] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1809.216407][T22546] RIP: 0033:0x7f7d27b90929 [ 1809.220834][T22546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1809.240622][T22546] RSP: 002b:00007f7d261f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a [ 1809.249052][T22546] RAX: ffffffffffffffda RBX: 00007f7d27db7fa0 RCX: 00007f7d27b90929 [ 1809.257032][T22546] RDX: 0000200000000340 RSI: 0000000000000003 RDI: 0000000000000000 [ 1809.265011][T22546] RBP: 00007f7d261f9090 R08: 0000000000000000 R09: 0000000000000000 [ 1809.272997][T22546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1809.280989][T22546] R13: 0000000000000000 R14: 00007f7d27db7fa0 R15: 00007ffe1b87cc28 [ 1809.288987][T22546] [ 1809.301663][T22547] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1809.334245][ T8] tipc: Disabling bearer [ 1809.340492][ T8] tipc: Left network mode [ 1809.340545][T22547] EXT4-fs (loop2): 1 truncate cleaned up [ 1809.350668][T22547] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1809.462229][T22557] loop4: detected capacity change from 0 to 128 [ 1809.512909][T22564] loop1: detected capacity change from 0 to 128 [ 1809.603066][T22568] loop0: detected capacity change from 0 to 512 [ 1809.616035][T22557] FAT-fs (loop4): Invalid FSINFO signature: 0x00615252, 0x61417272 (sector = 1) [ 1809.628577][T22564] EXT4-fs (loop1): Ignoring removed nobh option [ 1809.833054][T22568] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1809.849958][T22568] ext4 filesystem being mounted at /586/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1809.956741][T22568] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.6040: corrupted inode contents [ 1809.977097][T22568] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.6040: mark_inode_dirty error [ 1809.990887][T22568] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.6040: corrupted inode contents [ 1810.004134][T22568] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.6040: mark_inode_dirty error [ 1810.056080][T22564] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1810.204111][T22557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6041'. [ 1810.331097][T22564] ext4 filesystem being mounted at /2/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1810.612316][T22586] loop2: detected capacity change from 0 to 512 [ 1810.969349][T22587] loop4: detected capacity change from 0 to 16 [ 1811.118942][T22587] erofs: Unknown parameter 'ÿÿÿÿÿÿ01777777777777777777777ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ01777777777777777777777184467440737095516150xffffffffffffffffÿÿÿÿ' [ 1811.198492][T22587] loop4: detected capacity change from 0 to 512 [ 1811.281951][T22587] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1811.305037][T22587] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.6046: bg 0: block 248: padding at end of block bitmap is not set [ 1811.324680][T22587] __quota_error: 48 callbacks suppressed [ 1811.324701][T22587] Quota error (device loop4): write_blk: dquota write failed [ 1811.338231][T22587] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1811.348964][T22587] EXT4-fs error (device loop4): ext4_acquire_dquot:6195: comm syz.4.6046: Failed to acquire dquot type 1 [ 1811.368152][T22587] EXT4-fs (loop4): 1 truncate cleaned up [ 1811.383072][T22587] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,abort,noload,noload,,errors=continue. Quota mode: writeback. [ 1812.034022][T22587] device vlan2 entered promiscuous mode [ 1812.040310][T22587] device bridge0 entered promiscuous mode [ 1812.085516][T22587] bridge0: port 3(vlan2) entered blocking state [ 1812.092429][T22587] bridge0: port 3(vlan2) entered disabled state [ 1812.692223][T22586] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1812.708526][T22586] ext4 filesystem being mounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1812.729296][T22579] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6045: corrupted inode contents [ 1812.742097][T22579] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.6045: mark_inode_dirty error [ 1812.783443][T22579] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6045: corrupted inode contents [ 1812.795580][T22579] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.6045: mark_inode_dirty error [ 1812.810682][ T8] device bridge_slave_1 left promiscuous mode [ 1812.816947][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 1812.825715][ T8] device bridge_slave_0 left promiscuous mode [ 1812.832554][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 1812.843103][ T8] device veth1_macvtap left promiscuous mode [ 1812.845361][ T30] audit: type=1400 audit(1749254854.634:9688): avc: denied { create } for pid=22595 comm="syz.1.6050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1812.859918][T22596] FAULT_INJECTION: forcing a failure. [ 1812.859918][T22596] name failslab, interval 1, probability 0, space 0, times 0 [ 1812.882755][T22596] CPU: 0 PID: 22596 Comm: syz.4.6051 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1812.892756][T22596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1812.902821][T22596] Call Trace: [ 1812.906190][T22596] [ 1812.909143][T22596] __dump_stack+0x21/0x30 [ 1812.913480][T22596] dump_stack_lvl+0xee/0x150 [ 1812.918070][T22596] ? show_regs_print_info+0x20/0x20 [ 1812.923357][T22596] ? unwind_get_return_address+0x4d/0x90 [ 1812.928995][T22596] ? stack_trace_save+0xe0/0xe0 [ 1812.933942][T22596] dump_stack+0x15/0x20 [ 1812.938092][T22596] should_fail+0x3c1/0x510 [ 1812.942507][T22596] __should_failslab+0xa4/0xe0 [ 1812.947268][T22596] should_failslab+0x9/0x20 [ 1812.951770][T22596] slab_pre_alloc_hook+0x3b/0xe0 [ 1812.956704][T22596] kmem_cache_alloc_trace+0x48/0x270 [ 1812.961985][T22596] ? alloc_pipe_info+0xe7/0x4b0 [ 1812.966829][T22596] ? kasan_set_track+0x5b/0x70 [ 1812.971585][T22596] alloc_pipe_info+0xe7/0x4b0 [ 1812.976278][T22596] splice_direct_to_actor+0x970/0xb30 [ 1812.981647][T22596] ? _kstrtoull+0x3c0/0x4d0 [ 1812.986234][T22596] ? do_splice_direct+0x2c0/0x2c0 [ 1812.991254][T22596] ? selinux_file_permission+0x2aa/0x510 [ 1812.996940][T22596] ? fsnotify_perm+0x67/0x5b0 [ 1813.001614][T22596] ? security_file_permission+0x79/0xa0 [ 1813.007157][T22596] ? pipe_to_sendpage+0x310/0x310 [ 1813.012180][T22596] ? security_file_permission+0x83/0xa0 [ 1813.017721][T22596] ? rw_verify_area+0xa7/0x1c0 [ 1813.022477][T22596] do_splice_direct+0x1b3/0x2c0 [ 1813.027331][T22596] ? avc_policy_seqno+0x1b/0x70 [ 1813.032174][T22596] ? splice_direct_to_actor+0xb30/0xb30 [ 1813.037914][T22596] ? security_file_permission+0x83/0xa0 [ 1813.043455][T22596] do_sendfile+0x5c6/0xeb0 [ 1813.047869][T22596] ? do_preadv+0x330/0x330 [ 1813.052314][T22596] ? fput_many+0x15a/0x1a0 [ 1813.056723][T22596] ? fput+0x1a/0x20 [ 1813.060526][T22596] __x64_sys_sendfile64+0x18f/0x1f0 [ 1813.065718][T22596] ? __ia32_sys_read+0x90/0x90 [ 1813.070475][T22596] ? __ia32_sys_sendfile+0x190/0x190 [ 1813.075753][T22596] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1813.081817][T22596] x64_sys_call+0x88d/0x9a0 [ 1813.086313][T22596] do_syscall_64+0x4c/0xa0 [ 1813.090721][T22596] ? clear_bhb_loop+0x50/0xa0 [ 1813.095389][T22596] ? clear_bhb_loop+0x50/0xa0 [ 1813.100065][T22596] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1813.105958][T22596] RIP: 0033:0x7fcbeafd2929 [ 1813.110543][T22596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1813.130143][T22596] RSP: 002b:00007fcbe963b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1813.138552][T22596] RAX: ffffffffffffffda RBX: 00007fcbeb1f9fa0 RCX: 00007fcbeafd2929 [ 1813.146515][T22596] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003 [ 1813.154481][T22596] RBP: 00007fcbe963b090 R08: 0000000000000000 R09: 0000000000000000 [ 1813.162445][T22596] R10: 0000020000023896 R11: 0000000000000246 R12: 0000000000000001 [ 1813.170410][T22596] R13: 0000000000000000 R14: 00007fcbeb1f9fa0 R15: 00007fff1d45d0a8 [ 1813.178377][T22596] [ 1813.237975][ T30] audit: type=1400 audit(1749254854.664:9689): avc: denied { connect } for pid=22595 comm="syz.1.6050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 1813.295161][ T30] audit: type=1326 audit(1749254855.084:9690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22600 comm="syz.4.6054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1813.319749][ T30] audit: type=1326 audit(1749254855.094:9691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22600 comm="syz.4.6054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1813.346122][ T30] audit: type=1326 audit(1749254855.114:9692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22600 comm="syz.4.6054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1813.377679][ T30] audit: type=1326 audit(1749254855.164:9693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22600 comm="syz.4.6054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1813.402369][ T30] audit: type=1326 audit(1749254855.194:9694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22600 comm="syz.4.6054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1813.428821][T22608] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6049'. [ 1813.447059][ T30] audit: type=1326 audit(1749254855.234:9695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22600 comm="syz.4.6054" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcbeafd2929 code=0x7ffc0000 [ 1813.475496][T22609] loop2: detected capacity change from 0 to 512 [ 1813.519583][T22609] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1813.536072][T22609] EXT4-fs (loop2): 1 truncate cleaned up [ 1813.555340][T22609] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1813.652230][T22597] netlink: 96 bytes leftover after parsing attributes in process `syz.1.6050'. [ 1814.490953][T22624] netlink: 'syz.0.6060': attribute type 12 has an invalid length. [ 1814.590356][T22633] loop0: detected capacity change from 0 to 128 [ 1815.205422][T22636] loop2: detected capacity change from 0 to 512 [ 1815.207539][T22623] loop4: detected capacity change from 0 to 512 [ 1815.249296][T22633] EXT4-fs (loop0): Ignoring removed nobh option [ 1815.257433][T22633] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1815.270155][T22633] ext4 filesystem being mounted at /591/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1815.323954][T22623] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1815.340180][T22623] ext4 filesystem being mounted at /482/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1815.352270][T22623] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.6061: corrupted inode contents [ 1815.364399][T22623] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.6061: mark_inode_dirty error [ 1815.376624][T22623] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.6061: corrupted inode contents [ 1815.388997][T22623] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.6061: mark_inode_dirty error [ 1815.403525][T22636] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1815.420189][T22636] ext4 filesystem being mounted at /102/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1815.434479][T22646] loop6: detected capacity change from 0 to 512 [ 1815.450068][T22631] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6058: corrupted inode contents [ 1815.463185][T22631] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.6058: mark_inode_dirty error [ 1815.474842][T22631] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6058: corrupted inode contents [ 1815.488082][T22631] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.6058: mark_inode_dirty error [ 1815.799832][T22651] netlink: 60 bytes leftover after parsing attributes in process `syz.1.6066'. [ 1816.056258][T22646] EXT4-fs (loop6): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1816.072560][T22646] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1816.085576][T22646] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #2: comm syz.6.6064: corrupted inode contents [ 1816.098488][T22646] EXT4-fs error (device loop6): ext4_dirty_inode:6070: inode #2: comm syz.6.6064: mark_inode_dirty error [ 1816.110281][T22646] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #2: comm syz.6.6064: corrupted inode contents [ 1816.122391][T22646] EXT4-fs error (device loop6): __ext4_ext_dirty:183: inode #2: comm syz.6.6064: mark_inode_dirty error [ 1816.291353][T22659] loop4: detected capacity change from 0 to 512 [ 1816.317112][T22659] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1816.363532][T22659] EXT4-fs (loop4): 1 truncate cleaned up [ 1816.369437][T22659] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1816.422959][T22666] loop6: detected capacity change from 0 to 1024 [ 1816.824237][T22666] EXT4-fs (loop6): Ignoring removed oldalloc option [ 1816.955983][T22666] EXT4-fs (loop6): Ignoring removed orlov option [ 1817.036478][T22666] EXT4-fs (loop6): mounted filesystem without journal. Opts: stripe=0x0000000000000002,journal_dev=0x0000000000001045,oldalloc,noquota,data_err=ignore,barrier=0x0000000000000002,delalloc,errors=continue,orlov,user_xattr,quota,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: writeback. [ 1819.558721][T22685] loop0: detected capacity change from 0 to 512 [ 1820.275570][T22692] loop4: detected capacity change from 0 to 1024 [ 1820.348676][T22696] loop1: detected capacity change from 0 to 512 [ 1820.474557][T22692] EXT4-fs (loop4): Ignoring removed orlov option [ 1820.493140][T22685] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1820.510123][T22685] ext4 filesystem being mounted at /593/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1820.571676][T22685] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.6075: corrupted inode contents [ 1820.591721][T22685] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.6075: mark_inode_dirty error [ 1820.605326][T22685] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.6075: corrupted inode contents [ 1820.620389][T22685] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.6075: mark_inode_dirty error [ 1820.706813][T22696] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1820.723515][T22696] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1820.754914][T22696] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.6077: corrupted inode contents [ 1820.773769][T22696] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.6077: mark_inode_dirty error [ 1820.785987][T22696] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.6077: corrupted inode contents [ 1820.798286][T22696] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.6077: mark_inode_dirty error [ 1820.838691][T22692] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1820.871530][T22692] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1821.071924][T22711] tipc: Enabling of bearer rejected, already enabled [ 1821.080595][T22716] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6078'. [ 1821.164397][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 1821.164413][ T30] audit: type=1326 audit(1749254862.954:9754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1821.194732][ T30] audit: type=1326 audit(1749254862.964:9755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1821.220466][ T30] audit: type=1326 audit(1749254862.964:9756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1821.287359][T22721] loop4: detected capacity change from 0 to 512 [ 1821.414459][ T30] audit: type=1326 audit(1749254862.964:9757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1821.498073][T22725] loop0: detected capacity change from 0 to 512 [ 1821.849981][T22726] loop1: detected capacity change from 0 to 512 [ 1821.937233][T22726] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1822.968021][ T30] audit: type=1326 audit(1749254862.964:9758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1823.517425][ T30] audit: type=1326 audit(1749254862.964:9759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1823.551325][T22726] EXT4-fs (loop1): 1 truncate cleaned up [ 1823.557119][T22726] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1823.654868][ T30] audit: type=1326 audit(1749254862.964:9760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22710 comm="syz.0.6083" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1823.688786][T22725] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,quota,,errors=continue. Quota mode: writeback. [ 1823.720597][T22725] ext4 filesystem being mounted at /596/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1824.968317][T22721] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1824.984585][T22721] ext4 filesystem being mounted at /486/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1825.198682][ T30] audit: type=1400 audit(1749254866.934:9761): avc: denied { name_bind } for pid=22734 comm="syz.2.6089" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 1825.420235][T22747] loop2: detected capacity change from 0 to 512 [ 1825.772143][T22749] FAULT_INJECTION: forcing a failure. [ 1825.772143][T22749] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1825.785445][T22749] CPU: 1 PID: 22749 Comm: syz.0.6091 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1825.795437][T22749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1825.805506][T22749] Call Trace: [ 1825.808801][T22749] [ 1825.811743][T22749] __dump_stack+0x21/0x30 [ 1825.816086][T22749] dump_stack_lvl+0xee/0x150 [ 1825.820683][T22749] ? show_regs_print_info+0x20/0x20 [ 1825.825897][T22749] ? bpf_bprintf_cleanup+0xc0/0xc0 [ 1825.831033][T22749] ? bpf_bprintf_cleanup+0xc0/0xc0 [ 1825.836163][T22749] dump_stack+0x15/0x20 [ 1825.840330][T22749] should_fail+0x3c1/0x510 [ 1825.844759][T22749] should_fail_alloc_page+0x55/0x80 [ 1825.849970][T22749] prepare_alloc_pages+0x156/0x600 [ 1825.855093][T22749] ? __alloc_pages_bulk+0xab0/0xab0 [ 1825.860306][T22749] __alloc_pages+0x10a/0x440 [ 1825.865017][T22749] ? prep_new_page+0x110/0x110 [ 1825.869809][T22749] ? __kasan_check_read+0x11/0x20 [ 1825.874858][T22749] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 1825.880526][T22749] new_slab+0xa1/0x4d0 [ 1825.884609][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.889662][T22749] ___slab_alloc+0x381/0x810 [ 1825.894266][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.899350][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.904390][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.909424][T22749] __slab_alloc+0x49/0x90 [ 1825.913765][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.918798][T22749] __kmalloc_track_caller+0x169/0x2c0 [ 1825.924186][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.929226][T22749] ? __napi_alloc_skb+0x162/0x2e0 [ 1825.934257][T22749] __alloc_skb+0x21a/0x740 [ 1825.938684][T22749] __napi_alloc_skb+0x162/0x2e0 [ 1825.943544][T22749] napi_get_frags+0x6b/0x170 [ 1825.948159][T22749] tun_get_user+0xa9e/0x33c0 [ 1825.952765][T22749] ? release_firmware_map_entry+0x190/0x190 [ 1825.958669][T22749] ? finish_task_switch+0x16b/0x780 [ 1825.963880][T22749] ? tun_do_read+0x1c40/0x1c40 [ 1825.968766][T22749] ? __switch_to_asm+0x3a/0x60 [ 1825.973540][T22749] ? __kasan_check_read+0x11/0x20 [ 1825.978575][T22749] ? preempt_schedule_irq+0xbb/0x110 [ 1825.983874][T22749] ? __cond_resched+0xb0/0xb0 [ 1825.988557][T22749] ? _raw_spin_lock+0x8e/0xe0 [ 1825.993251][T22749] ? irqentry_exit_cond_resched+0x29/0x30 [ 1825.998983][T22749] ? irqentry_exit+0x37/0x40 [ 1826.003583][T22749] ? sysvec_reschedule_ipi+0x78/0x80 [ 1826.008880][T22749] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 1826.014521][T22749] tun_chr_write_iter+0x1eb/0x2e0 [ 1826.019560][T22749] vfs_write+0x802/0xf70 [ 1826.023809][T22749] ? irqentry_exit+0x37/0x40 [ 1826.028420][T22749] ? file_end_write+0x1b0/0x1b0 [ 1826.033282][T22749] ? __fget_files+0x2c4/0x320 [ 1826.037978][T22749] ? __fdget_pos+0x1f7/0x380 [ 1826.042579][T22749] ? ksys_write+0x71/0x240 [ 1826.047006][T22749] ksys_write+0x140/0x240 [ 1826.051342][T22749] ? __ia32_sys_read+0x90/0x90 [ 1826.056114][T22749] ? __kasan_check_write+0x14/0x20 [ 1826.061244][T22749] ? switch_fpu_return+0x15d/0x2c0 [ 1826.066378][T22749] __x64_sys_write+0x7b/0x90 [ 1826.070983][T22749] x64_sys_call+0x8ef/0x9a0 [ 1826.075506][T22749] do_syscall_64+0x4c/0xa0 [ 1826.079946][T22749] ? clear_bhb_loop+0x50/0xa0 [ 1826.084646][T22749] ? clear_bhb_loop+0x50/0xa0 [ 1826.089342][T22749] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1826.095267][T22749] RIP: 0033:0x7f7d27b90929 [ 1826.096247][T22752] FAULT_INJECTION: forcing a failure. [ 1826.096247][T22752] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.099694][T22749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1826.131859][T22749] RSP: 002b:00007f7d261d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1826.140277][T22749] RAX: ffffffffffffffda RBX: 00007f7d27db8080 RCX: 00007f7d27b90929 [ 1826.148316][T22749] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000008 [ 1826.156406][T22749] RBP: 00007f7d261d8090 R08: 0000000000000000 R09: 0000000000000000 [ 1826.164376][T22749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1826.172344][T22749] R13: 0000000000000001 R14: 00007f7d27db8080 R15: 00007ffe1b87cc28 [ 1826.180318][T22749] [ 1826.183341][T22752] CPU: 0 PID: 22752 Comm: syz.4.6088 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1826.193332][T22752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1826.203402][T22752] Call Trace: [ 1826.206693][T22752] [ 1826.209636][T22752] __dump_stack+0x21/0x30 [ 1826.213984][T22752] dump_stack_lvl+0xee/0x150 [ 1826.218592][T22752] ? show_regs_print_info+0x20/0x20 [ 1826.219477][T22747] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1826.223806][T22752] dump_stack+0x15/0x20 [ 1826.240256][T22747] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1826.244004][T22752] should_fail+0x3c1/0x510 [ 1826.258644][T22752] __should_failslab+0xa4/0xe0 [ 1826.263430][T22752] should_failslab+0x9/0x20 [ 1826.267946][T22752] slab_pre_alloc_hook+0x3b/0xe0 [ 1826.272883][T22752] ? __sigqueue_alloc+0x137/0x210 [ 1826.277906][T22752] kmem_cache_alloc+0x44/0x260 [ 1826.282675][T22752] __sigqueue_alloc+0x137/0x210 [ 1826.287524][T22752] __send_signal+0x212/0xc30 [ 1826.292109][T22752] ? __kasan_check_write+0x14/0x20 [ 1826.297217][T22752] send_signal+0x422/0x580 [ 1826.301632][T22752] do_send_sig_info+0xd6/0x210 [ 1826.306390][T22752] __se_sys_tkill+0x1b8/0x260 [ 1826.311063][T22752] ? __x64_sys_tkill+0x70/0x70 [ 1826.315829][T22752] ? ksys_write+0x1eb/0x240 [ 1826.320331][T22752] ? __ia32_sys_read+0x90/0x90 [ 1826.325097][T22752] ? debug_smp_processor_id+0x17/0x20 [ 1826.330469][T22752] __x64_sys_tkill+0x5b/0x70 [ 1826.335055][T22752] x64_sys_call+0x7e5/0x9a0 [ 1826.339554][T22752] do_syscall_64+0x4c/0xa0 [ 1826.343973][T22752] ? clear_bhb_loop+0x50/0xa0 [ 1826.348662][T22752] ? clear_bhb_loop+0x50/0xa0 [ 1826.353344][T22752] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1826.359238][T22752] RIP: 0033:0x7fcbeafd2929 [ 1826.363652][T22752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1826.383256][T22752] RSP: 002b:00007fcbe963b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c8 [ 1826.391664][T22752] RAX: ffffffffffffffda RBX: 00007fcbeb1f9fa0 RCX: 00007fcbeafd2929 [ 1826.399635][T22752] RDX: 0000000000000000 RSI: 0000000000000014 RDI: 0000000000000601 [ 1826.407623][T22752] RBP: 00007fcbe963b090 R08: 0000000000000000 R09: 0000000000000000 [ 1826.415585][T22752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1826.423550][T22752] R13: 0000000000000000 R14: 00007fcbeb1f9fa0 R15: 00007fff1d45d0a8 [ 1826.431534][T22752] [ 1826.541375][T22747] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6090: corrupted inode contents [ 1826.556090][T22747] EXT4-fs error (device loop2): ext4_dirty_inode:6070: inode #2: comm syz.2.6090: mark_inode_dirty error [ 1826.569057][T22747] EXT4-fs error (device loop2): ext4_do_update_inode:5234: inode #2: comm syz.2.6090: corrupted inode contents [ 1826.582337][T22747] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.6090: mark_inode_dirty error [ 1826.959547][T22759] loop4: detected capacity change from 0 to 1024 [ 1826.975723][T22760] loop1: detected capacity change from 0 to 512 [ 1827.034769][T22766] tipc: Enabling of bearer rejected, already enabled [ 1827.049080][T22760] EXT4-fs (loop1): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1827.065377][T22760] ext4 filesystem being mounted at /13/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1827.090141][T22760] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.6092: corrupted inode contents [ 1827.102226][T22760] EXT4-fs error (device loop1): ext4_dirty_inode:6070: inode #2: comm syz.1.6092: mark_inode_dirty error [ 1827.113779][T22760] EXT4-fs error (device loop1): ext4_do_update_inode:5234: inode #2: comm syz.1.6092: corrupted inode contents [ 1827.125762][T22760] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.6092: mark_inode_dirty error [ 1827.139185][T22759] EXT4-fs (loop4): Ignoring removed orlov option [ 1827.145566][T22759] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1827.157469][T22769] loop6: detected capacity change from 0 to 512 [ 1827.173819][ T30] audit: type=1326 audit(1749254868.964:9762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22765 comm="syz.0.6095" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d27b90929 code=0x7ffc0000 [ 1827.314340][T22759] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1827.381107][T22769] EXT4-fs (loop6): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1827.398341][T22769] ext4 filesystem being mounted at /337/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1827.494543][T22779] loop0: detected capacity change from 0 to 512 [ 1827.922441][T22779] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1827.939727][T22779] ext4 filesystem being mounted at /599/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1828.012811][T22779] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.6096: corrupted inode contents [ 1828.026483][T22779] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #2: comm syz.0.6096: mark_inode_dirty error [ 1828.039866][T22779] EXT4-fs error (device loop0): ext4_do_update_inode:5234: inode #2: comm syz.0.6096: corrupted inode contents [ 1828.052840][T22779] EXT4-fs error (device loop0): __ext4_ext_dirty:183: inode #2: comm syz.0.6096: mark_inode_dirty error [ 1828.173842][T22769] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #2: comm syz.6.6086: corrupted inode contents [ 1828.533677][T22769] EXT4-fs error (device loop6): ext4_dirty_inode:6070: inode #2: comm syz.6.6086: mark_inode_dirty error [ 1828.549082][T22769] EXT4-fs error (device loop6): ext4_do_update_inode:5234: inode #2: comm syz.6.6086: corrupted inode contents [ 1828.561535][T22769] EXT4-fs error (device loop6): __ext4_ext_dirty:183: inode #2: comm syz.6.6086: mark_inode_dirty error [ 1828.871081][T22796] 9pnet: Insufficient options for proto=fd [ 1829.323332][T22797] loop4: detected capacity change from 0 to 1024 [ 1829.338673][ C1] ------------[ cut here ]------------ [ 1829.344197][ C1] refcount_t: addition on 0; use-after-free. [ 1829.350331][ C1] WARNING: CPU: 1 PID: 22732 at lib/refcount.c:25 refcount_warn_saturate+0x104/0x1a0 [ 1829.359924][ C1] Modules linked in: [ 1829.363821][ C1] CPU: 1 PID: 22732 Comm: syz.6.6086 Not tainted 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1829.373819][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1829.383989][ C1] RIP: 0010:refcount_warn_saturate+0x104/0x1a0 [ 1829.390192][ C1] Code: 04 01 48 c7 c7 60 ef 62 85 e8 08 9d 50 02 0f 0b eb df e8 5f d6 1c ff c6 05 ba f8 99 04 01 48 c7 c7 a0 ee 62 85 e8 ec 9c 50 02 <0f> 0b eb c3 e8 43 d6 1c ff c6 05 9f f8 99 04 01 48 c7 c7 00 ef 62 [ 1829.409938][ C1] RSP: 0018:ffffc900001d0820 EFLAGS: 00010246 [ 1829.416029][ C1] RAX: 36f0db33509e3b00 RBX: 0000000000000002 RCX: ffff88810d244f00 [ 1829.424032][ C1] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000 [ 1829.432038][ C1] RBP: ffffc900001d0830 R08: dffffc0000000000 R09: fffff5200003a051 [ 1829.440037][ C1] R10: fffff5200003a051 R11: 1ffff9200003a050 R12: ffff88810b68e808 [ 1829.448119][ C1] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc900001d09b8 [ 1829.456116][ C1] FS: 000055558f566500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1829.465072][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1829.471693][ C1] CR2: 00007fcbe129a000 CR3: 000000012485d000 CR4: 00000000003506a0 [ 1829.479694][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1829.487670][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1829.495667][ C1] Call Trace: [ 1829.498969][ C1] [ 1829.501822][ C1] tipc_crypto_xmit+0x1938/0x2400 [ 1829.506864][ C1] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 1829.512097][ C1] ? skb_clone+0x202/0x360 [ 1829.516652][ C1] tipc_crypto_clone_msg+0x9b/0x150 [ 1829.521909][ C1] tipc_crypto_xmit+0x1ab9/0x2400 [ 1829.526949][ C1] ? get_nohz_timer_target+0x74/0x550 [ 1829.532361][ C1] ? put_prev_entity+0x470/0x470 [ 1829.537319][ C1] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 1829.542579][ C1] ? memcpy+0x56/0x70 [ 1829.546588][ C1] ? __copy_skb_header+0x437/0x600 [ 1829.551741][ C1] tipc_bearer_xmit_skb+0x226/0x360 [ 1829.556961][ C1] ? __skb_clone+0x47a/0x790 [ 1829.561634][ C1] ? tipc_bearer_mtu+0x160/0x160 [ 1829.566800][ C1] ? skb_clone+0x202/0x360 [ 1829.571278][ C1] tipc_disc_timeout+0x6a2/0x830 [ 1829.576386][ C1] ? update_rq_clock+0x4f0/0x580 [ 1829.581376][ C1] ? tipc_disc_init_msg+0x600/0x600 [ 1829.586601][ C1] ? __kasan_check_write+0x14/0x20 [ 1829.591761][ C1] ? _raw_spin_lock_irqsave+0x110/0x110 [ 1829.597331][ C1] ? tipc_disc_init_msg+0x600/0x600 [ 1829.602564][ C1] call_timer_fn+0x38/0x290 [ 1829.607087][ C1] ? tipc_disc_init_msg+0x600/0x600 [ 1829.612325][ C1] __run_timers+0x639/0x9a0 [ 1829.616853][ C1] ? calc_index+0x200/0x200 [ 1829.621389][ C1] ? __kasan_check_read+0x11/0x20 [ 1829.626423][ C1] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 1829.632088][ C1] run_timer_softirq+0x6a/0xf0 [ 1829.636999][ C1] handle_softirqs+0x250/0x560 [ 1829.641845][ C1] __irq_exit_rcu+0x52/0xf0 [ 1829.646373][ C1] irq_exit_rcu+0x9/0x10 [ 1829.650660][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 1829.656306][ C1] [ 1829.659262][ C1] [ 1829.662195][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1829.668183][ C1] RIP: 0010:finish_task_switch+0x173/0x780 [ 1829.674034][ C1] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 69 4f 5f 00 4d 8b 2e 4d 85 ed 0f 85 cd 00 00 00 4c 89 e7 e8 95 da 5d 03 fb 49 8d 9f 38 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28 [ 1829.693706][ C1] RSP: 0018:ffffc90000cf7d40 EFLAGS: 00000282 [ 1829.699825][ C1] RAX: 0000000080000001 RBX: ffff88810d245a38 RCX: 0000000000000000 [ 1829.708003][ C1] RDX: 0000000000000001 RSI: ffffffff85632900 RDI: 00000000ffffffff [ 1829.716047][ C1] RBP: ffffc90000cf7d90 R08: dffffc0000000000 R09: ffffed102386c4f1 [ 1829.724060][ C1] R10: ffffed102386c4f1 R11: 1ffff1102386c4f0 R12: ffff8881f71378c0 [ 1829.732104][ C1] R13: 0000000000000000 R14: ffff8881f7138408 R15: ffff88810d244f00 [ 1829.740130][ C1] ? __switch_to_asm+0x3a/0x60 [ 1829.744918][ C1] __schedule+0xb76/0x14c0 [ 1829.749385][ C1] ? release_firmware_map_entry+0x190/0x190 [ 1829.755377][ C1] schedule+0x11e/0x1e0 [ 1829.759585][ C1] exit_to_user_mode_loop+0x50/0xe0 [ 1829.764819][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 1829.770339][ C1] irqentry_exit_to_user_mode+0x9/0x10 [ 1829.775906][ C1] irqentry_exit+0x12/0x40 [ 1829.780379][ C1] sysvec_reschedule_ipi+0x78/0x80 [ 1829.785507][ C1] asm_sysvec_reschedule_ipi+0x1b/0x20 [ 1829.791014][ C1] RIP: 0033:0x7f9710dd7d7d [ 1829.795438][ C1] Code: 08 48 83 c3 08 48 39 d1 72 f3 48 83 e8 08 48 39 f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 <48> 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 48 89 08 48 8b 0b [ 1829.815135][ C1] RSP: 002b:00007ffec489c830 EFLAGS: 00000246 [ 1829.821244][ C1] RAX: 00007f97105c69f0 RBX: 00007f97105c6958 RCX: ffffffff8162eaa4 [ 1829.829281][ C1] RDX: ffffffff8162eaa4 RSI: ffffffff8162eaa4 RDI: 00007f97105c69f8 [ 1829.837279][ C1] RBP: 00007f97105c6958 R08: 00007f97105c69a0 R09: 00007f9711112000 [ 1829.845327][ C1] R10: 00007f971056f008 R11: 000000000000000d R12: 00007f97105c6950 [ 1829.853427][ C1] R13: 000000000000000f R14: ffffffffffffffff R15: 00007f971056f008 [ 1829.861454][ C1] ? __cgroup_account_cputime+0x74/0x120 [ 1829.867187][ C1] ? __cgroup_account_cputime+0x74/0x120 [ 1829.872875][ C1] ? __cgroup_account_cputime+0x74/0x120 [ 1829.878519][ C1] [ 1829.881592][ C1] ---[ end trace 192b29ea3917392f ]--- [ 1829.887061][ C1] ------------[ cut here ]------------ [ 1829.892598][ C1] refcount_t: underflow; use-after-free. [ 1829.898334][ C1] WARNING: CPU: 1 PID: 22732 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0 [ 1829.907848][ C1] Modules linked in: [ 1829.911768][ C1] CPU: 1 PID: 22732 Comm: syz.6.6086 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1829.923176][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1829.933260][ C1] RIP: 0010:refcount_warn_saturate+0x120/0x1a0 [ 1829.939473][ C1] Code: 04 01 48 c7 c7 a0 ee 62 85 e8 ec 9c 50 02 0f 0b eb c3 e8 43 d6 1c ff c6 05 9f f8 99 04 01 48 c7 c7 00 ef 62 85 e8 d0 9c 50 02 <0f> 0b eb a7 e8 27 d6 1c ff c6 05 80 f8 99 04 01 48 c7 c7 40 ee 62 [ 1829.959124][ C1] RSP: 0018:ffffc900001d0820 EFLAGS: 00010246 [ 1829.965208][ C1] RAX: 36f0db33509e3b00 RBX: 0000000000000003 RCX: ffff88810d244f00 [ 1829.973221][ C1] RDX: 0000000000000100 RSI: 0000000000000101 RDI: 0000000000000000 [ 1829.981227][ C1] RBP: ffffc900001d0830 R08: dffffc0000000000 R09: ffffed103ee265e8 [ 1829.989241][ C1] R10: ffffed103ee265e8 R11: 1ffff1103ee265e7 R12: ffff88810b68e808 [ 1829.997238][ C1] R13: dffffc0000000000 R14: 0000000000000003 R15: 00000000c0000000 [ 1830.005253][ C1] FS: 000055558f566500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1830.014209][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1830.020829][ C1] CR2: 00007fcbe129a000 CR3: 000000012485d000 CR4: 00000000003506a0 [ 1830.028835][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1830.036819][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1830.044832][ C1] Call Trace: [ 1830.048115][ C1] [ 1830.051090][ C1] tipc_crypto_xmit+0x1a82/0x2400 [ 1830.056132][ C1] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 1830.061373][ C1] ? skb_clone+0x202/0x360 [ 1830.065799][ C1] tipc_crypto_clone_msg+0x9b/0x150 [ 1830.071040][ C1] tipc_crypto_xmit+0x1ab9/0x2400 [ 1830.076073][ C1] ? get_nohz_timer_target+0x74/0x550 [ 1830.081486][ C1] ? put_prev_entity+0x470/0x470 [ 1830.086447][ C1] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 1830.091684][ C1] ? memcpy+0x56/0x70 [ 1830.095682][ C1] ? __copy_skb_header+0x437/0x600 [ 1830.100850][ C1] tipc_bearer_xmit_skb+0x226/0x360 [ 1830.106057][ C1] ? __skb_clone+0x47a/0x790 [ 1830.110692][ C1] ? tipc_bearer_mtu+0x160/0x160 [ 1830.115642][ C1] ? skb_clone+0x202/0x360 [ 1830.120100][ C1] tipc_disc_timeout+0x6a2/0x830 [ 1830.125049][ C1] ? update_rq_clock+0x4f0/0x580 [ 1830.130029][ C1] ? tipc_disc_init_msg+0x600/0x600 [ 1830.135249][ C1] ? __kasan_check_write+0x14/0x20 [ 1830.140401][ C1] ? _raw_spin_lock_irqsave+0x110/0x110 [ 1830.145961][ C1] ? tipc_disc_init_msg+0x600/0x600 [ 1830.148849][ C0] ------------[ cut here ]------------ [ 1830.151202][ C1] call_timer_fn+0x38/0x290 [ 1830.156649][ C0] refcount_t: saturated; leaking memory. [ 1830.156777][ C0] WARNING: CPU: 0 PID: 22753 at lib/refcount.c:22 refcount_warn_saturate+0x158/0x1a0 [ 1830.161252][ C1] ? tipc_disc_init_msg+0x600/0x600 [ 1830.166865][ C0] Modules linked in: [ 1830.166878][ C0] CPU: 0 PID: 22753 Comm: syz.6.6086 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1830.176411][ C1] __run_timers+0x639/0x9a0 [ 1830.181605][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1830.185518][ C1] ? calc_index+0x200/0x200 [ 1830.196881][ C0] RIP: 0010:refcount_warn_saturate+0x158/0x1a0 [ 1830.201377][ C1] ? __kasan_check_read+0x11/0x20 [ 1830.211436][ C0] Code: 04 01 48 c7 c7 40 ee 62 85 e8 b4 9c 50 02 0f 0b eb 8b e8 0b d6 1c ff c6 05 65 f8 99 04 01 48 c7 c7 40 ee 62 85 e8 98 9c 50 02 <0f> 0b e9 6c ff ff ff e8 ec d5 1c ff c6 05 4a f8 99 04 01 48 c7 c7 [ 1830.215924][ C1] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 1830.222072][ C0] RSP: 0018:ffffc90000007820 EFLAGS: 00010246 [ 1830.227083][ C1] run_timer_softirq+0x6a/0xf0 [ 1830.246771][ C0] [ 1830.246777][ C0] RAX: 2e33c91818713500 RBX: 0000000000000001 RCX: ffff888114904f00 [ 1830.252413][ C1] handle_softirqs+0x250/0x560 [ 1830.258456][ C0] RDX: 0000000000000100 RSI: 0000000000000103 RDI: 0000000000000000 [ 1830.263225][ C1] __irq_exit_rcu+0x52/0xf0 [ 1830.265554][ C0] RBP: ffffc90000007830 R08: 0000000000000004 R09: 0000000000000003 [ 1830.273525][ C1] irq_exit_rcu+0x9/0x10 [ 1830.278268][ C0] R10: fffff52000000eb4 R11: 1ffff92000000eb4 R12: ffff88810b68e808 [ 1830.286235][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 1830.290732][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc900000079b8 [ 1830.298704][ C1] [ 1830.302920][ C0] FS: 00007f970f5466c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 1830.310889][ C1] [ 1830.310897][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1830.316530][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1830.324505][ C1] RIP: 0010:finish_task_switch+0x173/0x780 [ 1830.327418][ C0] CR2: 0000200000b53030 CR3: 000000012485d000 CR4: 00000000003506b0 [ 1830.336432][ C1] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 69 4f 5f 00 4d 8b 2e 4d 85 ed 0f 85 cd 00 00 00 4c 89 e7 e8 95 da 5d 03 fb 49 8d 9f 38 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28 [ 1830.339372][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1830.345343][ C1] RSP: 0018:ffffc90000cf7d40 EFLAGS: 00000282 [ 1830.351951][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1830.357740][ C1] [ 1830.357747][ C1] RAX: 0000000080000001 RBX: ffff88810d245a38 RCX: 0000000000000000 [ 1830.365711][ C0] Call Trace: [ 1830.365719][ C0] [ 1830.385311][ C1] RDX: 0000000000000001 RSI: ffffffff85632900 RDI: 00000000ffffffff [ 1830.393297][ C0] tipc_crypto_xmit+0x1938/0x2400 [ 1830.399359][ C1] RBP: ffffc90000cf7d90 R08: dffffc0000000000 R09: ffffed102386c4f1 [ 1830.407320][ C0] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 1830.409643][ C1] R10: ffffed102386c4f1 R11: 1ffff1102386c4f0 R12: ffff8881f71378c0 [ 1830.417594][ C0] ? skb_clone+0x202/0x360 [ 1830.420874][ C1] R13: 0000000000000000 R14: ffff8881f7138408 R15: ffff88810d244f00 [ 1830.423712][ C0] tipc_crypto_clone_msg+0x9b/0x150 [ 1830.431682][ C1] ? __switch_to_asm+0x3a/0x60 [ 1830.436683][ C0] tipc_crypto_xmit+0x1ab9/0x2400 [ 1830.444652][ C1] __schedule+0xb76/0x14c0 [ 1830.449849][ C0] ? get_nohz_timer_target+0x74/0x550 [ 1830.457821][ C1] ? release_firmware_map_entry+0x190/0x190 [ 1830.462232][ C0] ? kfree_skbmem+0x125/0x180 [ 1830.470206][ C1] schedule+0x11e/0x1e0 [ 1830.475556][ C0] ? tipc_crypto_do_cmd+0xcf0/0xcf0 [ 1830.480330][ C1] exit_to_user_mode_loop+0x50/0xe0 [ 1830.485329][ C0] ? memcpy+0x56/0x70 [ 1830.489740][ C1] exit_to_user_mode_prepare+0x5a/0xa0 [ 1830.495090][ C0] ? __copy_skb_header+0x437/0x600 [ 1830.500973][ C1] irqentry_exit_to_user_mode+0x9/0x10 [ 1830.505719][ C0] tipc_bearer_xmit_skb+0x226/0x360 [ 1830.509873][ C1] irqentry_exit+0x12/0x40 [ 1830.515054][ C0] ? __skb_clone+0x47a/0x790 [ 1830.520250][ C1] sysvec_reschedule_ipi+0x78/0x80 [ 1830.524210][ C0] ? tipc_bearer_mtu+0x160/0x160 [ 1830.529666][ C1] asm_sysvec_reschedule_ipi+0x1b/0x20 [ 1830.534754][ C0] ? skb_clone+0x202/0x360 [ 1830.540225][ C1] RIP: 0033:0x7f9710dd7d7d [ 1830.545414][ C0] tipc_disc_timeout+0x6a2/0x830 [ 1830.549852][ C1] Code: 08 48 83 c3 08 48 39 d1 72 f3 48 83 e8 08 48 39 f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 <48> 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 48 89 08 48 8b 0b [ 1830.554431][ C0] ? update_rq_clock+0x4f0/0x580 [ 1830.559547][ C1] RSP: 002b:00007ffec489c830 EFLAGS: 00000246 [ 1830.564480][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 1830.569953][ C1] [ 1830.569962][ C1] RAX: 00007f97105c69f0 RBX: 00007f97105c6958 RCX: ffffffff8162eaa4 [ 1830.574367][ C0] ? __kasan_check_write+0x14/0x20 [ 1830.578783][ C1] RDX: ffffffff8162eaa4 RSI: ffffffff8162eaa4 RDI: 00007f97105c69f8 [ 1830.583710][ C0] ? _raw_spin_lock_irq+0x8f/0xe0 [ 1830.603352][ C1] RBP: 00007f97105c6958 R08: 00007f97105c69a0 R09: 00007f9711112000 [ 1830.608271][ C0] ? _raw_spin_lock_irqsave+0x110/0x110 [ 1830.614330][ C1] R10: 00007f971056f008 R11: 000000000000000d R12: 00007f97105c6950 [ 1830.619621][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 1830.621930][ C1] R13: 000000000000000f R14: ffffffffffffffff R15: 00007f971056f008 [ 1830.629898][ C0] call_timer_fn+0x38/0x290 [ 1830.634991][ C1] ? __cgroup_account_cputime+0x74/0x120 [ 1830.642969][ C0] ? tipc_disc_init_msg+0x600/0x600 [ 1830.647974][ C1] ? __cgroup_account_cputime+0x74/0x120 [ 1830.655949][ C0] __run_timers+0x639/0x9a0 [ 1830.661493][ C1] ? __cgroup_account_cputime+0x74/0x120 [ 1830.669468][ C0] ? calc_index+0x200/0x200 [ 1830.674649][ C1] [ 1830.682617][ C0] ? sched_clock_cpu+0x18/0x3c0 [ 1830.687106][ C1] ---[ end trace 192b29ea39173930 ]--- [ 1830.692741][ C0] run_timer_softirq+0x6a/0xf0 [ 1830.736313][ C0] handle_softirqs+0x250/0x560 [ 1830.741140][ C0] __irq_exit_rcu+0x52/0xf0 [ 1830.745667][ C0] irq_exit_rcu+0x9/0x10 [ 1830.749968][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 1830.755635][ C0] [ 1830.758575][ C0] [ 1830.761542][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1830.767544][ C0] RIP: 0010:smp_call_function_many_cond+0x8c3/0x9f0 [ 1830.774173][ C0] Code: 84 c0 0f 85 9d 00 00 00 41 8b 1f 89 de 83 e6 01 31 ff e8 70 37 0a 00 83 e3 01 48 8b 5c 24 10 75 07 e8 b1 33 0a 00 eb 42 f3 90 <48> b8 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 75 10 41 f7 [ 1830.794011][ C0] RSP: 0018:ffffc90000ca6e60 EFLAGS: 00000246 [ 1830.800119][ C0] RAX: ffffffff815e7305 RBX: ffff8881f7038e80 RCX: 0000000000080000 [ 1830.808098][ C0] RDX: ffffc90004767000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1830.816096][ C0] RBP: ffffc90000ca6f70 R08: dffffc0000000000 R09: ffffed1021fe1c56 [ 1830.824098][ C0] R10: ffffed1021fe1c56 R11: 1ffff11021fe1c55 R12: 1ffff1103ee071d0 [ 1830.832089][ C0] R13: 1ffff1103ee2784d R14: 0000000000000001 R15: ffff8881f713c268 [ 1830.840085][ C0] ? smp_call_function_many_cond+0x8e5/0x9f0 [ 1830.846090][ C0] ? flush_tlb_func+0x4c0/0x4c0 [ 1830.850986][ C0] ? native_flush_tlb_multi+0x210/0x210 [ 1830.856634][ C0] ? smp_call_function_many+0x40/0x40 [ 1830.862090][ C0] ? __pagevec_lru_add+0xb53/0xbf0 [ 1830.867231][ C0] ? cgroup_rstat_updated+0xf5/0x370 [ 1830.872661][ C0] ? native_flush_tlb_multi+0x210/0x210 [ 1830.878217][ C0] ? flush_tlb_func+0x4c0/0x4c0 [ 1830.883199][ C0] on_each_cpu_cond_mask+0x43/0x80 [ 1830.888334][ C0] native_flush_tlb_multi+0x144/0x210 [ 1830.893743][ C0] flush_tlb_mm_range+0x32f/0x490 [ 1830.898796][ C0] ptep_clear_flush+0x111/0x150 [ 1830.903667][ C0] wp_page_copy+0xd72/0x18f0 [ 1830.908272][ C0] ? insert_page_into_pte_locked+0x310/0x310 [ 1830.914280][ C0] ? _raw_spin_lock+0x8e/0xe0 [ 1830.919000][ C0] ? _raw_spin_trylock_bh+0x130/0x130 [ 1830.924402][ C0] ? vm_normal_page+0x1dd/0x1f0 [ 1830.929284][ C0] do_wp_page+0x731/0xc90 [ 1830.933629][ C0] handle_pte_fault+0x73c/0x2680 [ 1830.938580][ C0] ? __kasan_check_write+0x14/0x20 [ 1830.943725][ C0] ? _raw_spin_lock+0x8e/0xe0 [ 1830.948474][ C0] ? fault_around_bytes_set+0xc0/0xc0 [ 1830.953880][ C0] ? __switch_to+0x51d/0xe20 [ 1830.958485][ C0] do_handle_mm_fault+0x1a6d/0x1d50 [ 1830.963710][ C0] ? fault_around_bytes_set+0xc0/0xc0 [ 1830.969156][ C0] ? numa_migrate_prep+0xd0/0xd0 [ 1830.974111][ C0] ? __find_vma+0x30/0x150 [ 1830.978531][ C0] do_user_addr_fault+0x841/0x1180 [ 1830.983677][ C0] ? do_kern_addr_fault+0x80/0x80 [ 1830.988838][ C0] ? mutex_unlock+0x89/0x220 [ 1830.993445][ C0] ? unix_unhash+0x10/0x10 [ 1830.997865][ C0] exc_page_fault+0x51/0xb0 [ 1831.002406][ C0] asm_exc_page_fault+0x27/0x30 [ 1831.007261][ C0] RIP: 0010:__put_user_nocheck_4+0x3/0x11 [ 1831.013094][ C0] Code: 00 00 48 39 d9 73 54 0f 01 cb 66 89 01 31 c9 0f 01 ca c3 90 90 90 90 90 48 bb fd ef ff ff ff 7f 00 00 48 39 d9 73 34 0f 01 cb <89> 01 31 c9 0f 01 ca c3 90 90 90 90 90 90 48 bb f9 ef ff ff ff 7f [ 1831.032726][ C0] RSP: 0018:ffffc90000ca78d8 EFLAGS: 00050246 [ 1831.038819][ C0] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000200000b53030 [ 1831.046800][ C0] RDX: ffffc90000ca7d70 RSI: 0000000000000002 RDI: 00000000ffffffff [ 1831.054813][ C0] RBP: ffffc90000ca7a70 R08: dffffc0000000000 R09: fffff52000194ed1 [ 1831.062815][ C0] R10: fffff52000194ed1 R11: 1ffff92000194ed0 R12: dffffc0000000000 [ 1831.070805][ C0] R13: 0000200000b53000 R14: 0000000000000000 R15: 0000000000000000 [ 1831.078810][ C0] ? ____sys_recvmsg+0x35d/0x580 [ 1831.083767][ C0] ? __kasan_check_read+0x11/0x20 [ 1831.088811][ C0] ? __sys_recvmsg_sock+0x50/0x50 [ 1831.093838][ C0] ? memset+0x35/0x40 [ 1831.097826][ C0] ? import_iovec+0x7c/0xb0 [ 1831.102366][ C0] ___sys_recvmsg+0x1af/0x4f0 [ 1831.107057][ C0] ? __sys_recvmsg+0x250/0x250 [ 1831.111862][ C0] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 1831.118032][ C0] ? do_recvmmsg+0x51a/0x780 [ 1831.122642][ C0] do_recvmmsg+0x344/0x780 [ 1831.127065][ C0] ? __sys_recvmmsg+0x280/0x280 [ 1831.131935][ C0] ? __se_sys_futex+0x139/0x310 [ 1831.136795][ C0] __x64_sys_recvmmsg+0x18d/0x240 [ 1831.141846][ C0] ? do_recvmmsg+0x780/0x780 [ 1831.146468][ C0] ? switch_fpu_return+0x15d/0x2c0 [ 1831.151604][ C0] x64_sys_call+0x297/0x9a0 [ 1831.156115][ C0] do_syscall_64+0x4c/0xa0 [ 1831.160549][ C0] ? clear_bhb_loop+0x50/0xa0 [ 1831.165229][ C0] ? clear_bhb_loop+0x50/0xa0 [ 1831.169923][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1831.175921][ C0] RIP: 0033:0x7f9710efe929 [ 1831.180365][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1831.200000][ C0] RSP: 002b:00007f970f546038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1831.208452][ C0] RAX: ffffffffffffffda RBX: 00007f9711126080 RCX: 00007f9710efe929 [ 1831.216449][ C0] RDX: 000000000400034f RSI: 0000200000000480 RDI: 0000000000000006 [ 1831.224457][ C0] RBP: 00007f9710f80b39 R08: 0000000000000000 R09: 0000000000000000 [ 1831.232479][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1831.240473][ C0] R13: 0000000000000000 R14: 00007f9711126080 R15: 00007ffec489c968 [ 1831.248455][ C0] [ 1831.251500][ C0] ---[ end trace 192b29ea39173931 ]--- [ 1831.509615][T22797] EXT4-fs (loop4): Ignoring removed orlov option [ 1831.516342][T22797] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1831.561895][T22804] loop1: detected capacity change from 0 to 128 [ 1831.580053][T22794] bridge0: port 1(bridge_slave_0) entered blocking state [ 1831.587116][T22794] bridge0: port 1(bridge_slave_0) entered disabled state [ 1831.611530][T22804] EXT4-fs (loop1): Ignoring removed nobh option [ 1831.629233][T22797] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1831.652137][T22794] device bridge_slave_0 entered promiscuous mode [ 1831.660031][T22794] bridge0: port 2(bridge_slave_1) entered blocking state [ 1831.667698][T22794] bridge0: port 2(bridge_slave_1) entered disabled state [ 1831.676152][T22794] device bridge_slave_1 entered promiscuous mode [ 1831.683417][T22804] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1831.699152][T15478] tipc: Disabling bearer [ 1831.704572][T15478] tipc: Disabling bearer [ 1831.704938][T22804] ext4 filesystem being mounted at /15/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1831.723898][T15478] tipc: Disabling bearer [ 1831.729681][T15478] tipc: Left network mode [ 1831.840866][T22812] loop2: detected capacity change from 0 to 512 [ 1831.868729][T22812] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1831.926861][T22817] loop6: detected capacity change from 0 to 128 [ 1831.943033][T22812] EXT4-fs (loop2): 1 truncate cleaned up [ 1831.953450][T22794] bridge0: port 2(bridge_slave_1) entered blocking state [ 1831.960528][T22794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1831.967841][T22794] bridge0: port 1(bridge_slave_0) entered blocking state [ 1831.974923][T22794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1831.984114][T22812] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1832.038783][T22817] EXT4-fs (loop6): Ignoring removed nobh option [ 1832.046938][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1832.072345][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1832.103538][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1832.113388][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1832.124870][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1832.147279][T22822] 9pnet: Insufficient options for proto=fd [ 1832.161629][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1832.182560][T22817] EXT4-fs (loop6): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1832.265508][T22817] ext4 filesystem being mounted at /338/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1834.400717][T22830] 9pnet: Insufficient options for proto=fd [ 1835.439915][T22836] loop4: detected capacity change from 0 to 1024 [ 1835.463575][T22836] EXT4-fs (loop4): Ignoring removed orlov option [ 1835.482108][T22836] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 1835.507459][T22836] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1835.558976][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1835.572081][T22794] device veth0_vlan entered promiscuous mode [ 1835.600480][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1835.643823][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1835.652109][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1835.659733][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1835.675451][T22794] device veth1_macvtap entered promiscuous mode [ 1835.717136][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1835.729077][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1835.749029][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1835.753213][T22847] loop1: detected capacity change from 0 to 1024 [ 1835.776945][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1835.789408][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1835.809517][T22847] EXT4-fs (loop1): Ignoring removed orlov option [ 1835.815924][T22847] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 1835.838205][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1835.852117][T22851] loop4: detected capacity change from 0 to 128 [ 1835.860146][T15715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1835.976117][T22851] EXT4-fs (loop4): Ignoring removed nobh option [ 1835.986628][T22847] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1836.011352][T15478] device bridge_slave_1 left promiscuous mode [ 1836.197027][T15478] bridge0: port 2(bridge_slave_1) entered disabled state [ 1836.302794][T22851] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none. [ 1836.315209][T15478] device bridge_slave_0 left promiscuous mode [ 1836.333156][T15478] bridge0: port 1(bridge_slave_0) entered disabled state [ 1836.347011][T22851] ext4 filesystem being mounted at /496/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1836.360513][T15478] ------------[ cut here ]------------ [ 1836.366125][T15478] refcount_t: saturated; leaking memory. [ 1836.378774][T15478] WARNING: CPU: 0 PID: 15478 at lib/refcount.c:19 refcount_warn_saturate+0x13c/0x1a0 [ 1836.404403][T15478] Modules linked in: [ 1836.409040][T15478] CPU: 0 PID: 15478 Comm: kworker/u4:5 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1836.427649][T15478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1836.438120][T15478] Workqueue: netns cleanup_net [ 1836.443246][T15478] RIP: 0010:refcount_warn_saturate+0x13c/0x1a0 [ 1836.450084][T15478] Code: 04 01 48 c7 c7 00 ef 62 85 e8 d0 9c 50 02 0f 0b eb a7 e8 27 d6 1c ff c6 05 80 f8 99 04 01 48 c7 c7 40 ee 62 85 e8 b4 9c 50 02 <0f> 0b eb 8b e8 0b d6 1c ff c6 05 65 f8 99 04 01 48 c7 c7 40 ee 62 [ 1836.470397][T15478] RSP: 0018:ffffc90000da7780 EFLAGS: 00010246 [ 1836.480591][T15478] RAX: 7ffa75e1554e5f00 RBX: 0000000000000000 RCX: ffff888110c58000 [ 1836.491809][T15478] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 1836.500070][T15478] RBP: ffffc90000da7790 R08: dffffc0000000000 R09: ffffed103ee065e8 [ 1836.508225][T15478] R10: ffffed103ee065e8 R11: 1ffff1103ee065e7 R12: 1ffff920001b4efc [ 1836.516530][T15478] R13: ffff88810ddcb08c R14: 0000000000000000 R15: 0000000000000cc0 [ 1836.524700][T15478] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 1836.533980][T15478] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1836.540860][T15478] CR2: ffffffffdfa50000 CR3: 000000011202e000 CR4: 00000000003506b0 [ 1836.549235][T15478] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1836.557263][T15478] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1836.581700][T15478] Call Trace: [ 1836.585740][T15478] [ 1836.591901][T15478] nf_nat_masq_schedule+0x439/0x4c0 [ 1836.597184][T15478] ? __kasan_check_write+0x14/0x20 [ 1836.604001][T15478] ? nf_nat_masq_schedule+0x4c0/0x4c0 [ 1836.609873][T15478] ? masq_device_event+0xd0/0xd0 [ 1836.614911][T15478] ? nfqnl_rcv_dev_event+0x441/0x470 [ 1836.622495][T15478] ? __kasan_check_read+0x11/0x20 [ 1836.627692][T15478] masq_device_event+0x9b/0xd0 [ 1836.633023][T15478] raw_notifier_call_chain+0x90/0x100 [ 1836.638487][T15478] dev_close_many+0x32d/0x4d0 [ 1836.643200][T22869] loop1: detected capacity change from 0 to 512 [ 1836.650007][T15478] ? __dev_open+0x4c0/0x4c0 [ 1836.654593][T15478] ? __bpf_trace_kmem_cache_free+0x99/0xc0 [ 1836.657045][T22869] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1836.660784][T15478] ? __kasan_check_read+0x11/0x20 [ 1836.675574][T15478] unregister_netdevice_many+0x44c/0x1990 [ 1836.682264][T15478] ? alloc_netdev_mqs+0xc90/0xc90 [ 1836.687465][T15478] ? unregister_netdevice_queue+0x1aa/0x360 [ 1836.693742][T15478] ? list_netdevice+0x4c0/0x4c0 [ 1836.698933][T15478] ? br_dev_delete+0xfc/0x110 [ 1836.703698][T15478] default_device_exit_batch+0x330/0x390 [ 1836.725807][T15478] ? default_device_exit+0x360/0x360 [ 1836.731299][T15478] ? wait_woken+0x170/0x170 [ 1836.746034][T15478] ? rtnl_unlock+0xe/0x10 [ 1836.751257][T15478] ? default_device_exit+0x360/0x360 [ 1836.759906][T15478] cleanup_net+0x602/0xad0 [ 1836.770644][T15478] ? ops_init+0x4a0/0x4a0 [ 1836.845608][T22869] EXT4-fs (loop1): 1 truncate cleaned up [ 1836.851482][T15478] ? pwq_dec_nr_in_flight+0x18c/0x3c0 [ 1836.857274][T15478] process_one_work+0x6be/0xba0 [ 1836.862541][T22869] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1836.873394][T15478] worker_thread+0xa59/0x1200 [ 1836.878160][T15478] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 1836.884026][T15478] kthread+0x411/0x500 [ 1836.889383][T15478] ? worker_clr_flags+0x190/0x190 [ 1836.904365][T15478] ? kthread_blkcg+0xd0/0xd0 [ 1836.911196][T15478] ret_from_fork+0x1f/0x30 [ 1836.915715][T15478] [ 1836.919026][T15478] ---[ end trace 192b29ea39173932 ]--- [ 1837.521843][T22883] loop0: detected capacity change from 0 to 1024 [ 1837.618445][T22884] 9pnet: Insufficient options for proto=fd [ 1837.742985][T22883] EXT4-fs (loop0): Ignoring removed orlov option [ 1837.756786][T22883] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 1837.878052][T22883] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 1838.901342][T22896] loop4: detected capacity change from 0 to 512 [ 1839.131026][T22896] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1839.140774][T22896] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.6124: bg 0: block 248: padding at end of block bitmap is not set [ 1839.156449][T22896] Quota error (device loop4): write_blk: dquota write failed [ 1839.164070][T22896] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 1839.174180][T22896] EXT4-fs error (device loop4): ext4_acquire_dquot:6195: comm syz.4.6124: Failed to acquire dquot type 1 [ 1839.190618][T22896] EXT4-fs (loop4): 1 truncate cleaned up [ 1839.197888][T22896] EXT4-fs (loop4): mounted filesystem without journal. Opts: bsdgroups,nodiscard,noblock_validity,grpjquota=,grpjquota=,noquota,auto_da_alloc,noload,nodiscard,,errors=continue. Quota mode: writeback. [ 1839.584578][T22903] loop0: detected capacity change from 0 to 512 [ 1845.381595][T22913] loop6: detected capacity change from 0 to 512 [ 1845.547615][T22915] loop4: detected capacity change from 0 to 512 [ 1846.196785][T22915] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000007,nodiscard,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 1846.213582][T22915] ext4 filesystem being mounted at /500/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1846.239928][T22915] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.6127: corrupted inode contents [ 1846.252810][T22915] EXT4-fs error (device loop4): ext4_dirty_inode:6070: inode #2: comm syz.4.6127: mark_inode_dirty error [ 1846.266353][T22915] EXT4-fs error (device loop4): ext4_do_update_inode:5234: inode #2: comm syz.4.6127: corrupted inode contents [ 1846.279450][T22915] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.6127: mark_inode_dirty error [ 1846.573850][T22924] loop2: detected capacity change from 0 to 512 [ 1846.682260][T15478] ================================================================== [ 1846.690385][T15478] BUG: KASAN: use-after-free in tcp_metrics_flush_all+0xd3/0x210 [ 1846.698133][T15478] Read of size 4 at addr ffff88810ddcb08c by task kworker/u4:5/15478 [ 1846.706209][T15478] [ 1846.708548][T15478] CPU: 1 PID: 15478 Comm: kworker/u4:5 Tainted: G W 5.15.185-syzkaller-00339-ge678c93d43cc #0 [ 1846.720093][T15478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1846.730171][T15478] Workqueue: netns cleanup_net [ 1846.734964][T15478] Call Trace: [ 1846.738243][T15478] [ 1846.741173][T15478] __dump_stack+0x21/0x30 [ 1846.745501][T15478] dump_stack_lvl+0xee/0x150 [ 1846.750091][T15478] ? show_regs_print_info+0x20/0x20 [ 1846.755289][T15478] ? load_image+0x3a0/0x3a0 [ 1846.759912][T15478] ? ____kasan_slab_free+0x130/0x160 [ 1846.765198][T15478] ? __kasan_slab_free+0x11/0x20 [ 1846.770133][T15478] print_address_description+0x7f/0x2c0 [ 1846.775678][T15478] ? tcp_metrics_flush_all+0xd3/0x210 [ 1846.781068][T15478] kasan_report+0xf1/0x140 [ 1846.785478][T15478] ? _raw_spin_lock_bh+0x8e/0xe0 [ 1846.790417][T15478] ? tcp_metrics_flush_all+0xd3/0x210 [ 1846.795992][T15478] kasan_check_range+0x280/0x290 [ 1846.800929][T15478] __kasan_check_read+0x11/0x20 [ 1846.805774][T15478] tcp_metrics_flush_all+0xd3/0x210 [ 1846.810968][T15478] ? tcp_net_metrics_init+0x150/0x150 [ 1846.816333][T15478] tcp_net_metrics_exit_batch+0x10/0x20 [ 1846.821899][T15478] cleanup_net+0x602/0xad0 [ 1846.826317][T15478] ? ops_init+0x4a0/0x4a0 [ 1846.830997][T15478] ? pwq_dec_nr_in_flight+0x18c/0x3c0 [ 1846.836372][T15478] process_one_work+0x6be/0xba0 [ 1846.841221][T15478] worker_thread+0xa59/0x1200 [ 1846.845981][T15478] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 1846.851441][T15478] kthread+0x411/0x500 [ 1846.855504][T15478] ? worker_clr_flags+0x190/0x190 [ 1846.860528][T15478] ? kthread_blkcg+0xd0/0xd0 [ 1846.865124][T15478] ret_from_fork+0x1f/0x30 [ 1846.869538][T15478] [ 1846.872552][T15478] [ 1846.874867][T15478] Allocated by task 11502: [ 1846.879268][T15478] __kasan_slab_alloc+0xbd/0xf0 [ 1846.884129][T15478] slab_post_alloc_hook+0x4f/0x2b0 [ 1846.889236][T15478] kmem_cache_alloc+0xf7/0x260 [ 1846.893996][T15478] copy_net_ns+0x145/0x5c0 [ 1846.898405][T15478] create_new_namespaces+0x3a2/0x660 [ 1846.903682][T15478] unshare_nsproxy_namespaces+0x120/0x170 [ 1846.909393][T15478] ksys_unshare+0x4ac/0x7b0 [ 1846.913899][T15478] __x64_sys_unshare+0x38/0x40 [ 1846.918658][T15478] x64_sys_call+0x442/0x9a0 [ 1846.923153][T15478] do_syscall_64+0x4c/0xa0 [ 1846.927558][T15478] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1846.933451][T15478] [ 1846.935769][T15478] Freed by task 15478: [ 1846.939820][T15478] kasan_set_track+0x4a/0x70 [ 1846.944400][T15478] kasan_set_free_info+0x23/0x40 [ 1846.949330][T15478] ____kasan_slab_free+0x125/0x160 [ 1846.954431][T15478] __kasan_slab_free+0x11/0x20 [ 1846.959189][T15478] slab_free_freelist_hook+0xc2/0x190 [ 1846.964558][T15478] kmem_cache_free+0x100/0x320 [ 1846.969313][T15478] cleanup_net+0xa2d/0xad0 [ 1846.973721][T15478] process_one_work+0x6be/0xba0 [ 1846.978563][T15478] worker_thread+0xa59/0x1200 [ 1846.983335][T15478] kthread+0x411/0x500 [ 1846.987396][T15478] ret_from_fork+0x1f/0x30 [ 1846.991806][T15478] [ 1846.994122][T15478] The buggy address belongs to the object at ffff88810ddcb000 [ 1846.994122][T15478] which belongs to the cache net_namespace of size 3968 [ 1847.008424][T15478] The buggy address is located 140 bytes inside of [ 1847.008424][T15478] 3968-byte region [ffff88810ddcb000, ffff88810ddcbf80) [ 1847.021777][T15478] The buggy address belongs to the page: [ 1847.027420][T15478] page:ffffea0004377200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810ddca000 pfn:0x10ddc8 [ 1847.038966][T15478] head:ffffea0004377200 order:3 compound_mapcount:0 compound_pincount:0 [ 1847.047368][T15478] flags: 0x4000000000010200(slab|head|zone=1) [ 1847.053446][T15478] raw: 4000000000010200 ffffea00044b8200 0000000200000002 ffff8881001c5980 [ 1847.062024][T15478] raw: ffff88810ddca000 0000000080080003 00000001ffffffff 0000000000000000 [ 1847.070590][T15478] page dumped because: kasan: bad access detected [ 1847.077080][T15478] page_owner tracks the page as allocated [ 1847.082805][T15478] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 814, ts 78136191737, free_ts 78081993591 [ 1847.103201][T15478] post_alloc_hook+0x192/0x1b0 [ 1847.107967][T15478] prep_new_page+0x1c/0x110 [ 1847.112462][T15478] get_page_from_freelist+0x2cc5/0x2d50 [ 1847.118002][T15478] __alloc_pages+0x18f/0x440 [ 1847.122593][T15478] new_slab+0xa1/0x4d0 [ 1847.126669][T15478] ___slab_alloc+0x381/0x810 [ 1847.131465][T15478] __slab_alloc+0x49/0x90 [ 1847.135801][T15478] kmem_cache_alloc+0x138/0x260 [ 1847.140647][T15478] copy_net_ns+0x145/0x5c0 [ 1847.145059][T15478] create_new_namespaces+0x3a2/0x660 [ 1847.150340][T15478] copy_namespaces+0x1d1/0x220 [ 1847.155100][T15478] copy_process+0x118d/0x3210 [ 1847.159775][T15478] kernel_clone+0x23f/0x940 [ 1847.164289][T15478] __x64_sys_clone+0x176/0x1d0 [ 1847.169063][T15478] x64_sys_call+0x41f/0x9a0 [ 1847.173564][T15478] do_syscall_64+0x4c/0xa0 [ 1847.177982][T15478] page last free stack trace: [ 1847.182648][T15478] free_unref_page_prepare+0x542/0x550 [ 1847.188105][T15478] free_unref_page+0xa2/0x550 [ 1847.192777][T15478] __free_pages+0x6c/0x100 [ 1847.197191][T15478] __free_slab+0xe8/0x1e0 [ 1847.201516][T15478] __unfreeze_partials+0x160/0x190 [ 1847.206623][T15478] put_cpu_partial+0xc6/0x120 [ 1847.211314][T15478] __slab_free+0x1d4/0x290 [ 1847.215724][T15478] ___cache_free+0x104/0x120 [ 1847.220308][T15478] qlink_free+0x4d/0x90 [ 1847.224460][T15478] qlist_free_all+0x5f/0xb0 [ 1847.228957][T15478] kasan_quarantine_reduce+0x14a/0x170 [ 1847.234411][T15478] __kasan_slab_alloc+0x2f/0xf0 [ 1847.239256][T15478] slab_post_alloc_hook+0x4f/0x2b0 [ 1847.244362][T15478] kmem_cache_alloc+0xf7/0x260 [ 1847.249126][T15478] audit_log_start+0x3a4/0x8b0 [ 1847.253880][T15478] audit_seccomp+0x62/0x160 [ 1847.258379][T15478] [ 1847.260693][T15478] Memory state around the buggy address: [ 1847.266314][T15478] ffff88810ddcaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1847.274549][T15478] ffff88810ddcb000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1847.282690][T15478] >ffff88810ddcb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1847.290742][T15478] ^ [ 1847.295058][T15478] ffff88810ddcb100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1847.303111][T15478] ffff88810ddcb180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1847.311156][T15478] ================================================================== [ 1847.319199][T15478] Disabling lock debugging due to kernel taint [ 1847.334775][ T30] audit: type=1400 audit(1749254889.124:9763): avc: denied { read } for pid=83 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 1847.371418][T22924] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 1847.411144][ T30] audit: type=1400 audit(1749254889.124:9764): avc: denied { search } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1847.431050][T22924] EXT4-fs (loop2): 1 truncate cleaned up [ 1847.442228][T22929] netlink: 60 bytes leftover after parsing attributes in process `syz.6.6132'. [ 1847.449827][T22924] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 1847.471877][ T30] audit: type=1400 audit(1749254889.124:9765): avc: denied { write } for pid=83 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1847.493417][ T2880] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1847.544091][ T30] audit: type=1400 audit(1749254889.124:9766): avc: denied { add_name } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 1847.598649][ T30] audit: type=1400 audit(1749254889.124:9767): avc: denied { create } for pid=83 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1847.621266][ T30] audit: type=1400 audit(1749254889.124:9768): avc: denied { append open } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1847.644329][ T30] audit: type=1400 audit(1749254889.124:9769): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 1847.858797][ T2880] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1847.869653][ T2880] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 1847.878966][ T2880] usb 1-1: config 220 interface 0 has no altsetting 0 [ 1848.038728][ T2880] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1848.047904][ T2880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1848.056170][ T2880] usb 1-1: Product: syz [ 1848.060546][ T2880] usb 1-1: Manufacturer: syz [ 1848.065193][ T2880] usb 1-1: SerialNumber: syz [ 1848.323437][T22912] loop0: detected capacity change from 0 to 512 [ 1848.390348][T22912] EXT4-fs (loop0): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback. [ 1848.405019][T22912] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1849.909046][ T2880] usb 1-1: Found UVC 0.00 device syz (8086:0b07) [ 1849.915474][ T2880] usb 1-1: No valid video chain found. [ 1849.921797][ T2880] usb 1-1: USB disconnect, device number 14