last executing test programs: 10.68455523s ago: executing program 2 (id=63): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x404000, 0x0) write(r5, &(0x7f0000004200)='t', 0x1) unshare(0x64000600) r6 = socket(0xa, 0x801, 0x0) getsockopt(r6, 0x0, 0x40, &(0x7f0000b3ffac)=""/84, &(0x7f00000000c0)=0x54) unshare(0x26020480) socketpair(0x1e, 0x100000005, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) 9.226080262s ago: executing program 2 (id=68): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1b010000000000407e050e2000000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a40)={0x2020}, 0x2020) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000000)='syz0\x00') mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="170000000000000004000000ff00", @ANYBLOB, @ANYRES16=r3], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) write$P9_RREMOVE(r5, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$nl_route(0x10, 0x3, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x2], [], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}, 0x45c) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003460200bfa30000000000001702000000feffff7a0a00fe14ffffff79a4f0ff00000000b7060000ff0800007e640200000000005502faff037202000404000001007d60a6040000001000006a0a58fe39000f00850000005a000000bc600000000000009500000000000000a81bbfa32d51a7d0679fd43041097666ab982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c4580034fb000000e3a94bd24d2eb3860d808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b893d3b72cd6c832e986440ff0a7e8620cb231ccd00000000000000000000007777e2704653f620b2272c3c7fea60491073847c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a1f00e891728807982d90e116bba29bb70900000000000000c63ad2e7402f9cb424ac416e66af9ebbfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b464d9e57dfdb06dcf9101000100130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ebdecbd061772daa52a38539295d3fea7a7e669441e1ff04114dfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cbe8925efd0c81af69a3e97588878d7ce18b68bc37e061d33357d6a39d33c702576cc2a8891663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a90000000000a2a283801ff218538cb12c72b56ffb6b7a062581ec749f5700000000009f1f5ab2e02739ccd50523d3360300005cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ffb0e97628a88a5e37032f1e8f6c893e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2816e301fc8a24dba6fca8b270d44fe65e7bd90a5fc16387bcb5e3df18d7d2a33c72cfda827b8926a6dc6bc19ce398cb8fe48b11b7f93e6fdfb040283c9627bd40909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9598eb067b21111dbaa58b19a52f3f12880128d08eb477ad349ca214bc7f80000000000ffb52da89cff41552996e20a585c7d265bd749eeba040fa7111c84142757709d7c475fac2839beb833327db41c6b647c7ee9ad419a6c68dd5c2ce4fa23c280518fc6e54d1b055cae5492e8c4cdd314a49631a15de2bffc920dd74e670794acec7a9da17d809bf956f1af51cf3c0711792d3071dfdaec3c66053cdb00028f6fba8da8f53de39a5999e56fc26ae866674627c8a53d3fd245050060ed40782d1d98bf1e1f5dfd4d1fb399624c12732e300818b222ce029ce01055f941721226e3e5f05d2837240f8f6831b6ef2a02ec64aae1eea9cfac06d8b7042e8ebdc6cb0d4a140e1e631d06afc99d397c5b67b290344e347c953806b298f288884335f624378b3748a4a86bbd0a62127b2c28ce3737661b98bd45965b537ece7bd4e365ffd5567df4d02034c8d488a49c6fb1a0a02eaab2f271d3a14e44211e4ff602d146f72355972860bdd14719d65301964d022819b75696ce47534c9d989d69a445095ff8fbebd2c84635acc333f2aca4623cfe9f9e6c3f9fbb4374c08e1be5eec12c329a87d335fd7a52a4e4e7c2e57fa2f0df9500347b300f84230783cb665f3fa44f5d6fa987aa93c2619ef4977f9e4d38adec323778f3bc987533ffd85fe5417398a3001b394fccbd2faee83b5e2b8a2dd18cf067b619a82c4706531b3ef336a84e825c63b9bc7b98b4ad6a471692224adef86f4c9930169dfa133e22929d5a27e10bfbcfe7c02ca451afd74d26f489e0e09cf1b596ae0c959cf26cb0c8114a9311b7f2fe2ad977074ff5f62f6777a20700414ed03ba3d7404eadd43a62ad1173491a5c099290393e1f85aeb3886fbb7f6646212054a850d58a71c6d6027cd3a5ff22e98672349f9bddb23622e2f19b39e51ced84524567ec1fcb233a2fb85371e9b08b6fd4adcd4db148ed26757123a0e604bcf6ffdcc303956e1805f1746361bd3eeb55d3fefe6ac274c2e6c78963430118942d62a465698e600dadd81a53ffd29358746e8db2499e3fca62b0ff660b0aaeedadeb194a9217e9fed2ce04cc24451871d5bcd76173ab7123cc27eef33dbb4d3c3bf1fc2df68a98345c15667388c5000000000000000000000015000000c0459f900702908d4979288d06c7159ef2663dc7ea9302b10bf2da21e3990ddf20a38adc1fd15124310daf2461224cfbfd5e6265d012d60fc9e39209ce3209720f8d7bf39bf71d0d46ed6d51eede797da70cf0b7463cffc80a7a56eeb25ed0adfb146a3221c20d51f172cf2eefe1e6b28cffc1e40a789d5513626f5c4fbf65a2b5a093634b806b7ee570f70f624ce8c02d4c1ec7a9370f42a807f1d46fe77be0637a8007343b7771788f64b36cab94a99243bc780702f98f34a80f81aeb853f97c3e9586805d1a240d7e870b15defbc6b21fdc98a79759c9b8375313deea0000000009e38e9539d6b9507b6f3f8d29992d080a13aed8879a1f2cf352fb5a376427f89d432f7fe7c0cad2ce38427fc773cef47e00000000000000000000000000000000000d09b8ee6321377ffcb6cc386f8704ae9ce6c11b4bb91d0097ef2b77e0cd28af1222e68c2745eca64fa40db07f6e5925224069d14395f7170ab9c2d396f7510f65ce5b0405d8951a70a37117d13c5b2f684c52bff2dc895f5e06e497adee9de0012dd140c592137c90319f8a578007b57aaba3fb93d29a6584313e5b58f8a71cebf77a0891f3633dba69588ec728e785e6e4431fce5a143451c7a51c22b1b605347db811eb9a461f4ef2612181aa8cafc33a2047b7ba57a5"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x37}, 0x24) 6.547472752s ago: executing program 4 (id=80): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000075981400000000003b810000850000007d000000760000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40000) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="3b256c7a40ff8cf30d776a89d5cfc3ce7467bd24", 0x14}], 0x1, 0x0) r3 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r3, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) pselect6(0x40, &(0x7f0000000240)={0x2, 0x0, 0x7, 0x3, 0x3, 0x0, 0x100, 0x5}, &(0x7f00000000c0)={0x1d, 0xfffffffffffffffe, 0x40, 0x7eff, 0x0, 0x1, 0x0, 0x8}, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r4, 0x400, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1b, 0x2000000000000019, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r6}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='leases_conflict\x00', r7}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) setsockopt$inet_int(r3, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) syz_clone(0x100100, &(0x7f0000003100), 0x0, 0x0, 0x0, 0x0) ioprio_set$pid(0x2, 0x0, 0x6000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) io_pgetevents(0x0, 0x8001, 0x0, 0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000100)={'gretap0\x00', 0x0, 0x10, 0x8000, 0x9, 0x101, {{0x10, 0x4, 0x0, 0x39, 0x40, 0x66, 0x0, 0x7, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x30}, @remote, {[@timestamp={0x44, 0x14, 0x5, 0x0, 0x8, [0x0, 0x3, 0x65d3b0f8, 0x6]}, @lsrr={0x83, 0x7, 0xee, [@local]}, @generic={0x88, 0xf, "7ddfe28a3fdfdf21184f31d0a4"}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000300)={'gre0\x00', &(0x7f0000000380)={'syztnl0\x00', r8, 0x8000, 0x7800, 0x9, 0x1, {{0xa, 0x4, 0x0, 0x25, 0x28, 0x64, 0x0, 0x8, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x2b}, @loopback, {[@end, @generic={0x94, 0x3, 'x'}, @ssrr={0x89, 0xf, 0xca, [@remote, @broadcast, @empty]}]}}}}}) 6.508770753s ago: executing program 4 (id=81): r0 = socket$netlink(0x10, 0x3, 0x8000000004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="2e0000000000000000000000000000002f110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000004000200060c10000000010000000000", 0x58}], 0x1) 5.944942641s ago: executing program 0 (id=83): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x3c}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x700, 0x8000000}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x2cb, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='sched_kthread_stop_ret\x00', r0, 0x0, 0x4dfd2692}, 0x18) syz_open_dev$tty1(0xc, 0x4, 0x2) 5.885030242s ago: executing program 0 (id=84): r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x70, 0xf, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0xfffa, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x2}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x8, {[@main=@item_012={0x2, 0x0, 0x9, '\x00\x00'}, @global=@item_4={0x3, 0x1, 0xa, "4706c1e7"}]}}, 0x0}, 0x0) 5.691858855s ago: executing program 2 (id=86): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000"], 0x50) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="797100000000000000007e000000080003001c1ffce6033adc9f1ace0fbd7a9ac6de1afd37a506756325549bc8a128e2d3320648", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x18) ioprio_set$pid(0x3, 0x0, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @empty}, 0x2}}, 0x2e) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0x1008801, &(0x7f0000005ac0)=ANY=[], 0x1, 0x1ea, &(0x7f00000004c0)="$eJzsmbGLE0EUxr+Z3STnIYqNhY2FB57obXY3KtcceIKlINyJWgZvPaKbRJIVkoBgsLGxtBBs/QcsLFJZ2NnZaqGCYGFK65GZnd2duIkmrkXw3g8y+83szJt5bzdfsyAI4sDy5fOPT08vb+6eA3AYa6jo8W9WNocb8z8+f3D22daVF68+vHzbOvJwZMa6BIABEGL+/W0Ab7Yt4NFR1RdicvWavu6Cp/o6OM5ofQMMTnJWka0OwHBLD981dPuQFmHAbrfDvTuNMHBl48nGl00NEBPnGw8Z9gCs6C2Ycb5uf3CvHgKdWIRBIkoi2Sd3a1Hxp/qNtzm2jBLI53XzyeOh7Dt63DXq54HD07oGhh2tN1GB4zhZSYz8T9hZfCuXf8EkUbxGU8WxjX8c8P8VrOATBLAEWcwn2K8j8g+djhwfj97lV31dlsP/hVDGBSB36/1qGF4tELmsTWDmKxH7B7OB04Y/2bBT/6hGzfvVbn+w0WjW94P9oOX7tYvuede94FeVEcXtb/xvRfnTqhG/NGNumZXRq0dRx+sBUcdL+37cGo6787r9Xa3hyv841k/FMeSrotKuTN+D6R9XV6nWrZmHJwiCIAiCIAiCIAiCIAiCWIiTYPGHsPhDlUgoiQn8a2r2zwAAAP//tSxqVQ==") ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x4) r8 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) fadvise64(r8, 0x0, 0x0, 0x3) 5.382590399s ago: executing program 4 (id=87): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) getresuid(0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000200)={0x0, 0x1, 0x65276d22, 0xffffffffffffffda}) setuid(0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x1000) io_uring_setup(0x503, &(0x7f0000000e80)={0x0, 0x1d55, 0x1046, 0xffff7fff, 0xb7}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00"/13, @ANYBLOB='\x00'/14], 0x48) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@gettaction={0x24, 0x32, 0x6dd711a25f4cb68b, 0x0, 0xfffffffe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_gd=@TCA_ACT_TAB={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x62040200) r6 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x0, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x20, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r5}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r7, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)}], 0x1}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x280040, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}], [{@euid_lt={'euid<', r0}}]}) 5.052979624s ago: executing program 3 (id=88): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f00000001c0)=0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="797100000000000000007e000000080003001c1ffce6033adc9f1ace0fbd7a9ac6de1afd37a506756325549bc8a128e2d3320648", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x18) ioprio_set$pid(0x3, 0x0, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @empty}, 0x2}}, 0x2e) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0x1008801, &(0x7f0000005ac0)=ANY=[], 0x1, 0x1ea, &(0x7f00000004c0)="$eJzsmbGLE0EUxr+Z3STnIYqNhY2FB57obXY3KtcceIKlINyJWgZvPaKbRJIVkoBgsLGxtBBs/QcsLFJZ2NnZaqGCYGFK65GZnd2duIkmrkXw3g8y+83szJt5bzdfsyAI4sDy5fOPT08vb+6eA3AYa6jo8W9WNocb8z8+f3D22daVF68+vHzbOvJwZMa6BIABEGL+/W0Ab7Yt4NFR1RdicvWavu6Cp/o6OM5ofQMMTnJWka0OwHBLD981dPuQFmHAbrfDvTuNMHBl48nGl00NEBPnGw8Z9gCs6C2Ycb5uf3CvHgKdWIRBIkoi2Sd3a1Hxp/qNtzm2jBLI53XzyeOh7Dt63DXq54HD07oGhh2tN1GB4zhZSYz8T9hZfCuXf8EkUbxGU8WxjX8c8P8VrOATBLAEWcwn2K8j8g+djhwfj97lV31dlsP/hVDGBSB36/1qGF4tELmsTWDmKxH7B7OB04Y/2bBT/6hGzfvVbn+w0WjW94P9oOX7tYvuede94FeVEcXtb/xvRfnTqhG/NGNumZXRq0dRx+sBUcdL+37cGo6787r9Xa3hyv841k/FMeSrotKuTN+D6R9XV6nWrZmHJwiCIAiCIAiCIAiCIAiCWIiTYPGHsPhDlUgoiQn8a2r2zwAAAP//tSxqVQ==") 4.69211625s ago: executing program 2 (id=89): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="797100000000000000007e000000080003001c1ffce6033adc9f1ace0fbd7a9ac6de1afd37a506756325549bc8a128e2d3320648", @ANYBLOB], 0x1c}}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r5}, 0x18) ioprio_set$pid(0x3, 0x0, 0x0) 4.592681741s ago: executing program 1 (id=90): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x840, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0xfffffffd}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) pipe(&(0x7f0000000100)={0xffffffffffffffff}) setsockopt$inet_tcp_int(r3, 0x6, 0x22, &(0x7f0000000180)=0x1, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0x82040, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280), 0x80, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x10000000000) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0}) socket(0x10, 0x3, 0x0) 4.406319604s ago: executing program 4 (id=91): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x31) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000000400007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r3, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.252317061s ago: executing program 3 (id=92): open(0x0, 0x14927e, 0x9) mkdir(0x0, 0x0) getresuid(&(0x7f0000000140)=0x0, &(0x7f0000000180), 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$lock(r1, 0x7, 0x0) setuid(r0) io_uring_setup(0x503, &(0x7f0000000e80)={0x0, 0x1d55, 0x1046, 0xffff7fff, 0xb7}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f0000000040)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080000000", @ANYBLOB, @ANYBLOB='\x00'/16], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x62040200) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x0, 0xf0, 0xffffffff, 0x0, 0x310, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [], 'batadv0\x00', 'veth0_to_batadv\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x20, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x510) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x280040, 0x0) 3.168870343s ago: executing program 4 (id=93): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x40041, 0x0) setuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x17, 0x0, 0xfffffffc, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) r5 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r6, &(0x7f0000000140)='./file0\x00') readlinkat(r6, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xb, 0x8, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffff9}, 0x50) 3.108631083s ago: executing program 1 (id=94): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0900000007000000008000000100000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000d35a3ed270376a4f9c"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r4}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 2.728733489s ago: executing program 2 (id=95): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) (async) r1 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x1) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x18502) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0) ppoll(&(0x7f0000000100)=[{r3, 0x108}], 0x1, &(0x7f0000000140)={0x0, 0x3938700}, &(0x7f0000000180)={[0x9]}, 0x8) (async) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_MFC(r4, 0x0, 0xcd, &(0x7f00000001c0)={@private=0xa010101, @private=0xa010100, 0x0, "bdc21dfb2634002acbaf74852e69e45ef5f35824770d5e3cadc2b4864ce7bb03", 0x4, 0x3, 0x1, 0x400}, 0x3c) (async) r5 = socket$unix(0x1, 0x1, 0x0) (async) r6 = geteuid() fsetxattr$security_capability(r5, &(0x7f0000000200), &(0x7f0000000240)=@v3={0x3000000, [{0xfff, 0x8}, {0x2}], r6}, 0x18, 0x0) (async) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) (async) sendmsg$sock(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000280)="43ca4f744b6105bb3b7f9eab44a190d5e2967d1e745b33d232ae986eae826402e77b3ca9acce892648ef4f95f23c87cd3f3642d8f6a2a5011bf2f835225524909113c0bb1daee6248d2553346a5c371e81eaf575d2dc365f4c64f6f328718c022cd323a707ac4688b31d6c952014424d2627e3ad08ab7182d292d3c407b9b3a68c9b62e4beb41ba5067af514b728c761309c79e5a819e5960619507e334b4241763c975344e5d373652b20e5dd3f5506a355e2cf0e3eb92341a781fa7c160bda9cdf47f35f330a1adedcab9d371b33b383", 0xd1}, {&(0x7f0000000380)="860ca17f29e3dcbde5b12c53f8b8fce778a26435ba460d9360e2207bbb5d6053cf35c7fe76c261669510e5cc357036dfffe09ad80db41ca07159d87b965d4b333fb9a13ff1e3d2418cd73939a0369873e86333ebe641886baf50e68c6fd562423b5657921a06d13bbcfb710ecf35330916b50af08b0596b8c141a58e1f92c8fe5945541814b77a9fd10b61", 0x8b}], 0x2}, 0x80) r7 = socket$packet(0x11, 0x3, 0x300) (async) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/bus/input/devices\x00', 0x0, 0x0) poll(&(0x7f0000000500)=[{0xffffffffffffffff, 0x80}, {r0, 0x4000}, {r4, 0x6400}, {r2, 0x40}, {r0, 0x1001}, {r0, 0x20}, {r8, 0x9dfe93c2fe459515}, {r5, 0x2500}, {r7, 0x200}, {r0, 0x2000}], 0xa, 0x9) (async) r9 = eventfd2(0x8, 0x800) r10 = dup(r9) (async) syz_extract_tcp_res$synack(&(0x7f0000000580), 0x1, 0x0) fsetxattr$trusted_overlay_origin(r2, &(0x7f00000005c0), &(0x7f0000000600), 0x2, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0xa, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xfffffff7}, [@exit, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, @map_val={0x18, 0x0, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x7}, @map_fd={0x18, 0x2, 0x1, 0x0, r8}]}, &(0x7f00000006c0)='GPL\x00', 0x1ff, 0xab, &(0x7f0000000700)=""/171, 0x40f00, 0x8, '\x00', 0x0, 0x25, r5, 0x8, &(0x7f00000007c0)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000800)={0x1, 0xd, 0x7fff, 0x2f80}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000840)=[r8], &(0x7f0000000880)=[{0x2, 0x1, 0xd, 0x7}], 0x10, 0x2}, 0x94) (async) r11 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r11, 0x8983, &(0x7f0000000980)) (async) close_range(r3, r9, 0x0) (async) sendmsg$NFNL_MSG_ACCT_GET(r10, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a00)={0x70, 0x1, 0x7, 0x201, 0x0, 0x0, {0x5, 0x0, 0x6}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x76}, @NFACCT_BYTES={0xc}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0xe1}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0xfffffffffffffc01}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0xc0}, 0x4) (async) shutdown(r8, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000b40)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r11, 0x8933, &(0x7f0000000b80)={'team0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000e40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000e00)={&(0x7f0000000d00)=@mpls_getroute={0xe4, 0x1a, 0x2, 0x70bd26, 0x25dfdbfc, {0x1c, 0x10, 0x0, 0x1, 0x0, 0x1, 0x0, 0x7, 0x2900}, [@RTA_OIF={0x8, 0x4, r12}, @RTA_VIA={0x14, 0x12, {0x26, "83484a96d3edbeb4614aa22e681b"}}, @RTA_NEWDST={0x84, 0x13, [{0x7}, {0x3, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0xa, 0x0, 0x1}, {0xee}, {0xdce7}, {0x5}, {0x1ff}, {0xffffa, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0xffff}, {0x3, 0x0, 0x1}, {0xc, 0x0, 0x1}, {0x4, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0xaa}, {0x5}, {0x24d9}, {0x3, 0x0, 0x1}, {0x1}, {}, {0x2, 0x0, 0x1}, {0x2}, {0x7}, {0x2}, {0xf, 0x0, 0x1}, {0x9, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x5}, {0x2}, {0x7}, {0x1, 0x0, 0x1}]}, @RTA_OIF={0x8, 0x4, r13}, @RTA_MULTIPATH={0xc, 0x9, {0x5, 0x0, 0x6}}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0x54}, @RTA_MULTIPATH={0xc, 0x9, {0x1000, 0x0, 0x81}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x4004001}, 0x80) 2.6366795s ago: executing program 2 (id=96): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1b010000000000407e050e2000000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000a40)={0x2020}, 0x2020) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000000)='syz0\x00') mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="170000000000000004000000ff00", @ANYBLOB, @ANYRES16=r3], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) write$P9_RREMOVE(r5, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) socket$nl_route(0x10, 0x3, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x2], [], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000]}, 0x45c) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003460200bfa30000000000001702000000feffff7a0a00fe14ffffff79a4f0ff00000000b7060000ff0800007e640200000000005502faff037202000404000001007d60a6040000001000006a0a58fe39000f00850000005a000000bc600000000000009500000000000000a81bbfa32d51a7d0679fd43041097666ab982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c4580034fb000000e3a94bd24d2eb3860d808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b893d3b72cd6c832e986440ff0a7e8620cb231ccd00000000000000000000007777e2704653f620b2272c3c7fea60491073847c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a1f00e891728807982d90e116bba29bb70900000000000000c63ad2e7402f9cb424ac416e66af9ebbfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b464d9e57dfdb06dcf9101000100130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ebdecbd061772daa52a38539295d3fea7a7e669441e1ff04114dfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cbe8925efd0c81af69a3e97588878d7ce18b68bc37e061d33357d6a39d33c702576cc2a8891663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02dba114f75e1ffd5c2912b506bfb93122fc776aadec51a367658100000000000000b148a90000000000a2a283801ff218538cb12c72b56ffb6b7a062581ec749f5700000000009f1f5ab2e02739ccd50523d3360300005cbeaf95c7d797d6e094c4a3aee025bf43cebde7e7cdbae9b1698e19eb0e6d5244c1ffb0e97628a88a5e37032f1e8f6c893e514f2b3e1028cd404a1d8fe6569da0385e65e4d523166c4213abb8dae5b1409317f29572e788af92aedb0287f2816e301fc8a24dba6fca8b270d44fe65e7bd90a5fc16387bcb5e3df18d7d2a33c72cfda827b8926a6dc6bc19ce398cb8fe48b11b7f93e6fdfb040283c9627bd40909ee4307c4197b15797af17845fbc02846d2f8543f65594cb535a9598eb067b21111dbaa58b19a52f3f12880128d08eb477ad349ca214bc7f80000000000ffb52da89cff41552996e20a585c7d265bd749eeba040fa7111c84142757709d7c475fac2839beb833327db41c6b647c7ee9ad419a6c68dd5c2ce4fa23c280518fc6e54d1b055cae5492e8c4cdd314a49631a15de2bffc920dd74e670794acec7a9da17d809bf956f1af51cf3c0711792d3071dfdaec3c66053cdb00028f6fba8da8f53de39a5999e56fc26ae866674627c8a53d3fd245050060ed40782d1d98bf1e1f5dfd4d1fb399624c12732e300818b222ce029ce01055f941721226e3e5f05d2837240f8f6831b6ef2a02ec64aae1eea9cfac06d8b7042e8ebdc6cb0d4a140e1e631d06afc99d397c5b67b290344e347c953806b298f288884335f624378b3748a4a86bbd0a62127b2c28ce3737661b98bd45965b537ece7bd4e365ffd5567df4d02034c8d488a49c6fb1a0a02eaab2f271d3a14e44211e4ff602d146f72355972860bdd14719d65301964d022819b75696ce47534c9d989d69a445095ff8fbebd2c84635acc333f2aca4623cfe9f9e6c3f9fbb4374c08e1be5eec12c329a87d335fd7a52a4e4e7c2e57fa2f0df9500347b300f84230783cb665f3fa44f5d6fa987aa93c2619ef4977f9e4d38adec323778f3bc987533ffd85fe5417398a3001b394fccbd2faee83b5e2b8a2dd18cf067b619a82c4706531b3ef336a84e825c63b9bc7b98b4ad6a471692224adef86f4c9930169dfa133e22929d5a27e10bfbcfe7c02ca451afd74d26f489e0e09cf1b596ae0c959cf26cb0c8114a9311b7f2fe2ad977074ff5f62f6777a20700414ed03ba3d7404eadd43a62ad1173491a5c099290393e1f85aeb3886fbb7f6646212054a850d58a71c6d6027cd3a5ff22e98672349f9bddb23622e2f19b39e51ced84524567ec1fcb233a2fb85371e9b08b6fd4adcd4db148ed26757123a0e604bcf6ffdcc303956e1805f1746361bd3eeb55d3fefe6ac274c2e6c78963430118942d62a465698e600dadd81a53ffd29358746e8db2499e3fca62b0ff660b0aaeedadeb194a9217e9fed2ce04cc24451871d5bcd76173ab7123cc27eef33dbb4d3c3bf1fc2df68a98345c15667388c5000000000000000000000015000000c0459f900702908d4979288d06c7159ef2663dc7ea9302b10bf2da21e3990ddf20a38adc1fd15124310daf2461224cfbfd5e6265d012d60fc9e39209ce3209720f8d7bf39bf71d0d46ed6d51eede797da70cf0b7463cffc80a7a56eeb25ed0adfb146a3221c20d51f172cf2eefe1e6b28cffc1e40a789d5513626f5c4fbf65a2b5a093634b806b7ee570f70f624ce8c02d4c1ec7a9370f42a807f1d46fe77be0637a8007343b7771788f64b36cab94a99243bc780702f98f34a80f81aeb853f97c3e9586805d1a240d7e870b15defbc6b21fdc98a79759c9b8375313deea0000000009e38e9539d6b9507b6f3f8d29992d080a13aed8879a1f2cf352fb5a376427f89d432f7fe7c0cad2ce38427fc773cef47e00000000000000000000000000000000000d09b8ee6321377ffcb6cc386f8704ae9ce6c11b4bb91d0097ef2b77e0cd28af1222e68c2745eca64fa40db07f6e5925224069d14395f7170ab9c2d396f7510f65ce5b0405d8951a70a37117d13c5b2f684c52bff2dc895f5e06e497adee9de0012dd140c592137c90319f8a578007b57aaba3fb93d29a6584313e5b58f8a71cebf77a0891f3633dba69588ec728e785e6e4431fce5a143451c7a51c22b1b605347db811eb9a461f4ef2612181aa8cafc33a2047b7ba57a5"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x0, 0x0, 0xffffffffffffffff, 0x37}, 0x24) 2.636345711s ago: executing program 0 (id=97): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000080)='9p_client_res\x00', r4}, 0x10) mount$9p_fd(0x8000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 2.635413681s ago: executing program 0 (id=98): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0) preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000580)=""/4078, 0xfee}], 0x1, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]}) flistxattr(r2, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000080000000100010009000000"], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r7}, 0x10) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000030c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r8, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x0, 0xfdfdffff}) socket$netlink(0x10, 0x3, 0x0) add_key$keyring(&(0x7f0000000180), 0x0, 0x0, 0x0, 0xfffffffffffffffe) syz_open_procfs(0xffffffffffffffff, &(0x7f00000006c0)='mounts\x00') r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r10, @ANYBLOB="01060000000000000000090000002c0004801300010062726f6164636173742d6c696e6b00"], 0xac}}, 0x0) 2.218931587s ago: executing program 4 (id=99): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8c014, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1}, &(0x7f0000000000), &(0x7f00000005c0)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "741cb976"}]}}, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f00000009c0)={0x2c, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bridge0\x00'}) 2.194143077s ago: executing program 3 (id=100): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000880)='ns\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="05000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) getgroups(0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000b00)='./file1\x00', &(0x7f0000000100), 0x1000) r3 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r3}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x10, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@call={0x85, 0x0, 0x0, 0x1ff}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x9, 0x6b, &(0x7f00000003c0)=""/107, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000600)={0x0, 0xd, 0x2}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000640)=[0xffffffffffffffff], &(0x7f0000000680)=[{0x4, 0x2, 0x7, 0xa}, {0x3, 0x2, 0x7, 0x3}, {0x2, 0x3, 0x0, 0x9}, {0x5, 0x1, 0x2, 0x5}, {0x5, 0x4, 0xb, 0x4}, {0x4, 0x2, 0x9, 0xa}, {0x5, 0x2, 0xa, 0x3}, {0x2, 0x1, 0x17, 0x9}, {0x4, 0x2, 0x4, 0x3}, {0x4, 0x2, 0xd, 0x1}], 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000180)='rxrpc_rtt_rx\x00', r4, 0x0, 0x7}, 0x18) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000000500)=ANY=[@ANYBLOB="4000000000000507000000000000000020010000000000000000000000000002000000e20000000000000000000000000000000000000000000000000000000095d3a277f06d037f1f5080713cb60f36a61c31a45382b71204c7f7ee375d0ab7f83e1c857103f9781e53462b0fd0514e923c9ae1f7b352d92fd1af82e1f73ebd53e17d450e27eae494d20bd91bd2266fa9d1f21efe03a9e3d260f8040609000000d38532fd85256f58cd6903c8ed639233acb80f15c3ea8de69ed105b74ee9569004aa0ab6bc3ed05cfd35eda025d514ceab1b89c6ce2ec564b680cb048f77277ea84f4e9df9106f299163798152a7"], 0x40}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000002c0)=""/100, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x26) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r7) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r6) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000012c0), r7) sendmsg$NLBL_MGMT_C_REMOVE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x20, r8, 0x1, 0x70bd27, 0x25dfdbf8, {}, [@NLBL_MGMT_A_DOMAIN={0xc, 0x1, '\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8800}, 0x40000) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000ac0)='./file1\x00', 0x1200000, &(0x7f0000000bc0)={[{@usrjquota}, {@jqfmt_vfsv1}, {@sysvgroups}, {@discard}, {@noblock_validity}, {@noquota}, {@nobarrier}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x586, &(0x7f0000000d00)="$eJzs3d1rW+UfAPDvSdu9/37rYAz1Qgq7cDKXrq0vE4TNS9HhQO9naM/KaLqMJh1rHWy7cDfeyBBEHIh/gPdeDv8BwVuvBzoYMopeeFM56UmXNU2bttGm5vOBbM9zzmme85znJd8nJyEB9K2R7J9CxIsR8UUScbRp32DkO0dWjlt6emsyeySxvPzR70kk+bbG8Un+/+E880JE/PhZxOlCa7nVhcWZUrmczuX50drs9dHqwuKZq7Ol6XQ6vTY+MXHujYnxt996s2t1ffXSn19/+PC9c5+fXPrq+8fH7idxIY7k+5rrsQN3mjMjMZJfk6G4sObAsS4U1kuS3T4BtmUgH+dDkc0BR2MgH/XAf9/tiFgG+lRi/EOfasQBjbV9l9bBe8aTd1cWQK31H1x5byQO1NdGh5aS51ZG2Xp3uAvlZ2X88NuD+9kjNnkf4nYXygNouHM3Is4ODrbOf0k+/23f2fqbxxtbW0a/vf7AbnqYxT+vrRf/FFbjn2iJf36uR447nR+io/FfePx8vrt3GrL4751149/VqWt4IM/9rx7zDSVXrpbTsxHx/4g4FUP7s/xG93POLT1abrevOf7LHln5jVgwP4/Hg/uf/5upUq20kzo3e3I34qVn8W8SLfP/gfoVXxv/ZtfjUodlnEgfvNxu3+b1b9b9CHj5u4hX1m3/Z/0sWU2ve39ytN4fRhu9otUf90781K78rdW/+7L2P7Rx/YeT5vu11a2X8e2Bv9J2+zrt/0lTe2T9f1/ycT29L992s1SrzY1F7Es+aN0+/uzZGvnG8Vn9T53ceP5br/8fjIhPOqz/veP32h7aC+0/taX233ri0fufftOu/M7a//V66lS+pZP5r9MT3Mm1AwAAAAAAgF5TiIgjkRSKq+lCoVhc+Q7v8ThUKFeqtdNXKvPXpqL+XdnhGCo07nQfbfo8xFj+edhGfnxNfiIijkXElwMH6/niZKU8tduVBwAAAAAAAAAAAAAAAAAAgB5xuM33/zO/Duz22QH/OD/5Df1r0/HfjV96AnqS13/oX8Y/9C/jH/pXh+P/l01/zR3Yc7z+Q/8y/qF/Gf/Qv9Yf/1b7AAAAAAAAAAAAAAAAAAAAAAAAAAAAsE2XLl7MHstLT29NZvmpGwvzM5UbZ6bS6kxxdn6yOFmZu16crlSmy2lxsjK72fOVK5XrY+Mxf3O0llZro9WFxcuzlflrtctXZ0vT6eV06F+pFQAAAAAAAAAAAAAAAAAAAOwt1YXFmVK5nM5JtE2cj544jW0nks1a+XzeGbZVxOBGxxzcyTNL7GZiFyclAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFjj7wAAAP//1TEy3w==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000900), 0xfffffffffffffff3) 2.149489178s ago: executing program 1 (id=101): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000180)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@block_validity}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4}}, {@data_err_ignore}, {@grpquota}, {@mblk_io_submit}, {@nodiscard}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x1, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4003, 0x1}, 0x48) connect$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0xfffd, 0x0, @loopback, 0x5}, 0x1c) dup(0xffffffffffffffff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) 1.659658495s ago: executing program 0 (id=102): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x40041, 0x0) setuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x17, 0x0, 0xfffffffc, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000000)={'veth0_vlan\x00', @random="0106002010ff"}) r6 = fsopen(&(0x7f0000000080)='bpf\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r7, &(0x7f0000000140)='./file0\x00') readlinkat(r7, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f00000002c0)=""/204, 0xcc) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xb, 0x8, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffff9}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 1.280822861s ago: executing program 3 (id=103): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00'}, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x101042, 0xbe) pwrite64(r7, 0x0, 0x0, 0xfecc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x3, '\x00', r6, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50) 1.211415912s ago: executing program 1 (id=104): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f00000001c0)=0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="797100000000000000007e000000080003001c1ffce6033adc9f1ace0fbd7a9ac6de1afd37a506756325549bc8a128e2d3320648", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r3}, 0x18) ioprio_set$pid(0x3, 0x0, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @empty}, 0x2}}, 0x2e) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0x1008801, &(0x7f0000005ac0)=ANY=[], 0x1, 0x1ea, &(0x7f00000004c0)="$eJzsmbGLE0EUxr+Z3STnIYqNhY2FB57obXY3KtcceIKlINyJWgZvPaKbRJIVkoBgsLGxtBBs/QcsLFJZ2NnZaqGCYGFK65GZnd2duIkmrkXw3g8y+83szJt5bzdfsyAI4sDy5fOPT08vb+6eA3AYa6jo8W9WNocb8z8+f3D22daVF68+vHzbOvJwZMa6BIABEGL+/W0Ab7Yt4NFR1RdicvWavu6Cp/o6OM5ofQMMTnJWka0OwHBLD981dPuQFmHAbrfDvTuNMHBl48nGl00NEBPnGw8Z9gCs6C2Ycb5uf3CvHgKdWIRBIkoi2Sd3a1Hxp/qNtzm2jBLI53XzyeOh7Dt63DXq54HD07oGhh2tN1GB4zhZSYz8T9hZfCuXf8EkUbxGU8WxjX8c8P8VrOATBLAEWcwn2K8j8g+djhwfj97lV31dlsP/hVDGBSB36/1qGF4tELmsTWDmKxH7B7OB04Y/2bBT/6hGzfvVbn+w0WjW94P9oOX7tYvuede94FeVEcXtb/xvRfnTqhG/NGNumZXRq0dRx+sBUcdL+37cGo6787r9Xa3hyv841k/FMeSrotKuTN+D6R9XV6nWrZmHJwiCIAiCIAiCIAiCIAiCWIiTYPGHsPhDlUgoiQn8a2r2zwAAAP//tSxqVQ==") 573.552011ms ago: executing program 0 (id=105): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00'}, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8}]}}]}, 0x38}}, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x101042, 0xbe) pwrite64(r7, 0x0, 0x0, 0xfecc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x3, '\x00', r6, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50) 111.556848ms ago: executing program 3 (id=106): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000020000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup(r2) setsockopt$IPT_SO_SET_REPLACE(r3, 0x6000000, 0x4, 0x0, 0x0) 81.256039ms ago: executing program 1 (id=107): r0 = syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x40, 0x0, 0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES8=r0], 0x0, 0x3, 0x0, 0x0, 0x41000, 0xa3f07963c6a2887b}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) syz_mount_image$ext4(0x0, &(0x7f0000000580)='./file0\x00', 0x19560c0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f00000002c0)='./file0/file0\x00', 0x141840, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x10c000, 0x0) open(&(0x7f0000000200)='./file0/file0\x00', 0x0, 0x0) mount$incfs(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000280), 0x0, 0x0) mkdirat(r0, &(0x7f0000000000)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='virtio_transport_alloc_pkt\x00', r4}, 0x10) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="280e00000000000000000000000000001d01090008003a00", @ANYRES32, @ANYBLOB="0c0001002506000000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040405}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe9, 0x8, 0x0, 0x0}}, 0x10) syz_io_uring_setup(0x18d6, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000000240), &(0x7f0000ffe000)) unshare(0x24020400) syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) 759.21µs ago: executing program 3 (id=108): mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000040000000c0000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='mm_page_alloc\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff00000000711075000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0x18, r7, 0x400, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x4000001) fcntl$setsig(r6, 0xa, 0x2d) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r8, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) fstat(r5, &(0x7f00000001c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f0000000c00)={[{@noload}, {@noblock_validity}, {@discard}, {@errors_remount}, {@inode_readahead_blks, 0x0}, {@noauto_da_alloc}, {@dioread_nolock}, {@journal_checksum}, {@mblk_io_submit}, {@noacl}, {@usrjquota}, {@nolazytime}, {@journal_dev={'journal_dev', 0x3d, 0x765}}, {@norecovery}, {@nobarrier}, {@data_writeback}, {@resgid}], [{@audit}, {@uid_lt={'uid<', 0xee01}}], 0x2c}, 0x2, 0x4f8, &(0x7f0000000700)="$eJzs3EtvVGUfAPD/mbaUvtC3fXm9cVFG0dhopLRcFy6AaMLGxERjcFnbQpAChtYESCPFGEhcaPgEXnYmfgJXujFqXGjcStwaE2K6AV2YY87MmTrt6fTGtGPp75fM8JzbPM//nPMwz2VOA9iwytlbErE1In6OiJ7q4uwdytV/7k5PDv8xPTmcRJq+8ntS2e/O9ORwbdfacVvyhb5SROm9JHYWs+0cv3zl7NDY2OjFfEX/RClPnRs6PXp69PzgkSMH9ncdPjR4sClxZmW6s+OdC7u2n3j95kvDJ2++8e3nWXnTfHt9HFW9lfdNS86hrbCmHOXZ57LOU0sv+rrQXZdO2rP3UusKw5Jld212uToq9b8n2ipLVT3x4rstLRywqtI0TTsLa2e+y6bSeklSPSBNr6XAfSCJVpcAaI3aF/2d6aynOjlc7Aff324fi0oPKIv7bv6qbmmv9GDLvdW+Uccq5f9ARJyc+vOj7BXzjkMAADTXl8cibhyvtjtqr+qWUjxUt99/87mh3oj4X0Rsi4j/5+2XByMq+z4cEY/UHdO9hFmA8pzlYvvnx648Ud9cbZqs/fd8Prc1u/03U/LetnypuxJ/R3LqzNjovvyc9EVHZ7Y8UPzomWG1r1746cNG+Zfr2n/ZK8u/1hbMy/Fb+5wBupGhiaF7jbvm9rXKib1ajD+J9qSWitgeETtW8PnZOTvzzGe7Gm2fFX8WZyH+Dxp/ePsKCjRH+knE09XrPxVz4o98/i+pzE+ee6t//PKV587Uz08OHD40eLB/c4yN7uuv3RVF3/1w/eU8WehGLHD9a1VjVSfSsuv/n3nv/5mZy94sNTNfO778PK7futGwT7PS+39T8molXZufvTQ0MXFxIGJTMlVcP/jPsZeGumbtn8Xft2f++r8t4q+P8+N2RkR2Ez8aEY9FxO687I9HxBMRsWeB+L85/uSbjbqQi8e/urL4R5Z1/Rsljn4fMf+mtrNff1HI+P1yIf6OaHT9D1RSffmakaGJzYvFtVBJ6xP3fAIBAABgHdgdEVsjKe3NB5q2Rqm0d2/ElpkRlPGJZ09dePv8SPUZgd7oKNVGunrqxkMH8rHhbDk7arBuOdu+vzJunKZp2pUtZ/33se7Whg4b3pYG9T/za/GRFuB+s6x5tEZPtAHr0tz6f2vJRzb/BxnA2mrC72iAdUr9h41ryfV/tZ6CA1pmvvp/NeJuC4oCrLH56v9rhTVH16QswNrS/4eNa+X1348BYL3z/Q8b0pIekl9BYtuJBfZJ2lcn08aJUiz8VwB6I2pram2ahT/wl1JEc0rY1tRIu2Zd09K8+2yOZuQVpUX3aV/GH2JY20Tp31GMaqIzIha5e2dutqu1xJXVLlilEnza2v+dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7t3fAQAA///tUdPr") 0s ago: executing program 1 (id=109): syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='mnt\x00', 0x1000000, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x6829f7d2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000540)=@v2={0x2, @adiantum, 0x10, '\x00', @auto="b1f7ffffffffffffff75566207332f4c"}) chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00') ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x24, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts. [ 328.996114][ T28] audit: type=1400 audit(1751974645.885:64): avc: denied { mounton } for pid=275 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 328.997474][ T275] cgroup: Unknown subsys name 'net' [ 329.019002][ T28] audit: type=1400 audit(1751974645.885:65): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 329.046442][ T28] audit: type=1400 audit(1751974645.915:66): avc: denied { unmount } for pid=275 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 329.066360][ T275] cgroup: Unknown subsys name 'devices' [ 329.193831][ T275] cgroup: Unknown subsys name 'hugetlb' [ 329.199506][ T275] cgroup: Unknown subsys name 'rlimit' [ 329.303682][ T28] audit: type=1400 audit(1751974646.195:67): avc: denied { setattr } for pid=275 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 329.327014][ T28] audit: type=1400 audit(1751974646.195:68): avc: denied { mounton } for pid=275 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 329.351860][ T28] audit: type=1400 audit(1751974646.195:69): avc: denied { mount } for pid=275 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 329.361223][ T277] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 329.384072][ T28] audit: type=1400 audit(1751974646.275:70): avc: denied { relabelto } for pid=277 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 329.409580][ T28] audit: type=1400 audit(1751974646.275:71): avc: denied { write } for pid=277 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 329.438197][ T28] audit: type=1400 audit(1751974646.325:72): avc: denied { read } for pid=275 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 329.438800][ T275] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 329.463747][ T28] audit: type=1400 audit(1751974646.325:73): avc: denied { open } for pid=275 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 331.666097][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.673280][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.680590][ T283] device bridge_slave_0 entered promiscuous mode [ 331.688812][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.695857][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.703244][ T283] device bridge_slave_1 entered promiscuous mode [ 331.758801][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.765962][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.773411][ T284] device bridge_slave_0 entered promiscuous mode [ 331.780243][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.787477][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.794901][ T284] device bridge_slave_1 entered promiscuous mode [ 331.889317][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.896478][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.903928][ T286] device bridge_slave_0 entered promiscuous mode [ 331.920516][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.927698][ T285] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.935195][ T285] device bridge_slave_0 entered promiscuous mode [ 331.950698][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.957768][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.965133][ T286] device bridge_slave_1 entered promiscuous mode [ 331.981335][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.988447][ T285] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.995999][ T285] device bridge_slave_1 entered promiscuous mode [ 332.087582][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.094679][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.102140][ T287] device bridge_slave_0 entered promiscuous mode [ 332.123219][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.130236][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.137691][ T287] device bridge_slave_1 entered promiscuous mode [ 332.172280][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.179325][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.186632][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.193752][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.262162][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.269207][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.276601][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.283665][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.303491][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.310533][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.317837][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.324871][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.365601][ T285] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.372663][ T285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.379915][ T285] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.386942][ T285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.413952][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 332.422637][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.429847][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.437298][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.444763][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.452142][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.459272][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.466554][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.474440][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 332.481955][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.513242][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.520875][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 332.529202][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.536266][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.543831][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 332.552542][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.559590][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.567116][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 332.575256][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.582279][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.604282][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.612365][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.619915][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 332.628251][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.635291][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.642862][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 332.650985][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.658012][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.667584][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 332.692551][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 332.700056][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 332.707611][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 332.716794][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 332.725176][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.732243][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.739666][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 332.748059][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 332.756196][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.763227][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.770552][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 332.778831][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 332.786906][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 332.795042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 332.803159][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 332.811575][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 332.819707][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.826757][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.834324][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 332.842722][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 332.850833][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.857859][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.865311][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 332.873558][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 332.881818][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 332.889805][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 332.897843][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 332.905856][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 332.930045][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 332.938150][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 332.946337][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 332.954500][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 332.962834][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 332.970734][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 332.986826][ T286] device veth0_vlan entered promiscuous mode [ 333.001969][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 333.010343][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 333.018704][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 333.026694][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.034964][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 333.044467][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 333.052445][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 333.060836][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 333.069274][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.076751][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.094627][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 333.103058][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 333.111387][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 333.120031][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 333.128245][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.139278][ T283] device veth0_vlan entered promiscuous mode [ 333.150803][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.158341][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.165919][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 333.174675][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.182702][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 333.190799][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.199303][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.206830][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.215055][ T286] device veth1_macvtap entered promiscuous mode [ 333.222498][ T285] device veth0_vlan entered promiscuous mode [ 333.229486][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 333.238141][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 333.250318][ T283] device veth1_macvtap entered promiscuous mode [ 333.260870][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.268989][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.276585][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.284258][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 333.292717][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.300808][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 333.313376][ T284] device veth0_vlan entered promiscuous mode [ 333.321836][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 333.330017][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 333.338363][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.346840][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.355595][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.363893][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.373375][ T287] device veth0_vlan entered promiscuous mode [ 333.387131][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 333.394772][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 333.402648][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.410908][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.419430][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.427872][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.443424][ T287] device veth1_macvtap entered promiscuous mode [ 333.451565][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.467972][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 333.474047][ T284] device veth1_macvtap entered promiscuous mode [ 333.484172][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 333.493027][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.501087][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 333.540129][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.560938][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 333.571368][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.580109][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.589940][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.598646][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.607648][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.617556][ T285] device veth1_macvtap entered promiscuous mode [ 333.668156][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.679501][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.685917][ T317] loop4: detected capacity change from 0 to 128 [ 333.688736][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.704360][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.725432][ T317] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 333.772796][ T317] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 333.812890][ T319] syz.0.7 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 333.844852][ T43] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 333.900770][ T324] loop0: detected capacity change from 0 to 4096 [ 333.939565][ T324] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 334.035105][ T330] loop4: detected capacity change from 0 to 2048 [ 334.063182][ T330] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 334.072407][ T330] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 334.187324][ T335] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11'. [ 334.207314][ T336] loop2: detected capacity change from 0 to 1024 [ 334.214125][ T336] ======================================================= [ 334.214125][ T336] WARNING: The mand mount option has been deprecated and [ 334.214125][ T336] and is ignored by this kernel. Remove the mand [ 334.214125][ T336] option from the mount to silence this warning. [ 334.214125][ T336] ======================================================= [ 334.216109][ T338] loop3: detected capacity change from 0 to 1024 [ 334.249227][ T336] EXT4-fs: Ignoring removed mblk_io_submit option [ 334.255956][ T338] EXT4-fs: Ignoring removed mblk_io_submit option [ 334.261997][ T336] EXT4-fs: Ignoring removed bh option [ 334.273897][ T338] EXT4-fs: Ignoring removed bh option [ 334.280280][ T336] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 334.280280][ T338] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 334.310286][ T28] kauditd_printk_skb: 55 callbacks suppressed [ 334.310321][ T28] audit: type=1400 audit(1751974651.195:129): avc: denied { read write } for pid=333 comm="syz.1.11" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 334.361978][ T338] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 334.385078][ T28] audit: type=1400 audit(1751974651.205:130): avc: denied { open } for pid=333 comm="syz.1.11" path="/dev/raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 334.395213][ T336] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 335.291017][ T283] EXT4-fs (loop0): unmounting filesystem. [ 335.338026][ T287] EXT4-fs (loop4): unmounting filesystem. [ 335.343894][ T28] audit: type=1400 audit(1751974651.205:131): avc: denied { ioctl } for pid=333 comm="syz.1.11" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 335.384715][ T28] audit: type=1400 audit(1751974651.505:132): avc: denied { create } for pid=337 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 335.411242][ T28] audit: type=1400 audit(1751974651.515:133): avc: denied { write } for pid=337 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 335.883098][ T285] EXT4-fs (loop3): unmounting filesystem. [ 335.883716][ T289] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 335.896356][ T28] audit: type=1400 audit(1751974651.515:134): avc: denied { read } for pid=337 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 335.919695][ T28] audit: type=1400 audit(1751974652.075:135): avc: denied { write } for pid=337 comm="syz.3.4" name="001" dev="devtmpfs" ino=185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 336.026375][ T28] audit: type=1400 audit(1751974652.915:136): avc: denied { create } for pid=356 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 336.048074][ T360] loop0: detected capacity change from 0 to 256 [ 336.084468][ T28] audit: type=1400 audit(1751974652.935:137): avc: denied { write } for pid=356 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 336.104698][ T28] audit: type=1400 audit(1751974652.935:138): avc: denied { nlmsg_read } for pid=356 comm="syz.0.12" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 336.322874][ T364] tmpfs: Unknown parameter 'nolazytimeë' [ 336.330488][ T284] EXT4-fs (loop2): unmounting filesystem. [ 336.421545][ T289] usb 2-1: Using ep0 maxpacket: 16 [ 336.428652][ T289] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 336.488560][ T376] syz.2.16[376] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.488635][ T376] syz.2.16[376] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.502403][ T376] loop2: detected capacity change from 0 to 16 [ 336.829454][ T289] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 336.840141][ T289] usb 2-1: config 0 has no interface number 0 [ 336.868622][ T289] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 336.904472][ T376] erofs: (device loop2): mounted with root inode @ nid 36. [ 336.979993][ T289] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.989784][ T289] usb 2-1: Product: syz [ 336.998326][ T289] usb 2-1: Manufacturer: syz [ 337.008001][ T289] usb 2-1: SerialNumber: syz [ 337.030616][ T289] usb 2-1: config 0 descriptor?? [ 337.070980][ T384] FAULT_INJECTION: forcing a failure. [ 337.070980][ T384] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 337.084185][ T384] CPU: 0 PID: 384 Comm: syz.0.20 Not tainted 6.1.141-syzkaller-00037-gfa7e0538663e #0 [ 337.093735][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 337.103832][ T384] Call Trace: [ 337.107143][ T384] [ 337.110352][ T384] __dump_stack+0x21/0x24 [ 337.114742][ T384] dump_stack_lvl+0xee/0x150 [ 337.119353][ T384] ? __cfi_dump_stack_lvl+0x8/0x8 [ 337.124382][ T384] ? security_file_permission+0x8a/0xb0 [ 337.129930][ T384] dump_stack+0x15/0x24 [ 337.134084][ T384] should_fail_ex+0x3d4/0x520 [ 337.138764][ T384] should_fail+0xb/0x10 [ 337.142909][ T384] should_fail_usercopy+0x1a/0x20 [ 337.148111][ T384] copy_to_user_nofault+0x92/0x140 [ 337.153314][ T384] bpf_probe_write_user+0x98/0xf0 [ 337.158323][ T384] bpf_prog_19072b5a3fcf5d64+0x38/0x3c [ 337.163770][ T384] bpf_trace_run2+0xff/0x250 [ 337.168342][ T384] ? __cfi_bpf_trace_run2+0x10/0x10 [ 337.173522][ T384] ? __kasan_check_write+0x14/0x20 [ 337.178707][ T384] ? ksys_write+0x1eb/0x240 [ 337.183202][ T384] __bpf_trace_sys_enter+0x62/0x70 [ 337.188300][ T384] __traceiter_sys_enter+0x38/0x50 [ 337.193395][ T384] trace_sys_enter+0x3d/0x50 [ 337.197964][ T384] syscall_trace_enter+0xf3/0x150 [ 337.202968][ T384] syscall_enter_from_user_mode+0x1f/0x30 [ 337.208679][ T384] do_syscall_64+0x24/0xa0 [ 337.213071][ T384] ? clear_bhb_loop+0x30/0x80 [ 337.217726][ T384] ? clear_bhb_loop+0x30/0x80 [ 337.222382][ T384] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 337.228262][ T384] RIP: 0033:0x7f78bfb8e929 [ 337.232659][ T384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 337.252248][ T384] RSP: 002b:00007f78c0955038 EFLAGS: 00000246 ORIG_RAX: 0000000000000030 [ 337.260745][ T384] RAX: ffffffffffffffda RBX: 00007f78bfdb5fa0 RCX: 00007f78bfb8e929 [ 337.268695][ T384] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 337.276735][ T384] RBP: 00007f78c0955090 R08: 0000000000000000 R09: 0000000000000000 [ 337.284686][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 337.292638][ T384] R13: 0000000000000000 R14: 00007f78bfdb5fa0 R15: 00007ffdc2d90618 [ 337.300594][ T384] [ 337.321773][ T289] usb 2-1: USB disconnect, device number 2 [ 337.390304][ T391] tc_dump_action: action bad kind [ 337.415507][ T391] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 337.478262][ T396] loop4: detected capacity change from 0 to 1024 [ 337.485111][ T396] EXT4-fs: Ignoring removed mblk_io_submit option [ 337.491570][ T396] EXT4-fs: Ignoring removed bh option [ 337.497392][ T396] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 337.542860][ T321] Bluetooth: hci0: Frame reassembly failed (-84) [ 337.552343][ T396] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 337.707592][ T406] overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value [ 338.159967][ T413] sch_fq: defrate 0 ignored. [ 338.342063][ T287] EXT4-fs (loop4): unmounting filesystem. [ 338.378574][ T420] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 338.434275][ T426] loop1: detected capacity change from 0 to 16 [ 338.441306][ T426] erofs: (device loop1): mounted with root inode @ nid 36. [ 338.449898][ T426] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 338.461930][ T426] erofs: (device loop1): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 36 [ 338.473562][ T426] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117] [ 338.525200][ T429] device veth0_vlan left promiscuous mode [ 338.532780][ T429] device veth0_vlan entered promiscuous mode [ 338.540919][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 338.551434][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 338.568701][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 339.202670][ T432] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 339.226489][ T432] syz.4.33[432] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 339.322607][ T430] syz.1.32 (430) used greatest stack depth: 21312 bytes left [ 339.352911][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 339.352923][ T28] audit: type=1400 audit(1751974656.245:173): avc: denied { write } for pid=436 comm="syz.4.35" name="unix" dev="proc" ino=4026532677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 339.399624][ T28] audit: type=1400 audit(1751974656.285:174): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 339.435619][ T496] loop2: detected capacity change from 0 to 512 [ 339.451955][ T496] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.34: inode #1: comm syz.2.34: iget: illegal inode # [ 339.464960][ T496] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.34: error while reading EA inode 1 err=-117 [ 339.477479][ T496] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 339.490596][ T496] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.34: inode #1: comm syz.2.34: iget: illegal inode # [ 339.504531][ T496] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.34: error while reading EA inode 1 err=-117 [ 339.518528][ T496] EXT4-fs (loop2): 1 orphan inode deleted [ 339.524299][ T496] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 339.533911][ T28] audit: type=1400 audit(1751974656.425:175): avc: denied { mount } for pid=434 comm="syz.2.34" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 339.556914][ T28] audit: type=1400 audit(1751974656.445:176): avc: denied { write } for pid=434 comm="syz.2.34" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 339.579108][ T28] audit: type=1400 audit(1751974656.445:177): avc: denied { add_name } for pid=434 comm="syz.2.34" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 339.600926][ T401] Bluetooth: hci0: command 0x1003 tx timeout [ 339.608576][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 339.641367][ T509] tc_dump_action: action bad kind [ 339.659981][ T509] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 339.721383][ T512] overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value [ 340.110381][ T284] EXT4-fs (loop2): unmounting filesystem. [ 340.164992][ T520] loop2: detected capacity change from 0 to 128 [ 340.171869][ T520] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 340.184727][ T520] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 340.211279][ T480] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 340.402641][ T527] netlink: 96 bytes leftover after parsing attributes in process `syz.2.44'. [ 340.427667][ T528] device veth0_vlan left promiscuous mode [ 340.451839][ T528] device veth0_vlan entered promiscuous mode [ 340.697577][ T533] syz.3.46[533] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 340.697983][ T533] syz.3.46[533] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 340.748776][ T533] loop3: detected capacity change from 0 to 16 [ 340.770468][ T533] erofs: (device loop3): mounted with root inode @ nid 36. [ 340.799010][ T533] syz.3.46: attempt to access beyond end of device [ 340.799010][ T533] loop3: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 341.097413][ T28] audit: type=1400 audit(1751974657.985:178): avc: denied { read write } for pid=534 comm="syz.2.47" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 341.120797][ T28] audit: type=1400 audit(1751974657.985:179): avc: denied { open } for pid=534 comm="syz.2.47" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 341.144099][ T28] audit: type=1400 audit(1751974657.985:180): avc: denied { nlmsg_write } for pid=534 comm="syz.2.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 341.164510][ T28] audit: type=1400 audit(1751974657.985:181): avc: denied { read } for pid=534 comm="syz.2.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 341.185399][ T28] audit: type=1400 audit(1751974657.985:182): avc: denied { lock } for pid=534 comm="syz.2.47" path="socket:[15355]" dev="sockfs" ino=15355 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 341.214151][ T537] loop1: detected capacity change from 0 to 512 [ 341.224044][ T537] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 341.237341][ T537] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 341.248895][ T537] EXT4-fs (loop1): 1 truncate cleaned up [ 341.254600][ T537] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 341.439364][ T546] process 'syz.3.51' launched '/dev/fd/4' with NULL argv: empty string added [ 341.655204][ T546] loop3: detected capacity change from 0 to 128 [ 341.698484][ T286] EXT4-fs (loop1): unmounting filesystem. [ 341.923545][ T560] syz.1.52[560] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 341.923898][ T560] syz.1.52[560] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 341.968916][ T560] loop1: detected capacity change from 0 to 16 [ 341.990509][ T560] erofs: (device loop1): mounted with root inode @ nid 36. [ 342.268070][ T569] device veth0_vlan left promiscuous mode [ 342.274281][ T569] device veth0_vlan entered promiscuous mode [ 342.282097][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 342.292240][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 342.300654][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 343.252366][ T577] fuse: Bad value for 'fd' [ 343.261864][ T577] loop1: detected capacity change from 0 to 256 [ 343.268819][ T577] exfat: Bad value for 'time_offset' [ 343.383553][ T577] loop1: detected capacity change from 0 to 1024 [ 343.393602][ T577] EXT4-fs: Mount option(s) incompatible with ext2 [ 343.605713][ T308] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 343.752603][ T581] syz.0.61[581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 343.752974][ T581] syz.0.61[581] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 343.977682][ T580] loop0: detected capacity change from 0 to 16 [ 344.015935][ T580] erofs: (device loop0): mounted with root inode @ nid 36. [ 344.024884][ T580] syz.0.61: attempt to access beyond end of device [ 344.024884][ T580] loop0: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 344.252973][ T587] loop2: detected capacity change from 0 to 2048 [ 344.322068][ T587] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 344.385232][ T411] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 345.276629][ C0] sched: RT throttling activated [ 345.372028][ T597] loop0: detected capacity change from 0 to 512 [ 345.379137][ T597] EXT4-fs: Ignoring removed nobh option [ 345.392817][ T597] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 345.402542][ T597] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.66: attempt to clear invalid blocks 1 len 1 [ 345.427129][ T597] EXT4-fs (loop0): Remounting filesystem read-only [ 345.433999][ T597] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 345.451049][ T597] EXT4-fs (loop0): Remounting filesystem read-only [ 345.457732][ T597] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.66: invalid indirect mapped block 1819239214 (level 0) [ 345.488927][ T597] EXT4-fs (loop0): Remounting filesystem read-only [ 345.495521][ T597] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.66: invalid indirect mapped block 1819239214 (level 1) [ 345.511812][ T597] EXT4-fs (loop0): Remounting filesystem read-only [ 345.518981][ T597] EXT4-fs (loop0): 1 truncate cleaned up [ 345.524654][ T597] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 345.565477][ T411] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 345.580682][ T411] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 345.590549][ T411] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.623733][ T284] EXT4-fs (loop2): unmounting filesystem. [ 345.634048][ T411] usb 5-1: Product: syz [ 345.645120][ T411] usb 5-1: Manufacturer: syz [ 345.649757][ T411] usb 5-1: SerialNumber: syz [ 345.688498][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 345.688513][ T28] audit: type=1400 audit(1751974662.269:190): avc: denied { read write } for pid=607 comm="syz.3.70" name="vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 345.721069][ T411] usb 5-1: config 0 descriptor?? [ 345.763503][ T28] audit: type=1400 audit(1751974662.269:191): avc: denied { open } for pid=607 comm="syz.3.70" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 345.788416][ T28] audit: type=1400 audit(1751974662.269:192): avc: denied { ioctl } for pid=607 comm="syz.3.70" path="/dev/vhost-vsock" dev="devtmpfs" ino=268 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 345.807469][ T608] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=608 comm=syz.3.70 [ 345.813872][ T28] audit: type=1326 audit(1751974662.334:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=607 comm="syz.3.70" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb2c8f8e929 code=0x0 [ 345.838429][ T608] netlink: 'syz.3.70': attribute type 1 has an invalid length. [ 345.856438][ T283] EXT4-fs (loop0): unmounting filesystem. [ 345.872222][ T608] loop3: detected capacity change from 0 to 1024 [ 345.879112][ T608] EXT4-fs: Ignoring removed nomblk_io_submit option [ 345.908469][ T608] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 345.933404][ T28] audit: type=1400 audit(1751974662.500:194): avc: denied { append } for pid=607 comm="syz.3.70" path="/16/file1/blkio.bfq.avg_queue_size" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 346.395216][ T288] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 346.426827][ T28] audit: type=1400 audit(1751974662.962:195): avc: denied { read } for pid=619 comm="syz.1.72" name="event2" dev="devtmpfs" ino=277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 346.449944][ T28] audit: type=1400 audit(1751974662.962:196): avc: denied { open } for pid=619 comm="syz.1.72" path="/dev/input/event2" dev="devtmpfs" ino=277 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 346.704175][ T28] audit: type=1400 audit(1751974662.962:197): avc: denied { ioctl } for pid=619 comm="syz.1.72" path="/dev/input/event2" dev="devtmpfs" ino=277 ioctlcmd=0x4590 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 346.737659][ T411] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 346.760630][ T308] udevd[308]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 346.780158][ T285] EXT4-fs (loop3): unmounting filesystem. [ 346.805582][ T288] usb 3-1: no configurations [ 346.810216][ T288] usb 3-1: can't read configurations, error -22 [ 346.999365][ T288] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 347.010545][ T634] device veth0_vlan left promiscuous mode [ 347.019597][ T635] syz.3.75[635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 347.019667][ T635] syz.3.75[635] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 347.030350][ T634] device veth0_vlan entered promiscuous mode [ 347.049540][ T635] loop3: detected capacity change from 0 to 16 [ 347.056821][ T635] erofs: (device loop3): mounted with root inode @ nid 36. [ 347.125091][ T493] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 347.139131][ T493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 347.160230][ T493] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 347.194724][ T288] usb 3-1: no configurations [ 347.199415][ T288] usb 3-1: can't read configurations, error -22 [ 347.216995][ T288] usb usb3-port1: attempt power cycle [ 347.586558][ T620] loop1: detected capacity change from 0 to 131072 [ 347.624973][ T620] F2FS-fs (loop1): Found nat_bits in checkpoint [ 347.671071][ T288] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 347.690090][ T620] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 347.707857][ T288] usb 3-1: no configurations [ 347.715895][ T288] usb 3-1: can't read configurations, error -22 [ 347.793465][ T28] audit: type=1400 audit(1751974664.226:198): avc: denied { ioctl } for pid=619 comm="syz.1.72" path="socket:[17509]" dev="sockfs" ino=17509 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 347.887726][ T288] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 347.921001][ T288] usb 3-1: no configurations [ 347.925685][ T288] usb 3-1: can't read configurations, error -22 [ 347.945361][ T288] usb usb3-port1: unable to enumerate USB device [ 348.001518][ T647] device veth0_vlan left promiscuous mode [ 348.007990][ T647] device veth0_vlan entered promiscuous mode [ 348.178802][ T289] usb 5-1: USB disconnect, device number 2 [ 348.772897][ T660] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 349.219455][ T673] syz.2.86[673] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 349.219743][ T673] syz.2.86[673] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 349.394109][ T677] tc_dump_action: action bad kind [ 349.414457][ T672] loop2: detected capacity change from 0 to 16 [ 349.421366][ T672] erofs: (device loop2): mounted with root inode @ nid 36. [ 349.430118][ T672] syz.2.86: attempt to access beyond end of device [ 349.430118][ T672] loop2: rw=0, sector=34359739344, nr_sectors = 8 limit=16 [ 349.448606][ T677] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 349.516123][ T678] overlayfs: unrecognized mount option "euid<00000000000000000000" or missing value [ 349.833377][ T682] syz.3.88[682] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 349.833450][ T682] syz.3.88[682] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 349.846451][ T682] loop3: detected capacity change from 0 to 16 [ 349.864580][ T682] erofs: (device loop3): mounted with root inode @ nid 36. [ 351.460673][ T28] audit: type=1400 audit(1751974667.503:199): avc: denied { read } for pid=686 comm="syz.1.90" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.498173][ T28] audit: type=1400 audit(1751974667.503:200): avc: denied { open } for pid=686 comm="syz.1.90" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.567227][ T694] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 351.577578][ T697] syz.2.89[697] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 351.577641][ T697] syz.2.89[697] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 351.583035][ T28] audit: type=1400 audit(1751974667.567:201): avc: denied { ioctl } for pid=686 comm="syz.1.90" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.626042][ T28] audit: type=1400 audit(1751974667.567:202): avc: denied { set_context_mgr } for pid=686 comm="syz.1.90" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 351.648660][ T28] audit: type=1400 audit(1751974667.567:203): avc: denied { write } for pid=686 comm="syz.1.90" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.674080][ T28] audit: type=1400 audit(1751974667.567:204): avc: denied { map } for pid=686 comm="syz.1.90" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.822006][ T703] device veth0_vlan left promiscuous mode [ 351.841763][ T703] device veth0_vlan entered promiscuous mode [ 351.868516][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 351.882145][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 351.896662][ T480] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 352.114931][ T28] audit: type=1400 audit(1751974668.213:205): avc: denied { create } for pid=715 comm="syz.0.98" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 352.321556][ T718] netlink: 108 bytes leftover after parsing attributes in process `syz.0.98'. [ 352.330539][ T718] netlink: 20 bytes leftover after parsing attributes in process `syz.0.98'. [ 352.547765][ T28] audit: type=1326 audit(1751974668.610:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=721 comm="syz.3.100" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb2c8f8e929 code=0x0 [ 352.576853][ T19] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 352.591259][ T725] loop1: detected capacity change from 0 to 1024 [ 352.598292][ T725] EXT4-fs: Ignoring removed mblk_io_submit option [ 352.604773][ T725] EXT4-fs: Ignoring removed bh option [ 352.610660][ T725] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 352.611546][ T726] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=726 comm=syz.3.100 [ 352.638546][ T726] netlink: 'syz.3.100': attribute type 1 has an invalid length. [ 352.648883][ T725] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 352.651778][ T726] loop3: detected capacity change from 0 to 1024 [ 352.675431][ T726] EXT4-fs: Ignoring removed nomblk_io_submit option [ 352.699510][ T726] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 352.774756][ T19] usb 3-1: no configurations [ 352.779521][ T19] usb 3-1: can't read configurations, error -22 [ 352.839375][ T39] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 352.947394][ T19] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 353.037115][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.048181][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.058576][ T39] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 353.067698][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.076979][ T39] usb 5-1: config 0 descriptor?? [ 353.120536][ T736] device veth0_vlan left promiscuous mode [ 353.126743][ T736] device veth0_vlan entered promiscuous mode [ 353.134793][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 353.143230][ T19] usb 3-1: no configurations [ 353.143656][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 353.147920][ T19] usb 3-1: can't read configurations, error -22 [ 353.156548][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 353.162606][ T19] usb usb3-port1: attempt power cycle [ 353.453316][ T285] EXT4-fs (loop3): unmounting filesystem. [ 353.525363][ T286] EXT4-fs (loop1): unmounting filesystem. [ 353.612158][ T19] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 353.639687][ T742] sch_fq: defrate 0 ignored. [ 353.722472][ T744] syz.1.104[744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.723972][ T744] syz.1.104[744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 353.778723][ T744] loop1: detected capacity change from 0 to 16 [ 353.874874][ T744] erofs: (device loop1): mounted with root inode @ nid 36. [ 354.213954][ T19] usb 3-1: no configurations [ 354.218641][ T19] usb 3-1: can't read configurations, error -22 [ 354.447075][ T749] sch_fq: defrate 0 ignored. [ 354.627986][ T19] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 354.628000][ T39] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #200: -71 [ 354.628025][ T39] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 354.660059][ T19] usb 3-1: no configurations [ 354.662623][ T39] uclogic 0003:256C:006D.0001: failed probing pen v2 parameters: -71 [ 354.664986][ T19] usb 3-1: can't read configurations, error -22 [ 354.673306][ T39] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 354.687368][ T19] usb usb3-port1: unable to enumerate USB device [ 354.690491][ T28] audit: type=1400 audit(1751974670.586:207): avc: denied { mounton } for pid=753 comm="syz.1.107" path="/22/file0" dev="incremental-fs" ino=141 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 354.723704][ T39] uclogic: probe of 0003:256C:006D.0001 failed with error -71 [ 354.732530][ T28] audit: type=1400 audit(1751974670.632:208): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 354.739816][ T39] usb 5-1: USB disconnect, device number 3 [ 354.791269][ T757] loop3: detected capacity change from 0 to 512 [ 354.799377][ T757] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 354.809421][ T757] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0002] [ 354.818210][ T757] EXT4-fs (loop3): orphan cleanup on readonly fs [ 354.818459][ T286] ------------[ cut here ]------------ [ 354.830067][ T286] WARNING: CPU: 0 PID: 286 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 354.830176][ T757] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.108: bg 0: block 361: padding at end of block bitmap is not set [ 354.838027][ T286] Modules linked in: [ 354.838041][ T286] CPU: 0 PID: 286 Comm: syz-executor Not tainted 6.1.141-syzkaller-00037-gfa7e0538663e #0 [ 354.860849][ T757] EXT4-fs (loop3): Remounting filesystem read-only [ 354.866346][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 354.866357][ T286] RIP: 0010:drop_nlink+0xc5/0x110 [ 354.872877][ T757] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 354.882907][ T286] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d3 eb f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 4b 8f ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 354.888369][ T757] EXT4-fs (loop3): Remounting filesystem read-only [ 354.896585][ T286] RSP: 0018:ffffc9000daffab8 EFLAGS: 00010293 [ 354.916210][ T757] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.108: attempt to clear invalid blocks 33619980 len 1 [ 354.922754][ T286] [ 354.922762][ T286] RAX: ffffffff81c36825 RBX: ffff88811aaf8448 RCX: ffff888121a12880 [ 354.922776][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 354.929109][ T757] EXT4-fs (loop3): Remounting filesystem read-only [ 354.942197][ T286] RBP: ffffc9000daffae0 R08: 0000000000000004 R09: 0000000000000003 [ 354.944681][ T757] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.108: invalid indirect mapped block 1811939328 (level 0) [ 354.952519][ T286] R10: fffff52001b5ff48 R11: 1ffff92001b5ff48 R12: dffffc0000000000 [ 354.952536][ T286] R13: 1ffff1102355f092 R14: ffff88811aaf8490 R15: 0000000000000000 [ 354.964601][ T757] EXT4-fs (loop3): Remounting filesystem read-only [ 354.967021][ T286] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 354.975019][ T757] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.108: invalid indirect mapped block 2185560079 (level 1) [ 354.988815][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 354.997812][ T757] EXT4-fs (loop3): Remounting filesystem read-only [ 355.005470][ T286] CR2: 00007fa757a0c000 CR3: 000000010deb7000 CR4: 00000000003506b0 [ 355.012116][ T757] EXT4-fs (loop3): 1 truncate cleaned up [ 355.020915][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 355.020927][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 355.034740][ T757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 355.041321][ T286] Call Trace: [ 355.089057][ T286] [ 355.091969][ T286] shmem_rmdir+0x5b/0x90 [ 355.096215][ T286] vfs_rmdir+0x393/0x500 [ 355.100450][ T286] incfs_kill_sb+0x105/0x220 [ 355.105053][ T286] deactivate_locked_super+0xb5/0x120 [ 355.110416][ T286] deactivate_super+0xaf/0xe0 [ 355.115109][ T286] cleanup_mnt+0x45f/0x4e0 [ 355.119523][ T286] __cleanup_mnt+0x19/0x20 [ 355.123917][ T286] task_work_run+0x1db/0x240 [ 355.128517][ T286] ? __cfi_task_work_run+0x10/0x10 [ 355.133621][ T286] ? free_nsproxy+0x21f/0x270 [ 355.138395][ T286] do_exit+0xa1d/0x2650 [ 355.142548][ T286] ? __cfi_do_exit+0x10/0x10 [ 355.147157][ T286] ? __kasan_check_write+0x14/0x20 [ 355.152267][ T286] ? _raw_spin_lock_irq+0x8f/0xe0 [ 355.157290][ T286] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 355.162834][ T286] ? ksys_write+0x1da/0x240 [ 355.167332][ T286] ? zap_other_threads+0x2c1/0x2f0 [ 355.172463][ T286] do_group_exit+0x210/0x2d0 [ 355.177096][ T286] __x64_sys_exit_group+0x3f/0x40 [ 355.182172][ T286] x64_sys_call+0x7b4/0x9a0 [ 355.186675][ T286] do_syscall_64+0x4c/0xa0 [ 355.191119][ T286] ? clear_bhb_loop+0x30/0x80 [ 355.195788][ T286] ? clear_bhb_loop+0x30/0x80 [ 355.200452][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 355.206368][ T286] RIP: 0033:0x7f6439d8e929 [ 355.210780][ T286] Code: Unable to access opcode bytes at 0x7f6439d8e8ff. [ 355.217884][ T286] RSP: 002b:00007fffa410e378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 355.226309][ T286] RAX: ffffffffffffffda RBX: 00007f6439e10997 RCX: 00007f6439d8e929 [ 355.234443][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 355.242435][ T286] RBP: 0000000000000016 R08: 00007fffa410c116 R09: 00007fffa410f630 [ 355.250448][ T286] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffa410f630 [ 355.258440][ T286] R13: 00007f6439e10925 R14: 0000555565af84a8 R15: 00007fffa41117f0 [ 355.266429][ T286] [ 355.269436][ T286] ---[ end trace 0000000000000000 ]--- [ 355.282042][ T286] ================================================================== [ 355.290140][ T286] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 355.296398][ T286] Write of size 4 at addr 0000000000000170 by task syz-executor/286 [ 355.304382][ T286] [ 355.306712][ T286] CPU: 1 PID: 286 Comm: syz-executor Tainted: G W 6.1.141-syzkaller-00037-gfa7e0538663e #0 [ 355.318266][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.328328][ T286] Call Trace: [ 355.331640][ T286] [ 355.334553][ T286] __dump_stack+0x21/0x24 [ 355.338873][ T286] dump_stack_lvl+0xee/0x150 [ 355.344063][ T286] ? __cfi_dump_stack_lvl+0x8/0x8 [ 355.349206][ T286] ? ihold+0x20/0x60 [ 355.353101][ T286] ? ihold+0x20/0x60 [ 355.356978][ T286] print_report+0x3d/0x60 [ 355.361293][ T286] kasan_report+0x122/0x150 [ 355.365776][ T286] ? ihold+0x20/0x60 [ 355.369655][ T286] kasan_check_range+0x280/0x290 [ 355.374609][ T286] __kasan_check_write+0x14/0x20 [ 355.379571][ T286] ihold+0x20/0x60 [ 355.383305][ T286] vfs_rmdir+0x25f/0x500 [ 355.387548][ T286] incfs_kill_sb+0x105/0x220 [ 355.392145][ T286] deactivate_locked_super+0xb5/0x120 [ 355.397522][ T286] deactivate_super+0xaf/0xe0 [ 355.402206][ T286] cleanup_mnt+0x45f/0x4e0 [ 355.406728][ T286] __cleanup_mnt+0x19/0x20 [ 355.411149][ T286] task_work_run+0x1db/0x240 [ 355.415741][ T286] ? __cfi_task_work_run+0x10/0x10 [ 355.421291][ T286] ? free_nsproxy+0x21f/0x270 [ 355.425987][ T286] do_exit+0xa1d/0x2650 [ 355.430155][ T286] ? __cfi_do_exit+0x10/0x10 [ 355.434757][ T286] ? __kasan_check_write+0x14/0x20 [ 355.439879][ T286] ? _raw_spin_lock_irq+0x8f/0xe0 [ 355.445795][ T286] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 355.451534][ T286] ? ksys_write+0x1da/0x240 [ 355.456045][ T286] ? zap_other_threads+0x2c1/0x2f0 [ 355.461160][ T286] do_group_exit+0x210/0x2d0 [ 355.465754][ T286] __x64_sys_exit_group+0x3f/0x40 [ 355.470783][ T286] x64_sys_call+0x7b4/0x9a0 [ 355.475298][ T286] do_syscall_64+0x4c/0xa0 [ 355.479722][ T286] ? clear_bhb_loop+0x30/0x80 [ 355.484402][ T286] ? clear_bhb_loop+0x30/0x80 [ 355.489096][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 355.494999][ T286] RIP: 0033:0x7f6439d8e929 [ 355.499494][ T286] Code: Unable to access opcode bytes at 0x7f6439d8e8ff. [ 355.506526][ T286] RSP: 002b:00007fffa410e378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 355.514934][ T286] RAX: ffffffffffffffda RBX: 00007f6439e10997 RCX: 00007f6439d8e929 [ 355.522900][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 355.530866][ T286] RBP: 0000000000000016 R08: 00007fffa410c116 R09: 00007fffa410f630 [ 355.538839][ T286] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffa410f630 [ 355.546811][ T286] R13: 00007f6439e10925 R14: 0000555565af84a8 R15: 00007fffa41117f0 [ 355.554793][ T286] [ 355.557809][ T286] ================================================================== [ 355.598523][ T286] Disabling lock debugging due to kernel taint [ 355.604874][ T286] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 355.612683][ T286] #PF: supervisor write access in kernel mode [ 355.618742][ T286] #PF: error_code(0x0002) - not-present page [ 355.624724][ T286] PGD 1228c7067 P4D 1228c7067 PUD 0 [ 355.630016][ T286] Oops: 0002 [#1] PREEMPT SMP KASAN [ 355.635213][ T286] CPU: 1 PID: 286 Comm: syz-executor Tainted: G B W 6.1.141-syzkaller-00037-gfa7e0538663e #0 [ 355.646572][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 355.656618][ T286] RIP: 0010:ihold+0x26/0x60 [ 355.661117][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 b1 86 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 10 e3 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 a1 [ 355.680716][ T286] RSP: 0018:ffffc9000daffaf8 EFLAGS: 00010246 [ 355.686790][ T286] RAX: ffff888121a12800 RBX: 0000000000000000 RCX: ffff888121a12880 [ 355.694849][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 355.702829][ T286] RBP: ffffc9000daffb08 R08: dffffc0000000000 R09: fffffbfff0f2ccfd [ 355.710797][ T286] R10: fffffbfff0f2ccfd R11: 1ffffffff0f2ccfc R12: ffff88811aaf8454 [ 355.718770][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 355.726736][ T286] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 355.735661][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 355.742238][ T286] CR2: 0000000000000170 CR3: 0000000116f9f000 CR4: 00000000003506a0 [ 355.750211][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 355.758182][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 355.766150][ T286] Call Trace: [ 355.769422][ T286] [ 355.772348][ T286] vfs_rmdir+0x25f/0x500 [ 355.776593][ T286] incfs_kill_sb+0x105/0x220 [ 355.781186][ T286] deactivate_locked_super+0xb5/0x120 [ 355.786560][ T286] deactivate_super+0xaf/0xe0 [ 355.791245][ T286] cleanup_mnt+0x45f/0x4e0 [ 355.795665][ T286] __cleanup_mnt+0x19/0x20 [ 355.800082][ T286] task_work_run+0x1db/0x240 [ 355.804671][ T286] ? __cfi_task_work_run+0x10/0x10 [ 355.809780][ T286] ? free_nsproxy+0x21f/0x270 [ 355.814549][ T286] do_exit+0xa1d/0x2650 [ 355.818709][ T286] ? __cfi_do_exit+0x10/0x10 [ 355.823302][ T286] ? __kasan_check_write+0x14/0x20 [ 355.828413][ T286] ? _raw_spin_lock_irq+0x8f/0xe0 [ 355.833440][ T286] ? __cfi__raw_spin_lock_irq+0x10/0x10 [ 355.838995][ T286] ? ksys_write+0x1da/0x240 [ 355.843509][ T286] ? zap_other_threads+0x2c1/0x2f0 [ 355.848627][ T286] do_group_exit+0x210/0x2d0 [ 355.853223][ T286] __x64_sys_exit_group+0x3f/0x40 [ 355.858252][ T286] x64_sys_call+0x7b4/0x9a0 [ 355.862753][ T286] do_syscall_64+0x4c/0xa0 [ 355.867163][ T286] ? clear_bhb_loop+0x30/0x80 [ 355.871834][ T286] ? clear_bhb_loop+0x30/0x80 [ 355.876517][ T286] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 355.882410][ T286] RIP: 0033:0x7f6439d8e929 [ 355.886820][ T286] Code: Unable to access opcode bytes at 0x7f6439d8e8ff. [ 355.893917][ T286] RSP: 002b:00007fffa410e378 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 355.902422][ T286] RAX: ffffffffffffffda RBX: 00007f6439e10997 RCX: 00007f6439d8e929 [ 355.910414][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 355.918389][ T286] RBP: 0000000000000016 R08: 00007fffa410c116 R09: 00007fffa410f630 [ 355.926360][ T286] R10: 000000000000000a R11: 0000000000000246 R12: 00007fffa410f630 [ 355.934327][ T286] R13: 00007f6439e10925 R14: 0000555565af84a8 R15: 00007fffa41117f0 [ 355.942390][ T286] [ 355.945493][ T286] Modules linked in: [ 355.949391][ T286] CR2: 0000000000000170 [ 355.953539][ T286] ---[ end trace 0000000000000000 ]--- [ 355.958996][ T286] RIP: 0010:ihold+0x26/0x60 [ 355.963520][ T286] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 b1 86 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 10 e3 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 a1 [ 355.983122][ T286] RSP: 0018:ffffc9000daffaf8 EFLAGS: 00010246 [ 355.989286][ T286] RAX: ffff888121a12800 RBX: 0000000000000000 RCX: ffff888121a12880 [ 355.997255][ T286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 356.005232][ T286] RBP: ffffc9000daffb08 R08: dffffc0000000000 R09: fffffbfff0f2ccfd [ 356.013205][ T286] R10: fffffbfff0f2ccfd R11: 1ffffffff0f2ccfc R12: ffff88811aaf8454 [ 356.021183][ T286] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 356.029159][ T286] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 356.038087][ T286] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 356.044669][ T286] CR2: 0000000000000170 CR3: 0000000116f9f000 CR4: 00000000003506a0 [ 356.052641][ T286] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 356.060613][ T286] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 356.068592][ T286] Kernel panic - not syncing: Fatal exception [ 356.075046][ T286] Kernel Offset: disabled [ 356.079445][ T286] Rebooting in 86400 seconds..