last executing test programs: 9.119457749s ago: executing program 3 (id=1020): ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffed850000006d000000a50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r2, &(0x7f0000001400)="3b27a4", 0x3) sendfile(r2, r3, 0x0, 0xe066) (fail_nth: 22) 8.79192162s ago: executing program 3 (id=1022): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000031c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf7cf39e3100c8acaa47684f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d7559f3b14820ed58b15627c95aa0b784625704f07372c29184ff7f4a7c0000070015006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e000000000000041201baa80b0b8ed8fb1ec577c377f627daaf787a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bdeda7be586602d985430cea080000000000fb1a26abfb0767192361448279b05d96a703a660587a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aab926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb155481ef836eb0f8c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaed2b25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec0271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761036eafed1fb2b98b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe514283707c70600000000000000b7561301bb997316db01ee601f2c9659db9bc04f7089a660d8dcc3ae83169cf331efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a515d83129cd857c775f9e7d6101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbe3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562e00e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb2214209ed2d5d776e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b55ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18) sync() (fail_nth: 3) 8.560418933s ago: executing program 3 (id=1026): perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x35, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x1ff}, 0x0, 0xf5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x8718573db5b8dac0, 0x0, 0x4, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000380), 0x800) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f00000000c0), 0x10, 0x0) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3, 0x4, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000ff010000000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, 0x0, 0x0) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) pwritev(r2, &(0x7f00000001c0)=[{&(0x7f00000003c0)="be", 0x1}, {0x0}], 0x13, 0xfffffffc, 0x3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) semtimedop(0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000208060001080006040002aaaaaaaaaa00f5b75eb8725f79d8aa00ac"], 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) 8.416309467s ago: executing program 3 (id=1032): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x61680, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) r2 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x2040cc, &(0x7f0000000780)=ANY=[@ANYBLOB="666d61736b3d30303030303030303030303030303030303030300000312c636f6465706167653d3836332c646f74732c6e6f646f74732c6e6f646f74732c616c6c6f775f7574696d653d303030303030303030303030303030302c646f74732c6e6f646f74732c646f74732c6e6f636173651d6e6f646f74732c6572726f72733d72656d6f756e742d726f2c6e6f646f74732c6e6f646f74732c646f74732c6e6f646f74732c646973636172642c646d61736b3d30303030303030303030303030303030303030303030372c756d61736b3d30303030303030303030303030303030303030303031302c646f74732c646f74732c6e6f646f74732c6e6f646f74732c0000000000000000"], 0xfd, 0x1c9, &(0x7f0000001280)="$eJzs3bFu01AUBuATUxKHqRsSAskSC1MFPEERKhLCEhIoA0wgtSwNQqKLYWkfgwfkAVCnLMiotVtTw5BYig3p9y05zu+be+6Qmyy5eXf34+H+p6MP329/izQdRbIbu7EYxXYkceEkAIBNsijL+FFWhu4FAOjHEp//P3tuCQBYs9dv3r54kud7r7IsjTg9KWbFrHqs8mfP872H2bntZtRpUcxuXOaPsvZ3h7P8Ztyq88fV+OxqPo4H96v8LHv6Mm/lk9hf79IBAAAAAAAAAAAAAAAAAAAAAGAw9yK78NfzfXZ22vm0zqur384Hap3fsxV3turL5nig8riPRQEAAAAAAAAAAAAAAAAAAMB/5ujL18P38/nB56aYRMTVZ1YpRvULdxqeTKvBnWdfuUjO5xr3MpeiryL7N9qYd3sXHIwjYl2NLcqyXOrmZo+YDLIzAQAAAAAAAAAAAAAAAADA9dP86PfPLB2iIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYQPP//x2K44hY4ubLyaaDLhUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAN9isAAP//+mEx/Q==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x171c, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbf7896de1fdcf335263bdbcef549ba197fce47ddfdd753abd9501ce721b6ae9b49600002a00", "b7326736181c208220000000b9000010000000000000f0ffeffffff0ff00"}) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0) cachestat(r4, &(0x7f0000000280)={0x5, 0x3}, &(0x7f00000002c0), 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$KDGKBTYPE(r1, 0x4b33, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r5}, 0x10) fstat(0xffffffffffffffff, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000040)='./file0\x00', r5}, 0x18) 8.110699056s ago: executing program 3 (id=1042): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000006bc0), 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x7041, 0x0) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x500) mlock2(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) r3 = socket$netlink(0x10, 0x3, 0x14) unshare(0xc040400) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000003d06a2c8fd87d82ae39623bf22e50fe6cf4944af03dda68006db359d84173a8dcc17199871665ed86712090e3a8fe87e3b17f00865fb7e1f46f50d55563500a71e68e67b9909a24104fd50206e90d71aa40000000000000000000000000000fdd9597a138c0c9c04e4eebe985e0aeffa22a51c996984a92d3895aa7768b6452b8a2f2fc357808ec4f0dfe73f14357395165e634bdf5c073c769d5bb981b290156cf445b8e8abcf8cccd7bde1a4bdcf42c0c390eb5ad702332fd55e1fce63f808318567ab48a1478e5961dc8d787bf6f682ca274c51c74bf388518dc1fa7d3dd13b0f645e24864b4931d80b00c60d0bdb42ed4719b50d84d702910f6617541ac2c1719ea9cce0d4ae9c829f7ac69eb9292d3f506fecf36e38829a222e6ef27f58573207e4b300bedd28e9d7e2a28e34605c7f74a439a87249d709cd55499d081bc6fa2f5cf39f426d4f28940d29fb8d9aae831095d41ab04db0451bbbc8d2"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) lsm_list_modules(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r4}, 0x10) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="0a000000150000003d3600000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000002f6705625b3c4f4d00000000005fbe3c380000000000000000"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180), 0x3, r5}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r5, &(0x7f0000001940), &(0x7f00000002c0)=""/187}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000fd0f00000200cbc3c62cff26", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000580)=ANY=[@ANYBLOB="380000000314010000000000000022000900020073797a30000000000800410073697700140033006c6f000000000000000000000000000019fe7da5e1032113d50541fcd4451249e59fa0e1fe80a7d5cf634e0af9e923b823ad0690a702624385a4f382a809af70a21480a0e46a7b7877f121e8102db82bdfaebb18a2c8614be914cbf4b98e25dee0e290820e4d641fe7280c81db5267aeb54f52"], 0x38}}, 0x0) 8.063746531s ago: executing program 4 (id=1045): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x10000003, 0x1000000000, &(0x7f00000000c0)) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') ppoll(&(0x7f0000000280)=[{r1, 0x460b}], 0x1, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNGETVNETLE(r0, 0x800454dd, &(0x7f0000000000)) 7.932905143s ago: executing program 4 (id=1049): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ff7fffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', r3, 0x4, 0x1, 0x9, 0xff, 0xc, @private1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1, 0x7800, 0x80, 0x2}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==") r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote, 0x0, 0x0, 0x0, 0xe4a4, 0x2}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_request_inode\x00', r5}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000e80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='ext4_request_inode\x00', r7}, 0x10) r8 = socket$unix(0x1, 0x1, 0x0) bind$unix(r8, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='sys_enter\x00', r1}, 0x10) mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x40, &(0x7f0000000140)={'trans=tcp,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@version_9p2000}, {@afid={'afid', 0x3d, 0x8}}], [{@fsname={'fsname', 0x3d, 'GPL\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '\x04]/)]]}-:{{'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@context={'context', 0x3d, 'system_u'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}}) utime(0x0, 0x0) 7.842210812s ago: executing program 3 (id=1053): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000500)='\x00\x00\x00\x00\x00', 0x17, 0x0, 0x0, 0x37) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@ccm_128={{0x304}, "f5aad96737f637f4", "6f484b8afba4bdca0000000000000080", "528b0f51", "bb0bbf1f26e730c3"}, 0x28) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRESDEC=r1, @ANYRES32=r1, @ANYRESDEC=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20, 0x1}, [{}], "17cff30f55595d91530bb004e53e84fc2cebef6e3a01764d0f769b0494c46472753e58d5047e6465c6fb7c7737e238b281fe93a0008347d56785cda5613a572ff938815c4a4355d413495cc0f9d3c42807bf31838776226cdafb378ef7c0b29f47c4eb9d86d1bc86c0022d6b0024e9b0453c3a36a3e6ab1b27d31a3cb0b3a18310e0db8e07b6b0eae5d2c7ff43a38d591a8580722268c59d11f8cf305ba63a48a9da910c31939b06cb9fab5827cc85e0d54d18b6bd36004e18ef66924cc98f0eaeb1f0c1ba7b85c4bcccbd98771e9629c5ed0959d34fe3b0cc2a5d80d7d1036bac6a46b7258a69567f83119a9fa89a01040ce99cb48466bbbdbc0c2e374ea88fc77a17d50649762f99b2e55b4fe9063cfca5e7fa1b4ac15aede2991ec60312a0cd3d6d74b03b3b009cbf3b16bab672fa05069a91bdd25c16425b0e6afd0c7ca792a73b5a019683c4b2f86faf3e2f08c07edd19d61af3f8270f44c71adc5c48f7dfd5eed0d3bf54252b7cba78f693b59ea46d72688e0b43f64cfde164268c71dd03eec8c213ff88537d4406f1424aa44461770c2cefa0f65856b4c6263d7d1224e86dc8c7db98f41cae70a12c0b8add5004810b85c6e5f100c17a758d931e2a38528428e5d8b841e6c4da212ab7fb956d25463bc769b3cf145a23390c3e3d0f442645db81ff11e1832c2ef75b2f361cf3ce5b8d138e034bf1a061cdfa4d20866e736fa278c5ebac8482b346c74002ee9466ae45940471515d949c595ee5a2c66f5df2d9f411f4b12712777446c6e8fb9b5f2f78ccdc2fdc7822c0e356bb0f8cc7e8099167708fdaf3bec3663e6c097b68b81fa7f9e9289fcd7eabff2bf9a2ba1f9072ec6e2f77854b33bf49ac58615974e3ce4428d2490d649cc6814e3d5a062adcfc4376e6f3710af2c87519475f3ff3dc978fc9465bd5f0d84be9672b99799e7de2d3566f45750aa1b375bff902a519e419f1503efd05cf17e6ff98edbd2a2414ef1e9256826bb102efe675b17dcf70748dbacbcc84d368badf17d2de587fa64d01d5427e199db5e621237cb0cc972acaa7b8fee9c4aef27bfc5e5201697fc5ce5f68bfa72a0a17914bb9f5c7d3005cbb8c255faec53ac573e9469290d0119c465670ff0f8a360d295235d07c7ccb8c5d664cad43f4a57e526ff74c18c953a705a5e69d5745855bfc345b83ff561090d3d2a546ecd74b97afcbf29d8d159842e2cff4ad425f58387f64074e1400deb7c4786d08b9f0d1722dcddd0fb06b0126b25043f5640d4aa923d8dc3b04b0550b31778e00494209b36600337225c306d19b17f1915fca1f87e848fa2897335af87b96b9ee4a686d844f68cd511b42f985eed2eac40f9223304bd15ff52ca35bce918658ac9e9978b7aee4530c02235ad35f3d4fcecb54d751acc0d0591c829de01d5a2dc5e37572f469ac4861fac2f17f97926e9397dee15d631d2869dddfb98347d9e42ea4992acc9206d94d13f20c53e0e371fe17efacff9f9513fd8e253d37e3821edab3df9e9031625e740e8cc0f2d239e84bbe2578d2ad49cb268334bc220393b975a0a33726bdca2ea9a385c48400754b6a32985bcd4bf69233a07baafff12764f91f94bdedd5d9c2ecf0db6f3ba99e6d7efc6b18e4eaa213a4f8ab0661552a1d202540866c6a062f984b91773e15c3dffe902336c877cc3fa07ca02bbff14210dbbaff979e33e873f4cb5153eb6a6805e865cfb3a043981526b274b7dc5333fbbc0e1df6c0f7cd209d5033ce38cbd5fd3ea00fa46a8023fd9a6c4116366aee069629a045b09d9627fcf395211bc3f1b09d0b588013a8df6b41639fdbd59988e2ac919dadf94362b616270803ce73666c3ab10f4b2dbb787c8acbe36280e09baf3e82eb5866deb767f2560dcc8b38b8c59df4519584b255df0e41a5b68a998a38d1106d18f4ce0c9ccd9002fa8b816b52619fabbac87277bff57da4e17f1125d5fa306c5dceb791892303b118f1566127748356a2e63f0aaa3e68bc67cda2f64cb073a1ea6b54e1ee2c6d4b530c073cc77566aa9c82a0c68a2eee5c224b10ba09cbd5dbbbe6946a6accb515e30d8fe5f0533b123817023a3788f5a9081863d770bed93742e16d21a8c691b49b692d97285fca58c61a98d408254da63e00b059d54781a9c30a6bb396235e7213b14e5c7f666049272df898bfbf304d8d9cb27cdffa0578dccf7c753187845d24caa8834df23fb5cef9cba358e2b982d79555cb130ad42ac6fa120f857ead25b6c1bd30697a925a3d0426af108375f4eeeae6657da8126646ff31fab6d9d032254d1d071ed0aff1cb7b11f7767aac4a854264669af6fbca774dce4bc4d3e789f8c2638323ede9dd6cfd64cb8f184941e9fb73753cda5422e6d4499d7eb8ca28ae39068b410bd6ec7397b51f0872602a6e579fc1b168189dd1594ccf6f2db3b2e122c15b253c6431a906dc269d0a476014d435f3de10e8f8000df0c426286365e5b2b6d0566d2af11b2c8381c6a0719815f0944bb74ea050c43121c86c53b6c4e453c38f58666bb7723ad7aa5313c4893104f45f373a65f7e75b156c8c8a108438f805b76445cab9182068919ce3fb3b3a78fda3405b103575c5c6eb40a81688bba26a530ab3197995471e0faaf1c0c45c21b0c4c6931ad80ada9a4eac0319960fb1db96038801927aeede9c3b1a79ab08bfd600b3af6d5dea0fdec80d9d82b019f9a8d0a14b0547f733c64ad58fb64a0ad85d12c1a6d941434bb4cbbde52515cc21b43812302be9a7982929abc05e80b347c33f5c5278eee042a452ed99745bb5efc3f1225013d36543d00bc5edd29532f247965556a8c20060986549a0bc60516a365d6862668bdf3f189b038fe4cb3288a80381c90f145d700e72ad33ecc5a41d2c5cc01df83cd265f7abf65bafd810f40ecd5b2e41269d06a541760928a797c0eae4b3734c9e0fea954df48133199c9ccf76763d7c0c9b854210572d9896a5670f26030ab3d7500e99cf118d4e54886bfc409b8b5ddc8400fbb5330864d476ab7d302a27dc42050372590ddd51a733c12ebb910901de61f6640f24c0789d75b04224f3f2653b57b6b236abc72059456ec4bcdb7675cc4109424cc983b56d0cc709c78d540016466afac54f32da14ffb38732e1249771e8d893e0027bf283ced14ee20f0c434369f2391acc99e4fa9d1a565de71e1a8b20348e95dfad77ca5795756b833f3314bf642c277d93e1a65bc4e07237bc844d5f28dc9754ceb892043913ea0e57b682ac129017e40d5e5a1c43deddc4d8baca951f3567d8aa0e90fad1503309c05fea2d7a2d424cbe693c7bcdb4c8f59b6b4cabffafbb7558e718cc526d26e3a02f98381e0608b0c9c5ae873ab2c674a35a780871d60622c85233a84cfb54a60642cf175baa4fc8f79296d96a0ab46a901fc49d1b6fffe31e618a9f387992005bc219ffca8800f31ffbb2167354837f0328da011da2f2dfc14fdbfcb0c2cf6ff4ef0a146019ec3e8a47128ebc8bd05aa72c0bf1e0b9a7c868c8eac6da498abbe3b7125fc675cefb7b27fb42a4d102927c6a2e5248ba46b74f4afdf346ebf7a9ed6512bee67e632596f781a3b5a736115d817760742fe90da3a8aec710fdf2a363a52be689518857b24f6bd9c8786f3c864596c550647db05869134adf34012ed8ac1f0d662bfb54ab3f40824267a689b2825f4bc5e077e3091ebaa7b12a1c2a5b274a8cc49bb24b592319a07456efeff3b58c084791b33c9d8f6acbb49672e36ddf2dde001ccc62d2a16228b61a5783e72de0d6bc9d2158f19e2957c34fbe27b72e2eae326864"}, 0xae2) r6 = dup(r5) write$P9_RLERRORu(r6, &(0x7f0000000880)=ANY=[@ANYBLOB="5300000007000046009de8"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [], 0x6b}}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r7) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0], 0x0, 0x83, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f00000003c0), 0x8, 0x29, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYRESHEX=r2, @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='sys_enter\x00', r10}, 0x18) r11 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r11, 0x400, 0x1) fremovexattr(r11, &(0x7f0000000040)=@known='system.posix_acl_default\x00') lsm_list_modules(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01dfffffff0000000000210000000c00018008000100", @ANYRES32=r3], 0x20}}, 0x0) 7.841827032s ago: executing program 32 (id=1053): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000500)='\x00\x00\x00\x00\x00', 0x17, 0x0, 0x0, 0x37) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@ccm_128={{0x304}, "f5aad96737f637f4", "6f484b8afba4bdca0000000000000080", "528b0f51", "bb0bbf1f26e730c3"}, 0x28) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRESDEC=r1, @ANYRES32=r1, @ANYRESDEC=r1], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x20, 0x1}, [{}], "17cff30f55595d91530bb004e53e84fc2cebef6e3a01764d0f769b0494c46472753e58d5047e6465c6fb7c7737e238b281fe93a0008347d56785cda5613a572ff938815c4a4355d413495cc0f9d3c42807bf31838776226cdafb378ef7c0b29f47c4eb9d86d1bc86c0022d6b0024e9b0453c3a36a3e6ab1b27d31a3cb0b3a18310e0db8e07b6b0eae5d2c7ff43a38d591a8580722268c59d11f8cf305ba63a48a9da910c31939b06cb9fab5827cc85e0d54d18b6bd36004e18ef66924cc98f0eaeb1f0c1ba7b85c4bcccbd98771e9629c5ed0959d34fe3b0cc2a5d80d7d1036bac6a46b7258a69567f83119a9fa89a01040ce99cb48466bbbdbc0c2e374ea88fc77a17d50649762f99b2e55b4fe9063cfca5e7fa1b4ac15aede2991ec60312a0cd3d6d74b03b3b009cbf3b16bab672fa05069a91bdd25c16425b0e6afd0c7ca792a73b5a019683c4b2f86faf3e2f08c07edd19d61af3f8270f44c71adc5c48f7dfd5eed0d3bf54252b7cba78f693b59ea46d72688e0b43f64cfde164268c71dd03eec8c213ff88537d4406f1424aa44461770c2cefa0f65856b4c6263d7d1224e86dc8c7db98f41cae70a12c0b8add5004810b85c6e5f100c17a758d931e2a38528428e5d8b841e6c4da212ab7fb956d25463bc769b3cf145a23390c3e3d0f442645db81ff11e1832c2ef75b2f361cf3ce5b8d138e034bf1a061cdfa4d20866e736fa278c5ebac8482b346c74002ee9466ae45940471515d949c595ee5a2c66f5df2d9f411f4b12712777446c6e8fb9b5f2f78ccdc2fdc7822c0e356bb0f8cc7e8099167708fdaf3bec3663e6c097b68b81fa7f9e9289fcd7eabff2bf9a2ba1f9072ec6e2f77854b33bf49ac58615974e3ce4428d2490d649cc6814e3d5a062adcfc4376e6f3710af2c87519475f3ff3dc978fc9465bd5f0d84be9672b99799e7de2d3566f45750aa1b375bff902a519e419f1503efd05cf17e6ff98edbd2a2414ef1e9256826bb102efe675b17dcf70748dbacbcc84d368badf17d2de587fa64d01d5427e199db5e621237cb0cc972acaa7b8fee9c4aef27bfc5e5201697fc5ce5f68bfa72a0a17914bb9f5c7d3005cbb8c255faec53ac573e9469290d0119c465670ff0f8a360d295235d07c7ccb8c5d664cad43f4a57e526ff74c18c953a705a5e69d5745855bfc345b83ff561090d3d2a546ecd74b97afcbf29d8d159842e2cff4ad425f58387f64074e1400deb7c4786d08b9f0d1722dcddd0fb06b0126b25043f5640d4aa923d8dc3b04b0550b31778e00494209b36600337225c306d19b17f1915fca1f87e848fa2897335af87b96b9ee4a686d844f68cd511b42f985eed2eac40f9223304bd15ff52ca35bce918658ac9e9978b7aee4530c02235ad35f3d4fcecb54d751acc0d0591c829de01d5a2dc5e37572f469ac4861fac2f17f97926e9397dee15d631d2869dddfb98347d9e42ea4992acc9206d94d13f20c53e0e371fe17efacff9f9513fd8e253d37e3821edab3df9e9031625e740e8cc0f2d239e84bbe2578d2ad49cb268334bc220393b975a0a33726bdca2ea9a385c48400754b6a32985bcd4bf69233a07baafff12764f91f94bdedd5d9c2ecf0db6f3ba99e6d7efc6b18e4eaa213a4f8ab0661552a1d202540866c6a062f984b91773e15c3dffe902336c877cc3fa07ca02bbff14210dbbaff979e33e873f4cb5153eb6a6805e865cfb3a043981526b274b7dc5333fbbc0e1df6c0f7cd209d5033ce38cbd5fd3ea00fa46a8023fd9a6c4116366aee069629a045b09d9627fcf395211bc3f1b09d0b588013a8df6b41639fdbd59988e2ac919dadf94362b616270803ce73666c3ab10f4b2dbb787c8acbe36280e09baf3e82eb5866deb767f2560dcc8b38b8c59df4519584b255df0e41a5b68a998a38d1106d18f4ce0c9ccd9002fa8b816b52619fabbac87277bff57da4e17f1125d5fa306c5dceb791892303b118f1566127748356a2e63f0aaa3e68bc67cda2f64cb073a1ea6b54e1ee2c6d4b530c073cc77566aa9c82a0c68a2eee5c224b10ba09cbd5dbbbe6946a6accb515e30d8fe5f0533b123817023a3788f5a9081863d770bed93742e16d21a8c691b49b692d97285fca58c61a98d408254da63e00b059d54781a9c30a6bb396235e7213b14e5c7f666049272df898bfbf304d8d9cb27cdffa0578dccf7c753187845d24caa8834df23fb5cef9cba358e2b982d79555cb130ad42ac6fa120f857ead25b6c1bd30697a925a3d0426af108375f4eeeae6657da8126646ff31fab6d9d032254d1d071ed0aff1cb7b11f7767aac4a854264669af6fbca774dce4bc4d3e789f8c2638323ede9dd6cfd64cb8f184941e9fb73753cda5422e6d4499d7eb8ca28ae39068b410bd6ec7397b51f0872602a6e579fc1b168189dd1594ccf6f2db3b2e122c15b253c6431a906dc269d0a476014d435f3de10e8f8000df0c426286365e5b2b6d0566d2af11b2c8381c6a0719815f0944bb74ea050c43121c86c53b6c4e453c38f58666bb7723ad7aa5313c4893104f45f373a65f7e75b156c8c8a108438f805b76445cab9182068919ce3fb3b3a78fda3405b103575c5c6eb40a81688bba26a530ab3197995471e0faaf1c0c45c21b0c4c6931ad80ada9a4eac0319960fb1db96038801927aeede9c3b1a79ab08bfd600b3af6d5dea0fdec80d9d82b019f9a8d0a14b0547f733c64ad58fb64a0ad85d12c1a6d941434bb4cbbde52515cc21b43812302be9a7982929abc05e80b347c33f5c5278eee042a452ed99745bb5efc3f1225013d36543d00bc5edd29532f247965556a8c20060986549a0bc60516a365d6862668bdf3f189b038fe4cb3288a80381c90f145d700e72ad33ecc5a41d2c5cc01df83cd265f7abf65bafd810f40ecd5b2e41269d06a541760928a797c0eae4b3734c9e0fea954df48133199c9ccf76763d7c0c9b854210572d9896a5670f26030ab3d7500e99cf118d4e54886bfc409b8b5ddc8400fbb5330864d476ab7d302a27dc42050372590ddd51a733c12ebb910901de61f6640f24c0789d75b04224f3f2653b57b6b236abc72059456ec4bcdb7675cc4109424cc983b56d0cc709c78d540016466afac54f32da14ffb38732e1249771e8d893e0027bf283ced14ee20f0c434369f2391acc99e4fa9d1a565de71e1a8b20348e95dfad77ca5795756b833f3314bf642c277d93e1a65bc4e07237bc844d5f28dc9754ceb892043913ea0e57b682ac129017e40d5e5a1c43deddc4d8baca951f3567d8aa0e90fad1503309c05fea2d7a2d424cbe693c7bcdb4c8f59b6b4cabffafbb7558e718cc526d26e3a02f98381e0608b0c9c5ae873ab2c674a35a780871d60622c85233a84cfb54a60642cf175baa4fc8f79296d96a0ab46a901fc49d1b6fffe31e618a9f387992005bc219ffca8800f31ffbb2167354837f0328da011da2f2dfc14fdbfcb0c2cf6ff4ef0a146019ec3e8a47128ebc8bd05aa72c0bf1e0b9a7c868c8eac6da498abbe3b7125fc675cefb7b27fb42a4d102927c6a2e5248ba46b74f4afdf346ebf7a9ed6512bee67e632596f781a3b5a736115d817760742fe90da3a8aec710fdf2a363a52be689518857b24f6bd9c8786f3c864596c550647db05869134adf34012ed8ac1f0d662bfb54ab3f40824267a689b2825f4bc5e077e3091ebaa7b12a1c2a5b274a8cc49bb24b592319a07456efeff3b58c084791b33c9d8f6acbb49672e36ddf2dde001ccc62d2a16228b61a5783e72de0d6bc9d2158f19e2957c34fbe27b72e2eae326864"}, 0xae2) r6 = dup(r5) write$P9_RLERRORu(r6, &(0x7f0000000880)=ANY=[@ANYBLOB="5300000007000046009de8"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[], [], 0x6b}}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r7) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0], 0x0, 0x83, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f00000003c0), 0x8, 0x29, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYRESHEX=r2, @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='sys_enter\x00', r10}, 0x18) r11 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) fcntl$setlease(r11, 0x400, 0x1) fremovexattr(r11, &(0x7f0000000040)=@known='system.posix_acl_default\x00') lsm_list_modules(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01dfffffff0000000000210000000c00018008000100", @ANYRES32=r3], 0x20}}, 0x0) 7.096176814s ago: executing program 4 (id=1070): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x4a, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaa91aa86dd60ff00f50014060080000000000000000000ffff64010101fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780003"], 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10}, {0xffff, 0xe}, {0x8, 0xffff}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x26008004}, 0x4000000) r3 = socket$netlink(0x10, 0x3, 0x6) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 7.008527653s ago: executing program 4 (id=1071): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000240), 0x25, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x7, 0x8, &(0x7f00000019c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8b1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffaf4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431410fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6daa790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c7070800000000000000433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf8714d7bb2366fde41f94290c2a5fdecb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1f5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41ffc12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5eae593fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9db25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27832b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bb0800c51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a540f0c10ec3a11667290b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad95971030000007d00000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c6055bb164ab413d5467ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d7ab3753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf06db539f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe6e7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a1914b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c69a795927e3861654736804bed4214040b7724c056d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8adc67ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c027060697a7f10132b1c259d3f28b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c51000000000000000000000000000000000000000000915c2cde78db002a20e370600f56b3803786ffff268fa1782c240a1d3b62bb5c9c5712bc58a0f276f5224b6efaceab36d1468b0800000000000000cbefec08ac7cb62a9f6abcc97daf83edafe4409ecba3050a321a180af12bc59b1b2f1a9cfdf4bf2d260000000000a62f09e2ede938ea300cbefada05c356f12cdc84f66c65e669f0ffcb4ad94f6a8ba978f89ab3d2e62bd2c3eae921e9871acbf36c259d3a86dd5d022bac5ee38f6eccd3e462e47a96dc9e653fb7d7a64405a7c97fb3946f6766f937119652e07464910290873e989f3798f5324de8584a1a8772d2bddfc6eea633f7be50d362159914a877d2fe0fc67783b4fb000000000000000000328b4ed8ac2f2d0440488e4b1d32280373df7ce8847683fae1c73ee4cb320ba8a820"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xa}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) io_cancel(0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000180)) pipe2$9p(0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="00000012e228000000b7080000000000007b8af8ff00bfa20000400000e755a3775f20b6f3726ce1dceeb2699a0005f3182b19be0000008ea7a193bfee172e01fa1082368fec65f400db95a3636e07ab523153bf5db3c457f46359f3d9ef23deb529e167dfc90ef611e1fb01f44fc5456cbf4b05dda7a4639cafb8b0f50fbf43b404ffbae93d6cfd8f400200"/171], 0x0, 0xfffffffd, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x13, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0xfffffffffffffcfa, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r5) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) close(r4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r4, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x982c0, 0x100) write$P9_RXATTRCREATE(r6, &(0x7f0000000400)={0x7}, 0x2000) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace$pokeuser(0x6, r7, 0x20008, 0xfffffffffffffff9) r8 = socket(0x10, 0x3, 0x0) sendto$inet6(r8, &(0x7f0000000200)="7800000018001feeb8f9f50dffff00000204be04fe05fe02061123094300120015000a00fac8388827a685a168d0bf46d323456536f7578d27001000c291214549975ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000b0014000000000000000018d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) 5.580489051s ago: executing program 2 (id=1079): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000054850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r1, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x2, &(0x7f0000000140)=[{0x40, 0x2, 0x0, 0x4}, {0x6}]}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000078000000030a01010000000000000000010000000900030073797a310000000028000480080002400000000008000140000000051400030076657468315f746f5f626174616476000900010073797a300000000008000a4000000002"], 0xc0}}, 0x0) 5.579994251s ago: executing program 4 (id=1080): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_io_uring_setup(0x1027ce, &(0x7f0000000480)={0x0, 0xffffffff, 0x1a1d}, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d00)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="99742bbd7000fbdbdf2515000000140001800d00010075647086b3113a7379"], 0x28}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x21081e, &(0x7f00000000c0)={[{@grpquota}, {@mb_optimize_scan}, {@nodiscard}], [{@seclabel}]}, 0x1, 0x501, &(0x7f0000000ac0)="$eJzs3c9vI1cdAPCvnThxsmmTlh4AQbu0QEGrdRJvG1U9QDkhhCohegRpGxJvFMWOo9gpTViJ9MwViUqc4MgfwLkn7lwQ3LiUAxI/ItAGicNUM55kvYm9a+0mdhR/PtJo3syb+Pt9m533dp7XfgGMrZsRcRgRUxHxfkTM5+cL+RbvdLb0ugdH99eOj+6vFSJJ3vtXIatPz0XXz6Ru5K9ZjogffjfiJ4XzcVv7B1ur9XptNz9ebDd2Flv7B7c3G6sbtY3adrW6sryy9NadN6sX1tZXGlN56cuf/vHwmz9L05rLz3S34yJ1ml46jZOajIjvX0awEZjI2zM16kR4KsWIeDEiXs3u//mYyH6bAMB1liTzkcx3HwMA110xmwMrFCv5XMBcFIuVSmcO76WYLdabrfate8297fXOXNlClIr3Nuu1pXyucCFKhfR4OSs/PK6eOb4TES9ExC+nZ7Ljylqzvj7Kf/gAwBi7cWb8/+90Z/wHAK658qgTAACGzvgPAOOn3/ifJMnPh5wKADAknv8BYPx0xv+ZUacBAAyR538AGD/GfwAYKz949910S47z779e/2B/b6v5we31Wmur0thbq6w1d3cqG83mRvadPY0nvV692dxZfiP2Plz41k6rvdjaP7jbaO5tt+9m3+t9t1bKrjocQssAgH5eeOWTvxTSEfntmWyLrrUcSiPNDLhsxVEnAIzMxKgTAEbGal8wvp7hGd/0AFwTPZbofUS51weEkiRJLi8l4JK9/gXz/zCuuub//S9gGDPm/2F8mf+H8ZUkhUHX/I9BLwQArjZz/ECf9/9fzPe/y98c+PH62Ss+vsysAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Go7Wf+3kq8FPhfFYqUS8VxELESpcG+zXluKiOcj4s/Tpen0eHnEOQMAz6r490Jn/a/pc1Uv3zgtTkXET3/93q8+XG23d/8UMVX49/TJ+fbH+fnqcDMHAAZzMk5n+64H+QdH99dOtvM/NXlp+fzjOxFR7sQ/PirF8Wn8yTxqOUoRMfufwiNZFLrmLp7F4UcR8fle7S/EXDYH0ln59Gz8NPZzQ41ffCR+Mavr7NM/i89dQC4wbj5J+593et1/xbiZ7Xvf/+UL6hXz/i99qbXjrA98GP+k/5vo0//dHDTGG3/4Xqc0c77uo4gvTkacxD7u6n9O4hf6xP/qgPH/+qWXX+1Xl/wm4vXoHb871mK7sbPY2j+4vdlY3aht1Lar1ZXllaW37rxZXczmqBf7jwb/fPvW8/3q0vbP9olffkL7vzZg+3/7//d/9JXHxP/Ga73iF+Olx8RPx8SvDxh/dfb35X51afz1Pu1/0u//1oDxP/3bwbllwwGA0WntH2yt1uu1XQWFq19I/8pegTR6Fr49rFhT0bvqF6917ukzVUnyVLH69RgXMesGXAWnN31E/G/UyQAAAAAAAAAAAAAAAD0N4xNLo24jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA19dnAQAA//9Ye9JD") (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004e8100000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r5}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) (async) getdents(0xffffffffffffffff, 0x0, 0x0) 5.205510987s ago: executing program 2 (id=1082): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = syz_io_uring_setup(0x1188, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0x1a4}, &(0x7f0000000100)=0x0, &(0x7f0000000500)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'syztnl2\x00', &(0x7f0000000800)={'ip6_vti0\x00', 0x0, 0x4, 0x4, 0x8, 0xe, 0x18, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7800, 0x9, 0x7}}) io_uring_enter(r2, 0x567, 0x0, 0x1, 0x0, 0x0) 5.18020275s ago: executing program 2 (id=1083): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) (async, rerun: 64) r1 = socket(0x28, 0x5, 0x0) (async, rerun: 64) r2 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r2, 0x0) (async) connect$vsock_stream(r1, &(0x7f0000000080), 0x10) (async) sendmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x0) (async) r3 = accept4$unix(r2, 0x0, 0x0, 0x0) recvfrom$unix(r3, &(0x7f0000000180)=""/235, 0x1ffd4, 0x0, 0x0, 0x0) (async) r4 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pivot_root(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='./file0\x00') (async) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300)={0x1000a4, 0x7a, 0x0, {r4}}, 0x20) (async) setsockopt$inet6_int(r4, 0x29, 0x5d, &(0x7f00000002c0)=0x8, 0x4) 4.952644322s ago: executing program 4 (id=1084): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801000000001f00000000000000ea1f850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) creat(&(0x7f00000003c0)='./file0\x00', 0x9f) link(0x0, 0x0) 4.909137345s ago: executing program 33 (id=1084): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1801000000001f00000000000000ea1f850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) creat(&(0x7f00000003c0)='./file0\x00', 0x9f) link(0x0, 0x0) 4.837388223s ago: executing program 2 (id=1088): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b7040000000000008500000001"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = syz_io_uring_setup(0x26c0, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0xffffffff, 0x5, 0x2000, 0x0, &(0x7f0000048000), 0x800000) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000200)=ANY=[@ANYBLOB=','], 0x118) ioctl$IMCTRLREQ(r6, 0x80044945, &(0x7f0000000240)={0x2022, 0xa0b, 0x3, 0x3ff}) fdatasync(r2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r3, 0x3d59, 0xb283, 0x0, 0x0, 0x0) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000280)=0x0) wait4(r7, &(0x7f00000002c0), 0x2, &(0x7f00000003c0)) 3.982286605s ago: executing program 2 (id=1095): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf67000000000000160602000fff52004507000010000000d60600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060d60bb39d0af449deaa27ea949e8f9000d885dfea2783835e29eb532ba8546fc020c196738b5f32b095f5d5b996b9e8d897e461c01c697671d1000000010000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYRES32=r0], 0x10}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf67000000000000160602000fff52004507000010000000d60600000ee60000bf050000000000000f630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060d60bb39d0af449deaa27ea949e8f9000d885dfea2783835e29eb532ba8546fc020c196738b5f32b095f5d5b996b9e8d897e461c01c697671d1000000010000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) (async) write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11) (async) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYRES32=r0], 0x10}}, 0x0) (async) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0xffffffffa0018000, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300090c00000000420b00000000000200130002000000000000000000001f0300060000000051020049e4f0000001c99a00000000000002000100002000100000000200000000030005"], 0x60}}, 0x0) (async) socket$key(0xf, 0x3, 0x2) (async) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) (async) 3.924440731s ago: executing program 2 (id=1096): unshare(0xa000200) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0x12, &(0x7f0000000000), 0x4) socket(0x18, 0x0, 0x0) mbind(&(0x7f0000564000/0x2000)=nil, 0x2000, 0x3, 0x0, 0xc, 0x0) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x22020600) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) r3 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x2000}, &(0x7f0000000280)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) r6 = socket(0x40000000002, 0x3, 0x80000000002) perf_event_open(&(0x7f00000003c0)={0x2, 0x80, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$inet_int(r6, 0x0, 0x4, &(0x7f0000000080), 0x4) io_uring_enter(r3, 0x21ac, 0x0, 0x0, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") unshare(0x68040200) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r9}, 0x10) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r10}, 0x10) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newlink={0x34, 0x10, 0x44b, 0x0, 0x25dfdbfd, {0x7a, 0x0, 0x0, 0x0, 0x8020, 0x40002}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}}, 0x0) 2.629893636s ago: executing program 1 (id=1103): r0 = syz_io_uring_setup(0x24f8, &(0x7f0000000400)={0x0, 0x0, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000040), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000140), 0x12) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, 0x0) r8 = open(&(0x7f0000000040)='./bus\x00', 0x1c1242, 0x0) ftruncate(r8, 0x2007ffb) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b00000000001b000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000006ffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r9}, 0x18) r10 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) nanosleep(&(0x7f0000000180)={0x0, 0x989680}, 0x0) sendfile(r10, r8, 0x0, 0x7ffff000) r11 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000006c0)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="900000001000030500"/18, @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r13], 0x90}}, 0x0) r14 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r14, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r14, 0x80, &(0x7f0000000200)=@in6={0xa, 0x0, 0x0, @dev}}) io_uring_enter(r0, 0x5b43, 0x0, 0x0, 0x0, 0x0) 2.188515389s ago: executing program 0 (id=1104): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000007400000074000000030000000a00000000000001000000007a005e030600000000000010080000000a000000000000090200000009000000000000110200000009bf31000b000000030000930b000000080000000200000003009900070000000600000006000000060000002403000009000000020000000000000b01000080003e00"], &(0x7f0000000240)=""/186, 0x8f, 0xba, 0x1, 0x800, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xf, 0x0, 0x4, 0x1, 0x81, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x0, &(0x7f0000000c00), 0x1, 0xb80, &(0x7f0000000c40)="$eJzs3MtrXFUYAPDv3jyaNrGTiqgtggGpFcVp2hSFrlrXooIuuuyYTErI9GEmggldpHWvLkRcFKR/guDeunAluKgLrX9BEYsU3bQuInce6dBkktjO9PTx+8GZe86c6XzfN5fOPQfmJoAn1kTxkEfsjYiTWUSp9XweEcON3kjESvN1t2+eny5aFqur7/+VRRYRt26en26/V9Y6jrYGIxFx9a0snv50fdz60vJ8pVarLrTGBxdPnztYX1p+fe505VT1VPXMkak3j0y9MTXVw1qvn/vw6xd+eefli5c/m3z3q90/ZXEsxlpznXX0ykRMrH0mnQYjotLrYIkMtOrprDMbTJgQAACbyjvWcM9GKQbizuKtFD/+mjQ5AAAAoCdWByJWAQAAgMdcZv8PAAAAj7n27wBu3Tw/3W5pf5HwYN04HhHjzfrb9zc3ZwZjpXEciaGI2PV3Fp23tWbNf3bfJopI3/1cLVr06T7kzaxciIjnNzr/WaP+8cZd3OvrzyNisgfxJ+4aP0r1H+tB/NT1A/BkunK8eSFbf/3L19Y/scH1b3CDa9e9SH39a6//bq9b/92pf6DL+u+9bcbY9++rV7vNda7/Tnz++0wRvzjeV1H/w40LEfsGN6o/W6s/61L/yW3GGJ2+fqnbXFF/UW+7Pej6Vy9H7I+N62/LNvv7RAdn52rVyeZjlxj7fzhxoFv8zvNftCJ+ey/wIBTnf1eX+rc6/+e2GWP8uT/3dpvbuv78j+Hsg0ZvuPXMJ5XFxYVDEcPZ2+ufP7x5Lu3XtN+jqP+Vlzb//79R/cV3wkrrcyj2Ahdax2J88a6Yo/sPf3vv9fdXUf/MPZ7/L7YZ45vvL33UbS51/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GvKIGIssL6/187xcjhiNiGdiV147W198bfbsx2dmirmI8RjKZ+dq1cmIKDXHWTE+1OjfGR++azwVEXsi4svSzsa4PH22NpO6eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaMRsRYZHk5IvKI+KeU5+Vy6qwAAACAnhtPnQAAAADQd/b/AAAA8Piz/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDP9rx45VoWEStHdzZaYbg1N5Q0M6Df8tQJAMkMpE4ASGYwdQJAMvb4QLbF/EjXmR09zwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh9eBvVeuZRGxcnRnoxWGW3NDSTMD+i1PnQCQzEDqBIBkBlMnACRjjw9kW8yPdJ3Z0fNcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh4jTValpcjIm/087xcjngqIsZjKJudq1UnI2J3RPxWGtpRjA+lThoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICeqy8tz1dqteqCjo6Ozlon9TcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp1JeW5yu1WnWhnjoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILX60vJ8pVarLvSxk7pGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADS+S8AAP//szUGGQ==") r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) mount$9p_tcp(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[]) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0) flock(r4, 0x5) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x108) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x0) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}}) 1.939393713s ago: executing program 0 (id=1105): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085000000010000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = syz_io_uring_setup(0x26c0, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1000000}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x2) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0xffffffff, 0x5, 0x2000, 0x0, &(0x7f0000048000), 0x800000) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000200)=ANY=[@ANYBLOB=','], 0x118) ioctl$IMCTRLREQ(r6, 0x80044945, &(0x7f0000000240)={0x2022, 0xa0b, 0x3, 0x3ff}) fdatasync(r2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r3, 0x3d59, 0xb283, 0x0, 0x0, 0x0) ioctl$TIOCGPGRP(r6, 0x540f, &(0x7f0000000280)=0x0) wait4(r7, &(0x7f00000002c0), 0x2, &(0x7f00000003c0)) 1.746578111s ago: executing program 1 (id=1106): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = syz_io_uring_setup(0x1188, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0x1a4}, &(0x7f0000000100)=0x0, &(0x7f0000000500)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'syztnl2\x00', &(0x7f0000000800)={'ip6_vti0\x00', 0x0, 0x4, 0x4, 0x8, 0xe, 0x18, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7800, 0x9, 0x7}}) io_uring_enter(r3, 0x567, 0x0, 0x1, 0x0, 0x0) 1.722278564s ago: executing program 1 (id=1107): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8ff0200000000ff000044850000002a000000a50000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000300)={0x0, 0xffffffffffffff20, &(0x7f00000002c0)={&(0x7f0000001740)={0x2c, r1, 0x701, 0x0, 0x0, {{}, {@void, @void, @void}}, [@NL80211_ATTR_VENDOR_ID={0x8}, @NL80211_ATTR_VENDOR_SUBCMD={0x8}]}, 0x2c}}, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000180), 0x4) sendto$inet6(r0, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab71", 0x33, 0x1, 0x0, 0x0) shutdown(r0, 0x1) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/173, 0xad, 0x1, 0x0}, &(0x7f00000002c0)=0x40) 1.467714898s ago: executing program 1 (id=1108): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000054850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r1, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x5, 0x1, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x2, &(0x7f0000000140)=[{0x40, 0x2, 0x0, 0x4}, {0x6}]}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000078000000030a01010000000000000000010000000900030073797a310000000028000480080002400000000008000140000000051400030076657468315f746f5f626174616476000900010073797a300000000008000a4000000002"], 0xc0}}, 0x0) 1.359463289s ago: executing program 1 (id=1109): openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0xfffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, &(0x7f0000000180)=[{}], 0x8, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0xf5, 0x8, 0x0, 0x0}}, 0x10) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r1, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0xfffffffffffffffc, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffc0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000400)='./file0\x00', 0xe, &(0x7f0000000480)={[{@noinit_itable}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@block_validity}, {@debug}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@stripe={'stripe', 0x3d, 0x4}}, {@abort}]}, 0x3, 0x43b, &(0x7f0000000e00)="$eJzs3MtvG0UYAPBv10lKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWkUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0Xdlzq30/admZ3nJnPs2PP7mQTQM8azv5JIvZFxO8RMVjLri4wXPvv1tLC1N9LC1NJVCpv/ZVUy91cWpgqihav25tnRtKI9LMkjjSpd+7ylfOT5fLMpTw/Nn/h/bG5y1eePXdh8uzM2ZmLE6dOnTwx/sLzE8+1Jc6sTTcPfzR79NBr71x7Y+r0tXd//jYp4m+Io02G1zv4RKXS5uq6a39dOunrYkPYklJEZN3VXx3/g1GKlc4bjFc/7WrjgI6qVCqVva0PL1aAO1gS3W4B0B3FF312/VtsOzT1uC3ceKl2AZTFfSvfakf6Is3L9Ddc37bTcEScXvznq2yLztyHAABY5fts/vNMs/lfGvfXlbs7Xxsaioh7IuJARNwbEQcj4r6IatkHIuLBLdbfuEiydv6TXt9WYJuUzf9ezNe2Vs//itlfDJXy3P5q/P3JmXPlmeP5ezIS/buy/Pg6dfzwym9ftDpWP//Ltqz+Yi6Yt+N6367Vr5menJ/8LzHXu/FJxOG+ZvEnyysBSUQciojD26zj3FPfHG11rEX8uzb1g9uwzlT5OuLJWv8vRkP8hWT99cmxu6I8c3ysOCvW+uXXq2+2qn/j/u+srP/3ND3/l+MfSurXa+e2XsfVPz5veU2z3fN/IHm7mh7I9304OT9/aTxiIHm91uj6/RMrry3yRfks/pFjzcf/gVh5J45ERHYSPxQRD0fEI3nbH42IxyLi2Drx//Ty4+9tP/7OyuKf3lL/ryQGonFP80Tp/I/frap0aCvxZ/1/spoayfds5vNvM+3a3tkMAAAA/z9pROyLJB1dTqfp6Gjt9+UPxp60PDs3//SZ2Q8uTteeERiK/rS40zVYdz90PL+sL/ITDfkT+X3jL0u7q/nRqdnydLeDhx63t8X4z/xZ6nbrgI7zvBb0LuMfepfxD73L+Ife1WT87+5GO4Cd1+z7/+MutAPYeQ3j37If9JANr//9RUe4Yxnd0LuMf+hJc7tj44fkJSTWJCK9LZoh0aFEtz+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2uPfAAAA//8SV+Y8") r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x0) r6 = perf_event_open(&(0x7f0000000200)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000140), 0x3}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r6, 0x4008240b, &(0x7f0000000040)={0x5, 0x80, 0x1, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0xe}, 0x1034, 0x1000, 0x0, 0x0, 0x0, 0x8, 0x1}) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x8003, &(0x7f0000000200)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c756e695f786c6174653d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c6e6f636173652c73686f72746e616d653d6d697865642c726f6469722c73686f72746e616d653d6d697865642c636865636b3d7374726963742c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c726f6469722c757466383d312c616c6c6f775f7574696d653d30303030303030303030303030303030303030373335312c6572726f72733d72656d6f756e742d726f2c736d61636b6673666c6f6f723d756e8b5f786c2174653d312c00"], 0x6, 0x2d2, &(0x7f00000006c0)="$eJzs3T9rJGUYAPBnNjOzqyKbwkoEB7SwOi7X2iTIHYipPFKohUbvBMkG4QIBFVytbG0sLPwEVn4QG/Ej2Ap2nhB4ZWZnNru5uQ3ruYl/fr8mT973eeZ93t1JMiny5r0Xjo/uVZGdpRSjURaD3cjjYRbbMYjOF7Fk9+sAAP7NHqYUv6WZdeqyiBhtri0AYIMu/PwfXFrww5W0BQBs0N233n5jb3//9ptVNYo7x1+dHtS/2dcfZ/N7H8ZHMYn7cTPGcRbRPCgU0Twt1OGdlNI0r2rb8fLx9PSgrjx+98f2+nu/RtT1xU6MY7sZmj9tNPWv79/eqWYW6qd1H0+36+/W69+KcTw3L16qv9VTHwdlvPLSQv83Yhw/fRAfxyTuNU2c13++U1WvpW9+/+ydeDairs+mpwfDJu9c2rrq9wYAAAAAAAAAAAAAAAAAAAAAgP+uG+3ZOcNozu+ph9rzd7bO6k+KqDrby+fzzOqz7kKL5wOllKYpvuvO17lZVVVqE8/r83g+j/x6dg0AAAAAAAAAAAAAAAAAAAD/LCeffHp0OJncf/C3BN1pAHlE/HE34q9eZ3dh5MVYnTxs1zycTAZtuJyTDxdGYqvLySJWtlFvon8qZYtLDJ78NXzqkZ7b4Pv3izUvOLo8p+hf62KQP8G+urvr6DDrfw2H0Y2M2pvk2zLiPKeMS5bo3vXycTkp1rn9yt6p8dp7L59pgumKnMhWNfbqL7N9tSPZxV2UzavaW160QRTR/yUzesz93B88+r0ic1oHAAAAAAAAAAAAAAAAAABsVDb/o9+eyS9Xlg7ScGNtAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCVOpn///958HMRMR8plqbaYNoW90xdDMp4cHLNWwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/4M8AAAD//15+Vqo=") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r8 = open(&(0x7f0000000640)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10b942, 0x0) sendfile(r8, r7, 0x0, 0x80006800) sendmsg$kcm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0001400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) dup3(r2, r1, 0x80000) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000000c0)='sys_enter\x00', r9}, 0x18) epoll_create(0x10000) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.027533531s ago: executing program 0 (id=1110): msgsnd(0x0, &(0x7f00000002c0)={0x1}, 0x8, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="873a03b139f80400", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x8, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10) mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xc) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x20, 0x31, 0xffffffffffffffff, 0x0) 853.941968ms ago: executing program 0 (id=1111): syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x28, 0x0, @fd_index, 0x50000000, 0x20000000, 0x2, 0x0, 0x1, {0x2}}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000)) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000040)) 852.847418ms ago: executing program 0 (id=1112): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="000000effd9512984ccbf7f1aee13cd96f97fcb17a7ce059eb79e8504f2dfbba60c8c5034ad31772d3416de6df055c47470598ff2bc7bd9e815c287439307c90e9b210fec52054655b2bbafc773938eb67e54c165567003fbd55d99110ee00000000000000000000aa30000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) acct(&(0x7f0000000280)='./file0\x00') bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f00000003c0), &(0x7f0000000400)=0x30) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x0) keyctl$read(0xb, 0x0, &(0x7f00000001c0)=""/67, 0x43) bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) socket$isdn_base(0x22, 0x3, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$IPCTNL_MSG_CT_DELETE(r6, &(0x7f0000000880)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000840)={&(0x7f0000000ac0)={0x1d0, 0x2, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_ID={0x8}, @CTA_NAT_SRC={0xc0, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}, @CTA_NAT_PROTO={0x3c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010101}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}]}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, '\x00', 0x34}}]}, @CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x2}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xbc}]}, @CTA_NAT_DST={0x30, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @empty}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @remote}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private2}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x7}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'sip-20000\x00'}}, @CTA_PROTOINFO={0x30, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x2c, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x7}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x8}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x40}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x3}]}}, @CTA_SYNPROXY={0x24, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xf}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1945}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x51}, 0x20000000) close(r5) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d8000000140081044e81f782db44b9040a1d080211000000040000a118000200ff0050010000000108000f0100810401a80016ea1f000840032e5f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e0060000000000000080bb9ad809d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bff", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{0x1}, &(0x7f0000000340), &(0x7f0000000380)=r2}, 0x20) 634.545709ms ago: executing program 0 (id=1113): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000000000008004b64ffed85006d000000a500000005ca29f41d851150285088ef5724f4eb6700000095a607291960f6a134107277a5ed486a82d6f239c2485b56274c44de14a0c4bd4d0907a7505b2d54c0aca268d7dd272e4c2776239800ed12ac50bdc560591e13050683c0601f1a6ff840d1a80ccb32e33bcabd98a642929ebd51f205a30dffb0410000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)={{}, {0x0, 0xea60}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = gettid() r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x74, 0x101301) ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0xf00, 0x0, 0x2, 0x0, 0x0}) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x0, 0x0, 0x327, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='xprtrdma_mrs_zap\x00', r5, 0x0, 0xfffbfffffffff7ff}, 0x18) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x3, 0x0, @void, @value, @void, @value}, 0x50) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "ff00f7000000000000000000af88008300"}) r7 = syz_open_pts(r6, 0x141601) r8 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write(r7, &(0x7f0000000000)="d5", 0xfffffedf) ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000080)={0x0, 0x0, 0xfffffffc, 0x0, 0x0, "682341f2fd71a6a76177920ea7e60c0ac7a4a5"}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0xffff8000}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x0, 0x0, 0x9, 0x0, 0x2}]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16, @ANYBLOB="0100fbdfd09172c182c60400000014000500000000000000000000000000000000010800020005000000140006"], 0x4c}}, 0x0) 558.173076ms ago: executing program 5 (id=1054): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000340)=0x4, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x13) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000000)=0x7, 0x4) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'erspan0\x00'}) sendto$packet(r1, &(0x7f00000002c0)="05030500d3fc030000004788031c", 0xe, 0x0, 0x0, 0x0) 355.871686ms ago: executing program 1 (id=1114): r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) syz_emit_ethernet(0x13b, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x32, 0x4, 0x0, 0x2a, 0x12d, 0x66, 0x0, 0x3, 0x11, 0x0, @empty, @dev={0xac, 0x14, 0x14, 0x20}, {[@lsrr={0x83, 0x13, 0x68, [@rand_addr=0x64010101, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @rr={0x7, 0x13, 0x40, [@dev={0xac, 0x14, 0x14, 0x40}, @rand_addr=0x64010100, @multicast2, @local]}, @ssrr={0x89, 0x7, 0x77, [@loopback]}, @lsrr={0x83, 0x27, 0xe4}, @ssrr={0x89, 0xb, 0x8d, [@broadcast, @local]}, @timestamp_prespec={0x44, 0x14, 0xdb, 0x3, 0x1, [{@empty, 0x4}, {@initdev={0xac, 0x1e, 0x1, 0x0}}]}, @timestamp_addr={0x44, 0x1c, 0xc5, 0x1, 0x3, [{@multicast1, 0xd}, {@local, 0x3ff}, {@local, 0x5457c7af}]}, @generic={0x7, 0x4, "fa6d"}, @cipso={0x86, 0xfffffffffffffc66, 0x3, [{0x5, 0xe, "2b289816984e9a58228e6679"}]}, @timestamp={0x44, 0xc, 0xbe, 0x0, 0x7, [0x2, 0x1]}]}}, {0x4e24, 0x4e24, 0x65, 0x0, @opaque="7f273edea5c149ecc5cddf10a11cb4778904131e920636c433bcb0173b89d8d9fb95572f5ae4a83c6025af3b290fe5d75f5ae522f50eb89c312baee12c66b6a001e47c5d5b6fd8e5cce31388406fc3534a961209dfcd0846ce682ac3c3"}}}}}, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0xb) r1 = socket$kcm(0x10, 0x2, 0x10) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001b40)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x101, @void, @value}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, &(0x7f0000001d00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x41) r3 = socket$phonet(0x23, 0x2, 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001c00000014000180080003000100000008000100", @ANYRES32=r8], 0x28}}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000044700000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r9}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r10}, 0x10) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$phonet(r3, 0x0, 0x0, 0x8000, 0x0, 0x0) r11 = mq_open(&(0x7f0000000180)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05\xce\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7Lo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2.\xb6{\xb5\x85#\x88\xdc\xf0\x0f\x05\xf1\xc4 \xdeV\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8', 0x6e93ebbbcc0884f2, 0x0, 0x0) mq_getsetattr(r11, 0x0, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700c538dd6500009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r12, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000800a00000001801000020207025000000000046d38087190ffa1b212020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000730000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 288.643723ms ago: executing program 5 (id=1115): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r3 = syz_io_uring_setup(0x1188, &(0x7f0000000780)={0x0, 0x0, 0x10100, 0x0, 0x1a4}, &(0x7f0000000100)=0x0, &(0x7f0000000500)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000540)={'syztnl2\x00', &(0x7f0000000800)={'ip6_vti0\x00', 0x0, 0x4, 0x4, 0x8, 0xe, 0x18, @ipv4={'\x00', '\xff\xff', @remote}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7800, 0x9, 0x7}}) io_uring_enter(r3, 0x567, 0x0, 0x1, 0x0, 0x0) 279.806383ms ago: executing program 5 (id=1116): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000000)='kfree\x00'}, 0x18) sendto$inet6(0xffffffffffffffff, &(0x7f0000000840)='1', 0x1, 0x0, 0x0, 0xfffffd74) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x400a004}, 0x4000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000003c0)='vlan0\x00', 0xffffffffffffff2c) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0600000004000000ff0f00000700000000000000", @ANYRES32, @ANYBLOB="e60008000000e564b8326db26eaccdf8d1fe689c6a0000000000000000000031e18e", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file0/file0\x00', 0x0, &(0x7f0000001400)=ANY=[], 0x835, 0x0) execve(&(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) pwritev(r2, &(0x7f0000000b40)=[{&(0x7f0000000940)="182194ec", 0x4}], 0x1, 0x3, 0x8) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100), 0x4) socket(0x2b, 0x80801, 0x1) r3 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8943, &(0x7f0000001980)={'macvtap0\x00', 0x0}) 182.420343ms ago: executing program 5 (id=1117): perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x100100, &(0x7f0000003100), 0x0, 0x0, 0x0, 0x0) ioprio_set$pid(0x2, 0x0, 0x6000) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="05000000000500008c1f69f8db74ae3694ebc7a944b24e56c767e399f7a9aa8be5ad1e39f953f0b62f60b103bf898ea041e65aa3852e8ebfc83bd8fafa80411f6adf099be7815e8332e5117715b7add196e992ba0cd8ab4c3759828211b875e8eeb9e798336e69e5d3ecd758db8e654e532bf1f4c700c508817e941e7986e7f7bffe8bc956f7480b2b7800000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) ioctl$sock_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={0x0, @ethernet={0x306, @random="faccc1c39c4a"}, @nfc={0x27, 0x0, 0x1, 0x3}, @isdn={0x22, 0xe4, 0x4, 0x8, 0xff}, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x9, 0x7}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{}, &(0x7f0000000580), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mq_open(&(0x7f0000000640)='\x00', 0x40, 0xa, &(0x7f0000000680)={0x2, 0x8, 0x1, 0x1}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000240)={'#! ', './file0', [{0x20, 'y\r\x8dQ\x88\xdaR0\xbb\x18H\xfd\xae\xa0\xf62G\x1b\xf4\xdd\xd7\xa1\xe9E\xe3\xe1\xa9\xef\x8c.N\x10Q\x84\xfe\x00\x00\x00\x00\x00\x00}\xe2\xfe\xb5\xc8\xbe+s4k\xef\xbd{\x8fRG\xb4\xb7Al\x0e\x9c\xe2!3\xff\x95\xf0D\xdc\x83\xab\xc5\xaf\xd4\xee\x93\xe9\xbaA\xc9K\xc1\x9f\xd5\x80k3\x87\xda>\"g1\x16x\xfe\xf7'}]}, 0x6f) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000208000300"/18, @ANYRES32=r8, @ANYBLOB="05002f00000000000500300000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x48008}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@gettclass={0x24, 0x2a, 0x200, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xf, 0x5}, {0xffe0, 0x15}, {0x3, 0xffff}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x90}, 0xc004) 0s ago: executing program 5 (id=1118): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b40)={&(0x7f0000000000)='kfree\x00', r1}, 0x18) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000100001000000000000000000000a000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021501700001e0a05010000000000000000070000000900020073797a31000000000900010073797a300000000024170380300000802c000180250001"], 0x17d4}}, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000000c0)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x31) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1200, 0x41001, 0x3) unshare(0x68040200) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x4d000000, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private, 'veth1_macvtap\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) write$tun(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="000000f5"], 0xfdef) sendmmsg$inet6(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="8252", 0x2}], 0x1}}], 0x1, 0x4000c000) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WIPHY(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)={0x30, r9, 0x301, 0x0, 0x0, {{}, {@val={0x8, 0x7}, @val={0x8}, @val={0xc}}}}, 0x30}}, 0x0) kernel console output (not intermixed with test programs): 1844][ T4427] loop1: detected capacity change from 0 to 512 [ 45.103009][ T4427] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 45.117349][ T4427] EXT4-fs (loop1): 1 truncate cleaned up [ 45.124113][ T4427] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.141815][ T4427] cgroup: Unknown subsys name 'mask' [ 45.179650][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.327409][ T4438] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'. [ 45.387887][ T4447] netlink: 12 bytes leftover after parsing attributes in process `syz.0.410'. [ 45.446228][ T4452] loop4: detected capacity change from 0 to 512 [ 45.485691][ T4452] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 45.507414][ T4452] EXT4-fs (loop4): 1 truncate cleaned up [ 45.516081][ T4452] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.536653][ T4452] cgroup: Unknown subsys name 'mask' [ 45.589790][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.834815][ T4499] loop2: detected capacity change from 0 to 512 [ 45.848353][ T4499] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 45.866067][ T4499] EXT4-fs (loop2): 1 truncate cleaned up [ 45.872566][ T4499] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 45.890619][ T4499] cgroup: Unknown subsys name 'mask' [ 45.946074][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.184904][ T4514] syzkaller0: entered promiscuous mode [ 46.190497][ T4514] syzkaller0: entered allmulticast mode [ 46.209436][ T4514] loop2: detected capacity change from 0 to 1024 [ 46.217593][ T4514] EXT4-fs: Ignoring removed nomblk_io_submit option [ 46.232771][ T4514] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 46.262698][ T4514] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.385725][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.499298][ T4531] lo speed is unknown, defaulting to 1000 [ 46.509260][ T4531] lo speed is unknown, defaulting to 1000 [ 46.527496][ T4533] loop2: detected capacity change from 0 to 512 [ 46.528617][ T4534] loop0: detected capacity change from 0 to 512 [ 46.534211][ T4531] lo speed is unknown, defaulting to 1000 [ 46.557326][ T4536] process 'syz.3.448' launched './file0' with NULL argv: empty string added [ 46.568708][ T4531] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 46.578594][ T4531] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 46.590157][ T4533] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 46.601571][ T4534] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 46.624881][ T4531] lo speed is unknown, defaulting to 1000 [ 46.631408][ T4531] lo speed is unknown, defaulting to 1000 [ 46.637659][ T4531] lo speed is unknown, defaulting to 1000 [ 46.641572][ T4534] ext4 filesystem being mounted at /73/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 46.643949][ T4531] lo speed is unknown, defaulting to 1000 [ 46.660106][ T4531] lo speed is unknown, defaulting to 1000 [ 46.710590][ T4533] EXT4-fs (loop2): 1 truncate cleaned up [ 46.716725][ T4533] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 46.746892][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.805103][ T4533] cgroup: Unknown subsys name 'mask' [ 46.862846][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 46.876965][ T4548] syzkaller0: entered promiscuous mode [ 46.882536][ T4548] syzkaller0: entered allmulticast mode [ 46.901663][ T4548] loop3: detected capacity change from 0 to 1024 [ 46.917656][ T4548] EXT4-fs: Ignoring removed nomblk_io_submit option [ 46.925624][ T4548] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 46.979214][ T4548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.061240][ T4565] loop2: detected capacity change from 0 to 512 [ 47.095531][ T4565] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.111342][ T4565] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 47.133101][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.142849][ T4565] FAULT_INJECTION: forcing a failure. [ 47.142849][ T4565] name failslab, interval 1, probability 0, space 0, times 0 [ 47.155546][ T4565] CPU: 1 UID: 0 PID: 4565 Comm: syz.2.458 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 47.166221][ T4565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 47.176310][ T4565] Call Trace: [ 47.179597][ T4565] [ 47.182540][ T4565] dump_stack_lvl+0xf2/0x150 [ 47.187165][ T4565] dump_stack+0x15/0x20 [ 47.191425][ T4565] should_fail_ex+0x223/0x230 [ 47.196150][ T4565] ? find_tree_dqentry+0x3b/0x890 [ 47.201243][ T4565] should_failslab+0x8f/0xb0 [ 47.205853][ T4565] __kmalloc_noprof+0xa5/0x370 [ 47.210759][ T4565] find_tree_dqentry+0x3b/0x890 [ 47.215696][ T4565] ? from_kuid+0xf0/0x340 [ 47.220169][ T4565] ? ext4_quota_read+0x19b/0x1c0 [ 47.225182][ T4565] find_tree_dqentry+0x4c6/0x890 [ 47.230291][ T4565] qtree_read_dquot+0x353/0x4b0 [ 47.235164][ T4565] v2_read_dquot+0x96/0xd0 [ 47.239644][ T4565] dquot_acquire+0xc3/0x2b0 [ 47.244166][ T4565] ? __ext4_journal_start_sb+0x130/0x340 [ 47.249887][ T4565] ext4_acquire_dquot+0x170/0x210 [ 47.254976][ T4565] dqget+0x522/0x8b0 [ 47.258966][ T4565] __dquot_initialize+0x194/0x760 [ 47.264067][ T4565] dquot_initialize+0x1a/0x20 [ 47.268832][ T4565] ext4_symlink+0x117/0x5a0 [ 47.273352][ T4565] vfs_symlink+0xca/0x1d0 [ 47.277735][ T4565] do_symlinkat+0xe3/0x350 [ 47.282175][ T4565] __x64_sys_symlink+0x50/0x60 [ 47.286963][ T4565] x64_sys_call+0x2819/0x2d60 [ 47.291655][ T4565] do_syscall_64+0xc9/0x1c0 [ 47.296195][ T4565] ? clear_bhb_loop+0x55/0xb0 [ 47.300881][ T4565] ? clear_bhb_loop+0x55/0xb0 [ 47.305574][ T4565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 47.311526][ T4565] RIP: 0033:0x7f443770e719 [ 47.315965][ T4565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 47.335638][ T4565] RSP: 002b:00007f4436381038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 47.344062][ T4565] RAX: ffffffffffffffda RBX: 00007f44378c5f80 RCX: 00007f443770e719 [ 47.352161][ T4565] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000020000140 [ 47.360181][ T4565] RBP: 00007f4436381090 R08: 0000000000000000 R09: 0000000000000000 [ 47.368162][ T4565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 47.376254][ T4565] R13: 0000000000000000 R14: 00007f44378c5f80 R15: 00007ffdffd99818 [ 47.384294][ T4565] [ 47.387601][ T4565] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.458: Failed to acquire dquot type 0 [ 47.421898][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.425674][ T4574] tap0: tun_chr_ioctl cmd 2147767519 [ 47.500966][ T4579] loop2: detected capacity change from 0 to 512 [ 47.514602][ T4579] ======================================================= [ 47.514602][ T4579] WARNING: The mand mount option has been deprecated and [ 47.514602][ T4579] and is ignored by this kernel. Remove the mand [ 47.514602][ T4579] option from the mount to silence this warning. [ 47.514602][ T4579] ======================================================= [ 47.557656][ T4579] EXT4-fs error (device loop2): ext4_get_branch:178: inode #11: block 4294967295: comm syz.2.461: invalid block [ 47.557847][ T4579] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.461: invalid indirect mapped block 4294967295 (level 1) [ 47.558041][ T4579] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.461: invalid indirect mapped block 4294967295 (level 1) [ 47.558312][ T4579] EXT4-fs (loop2): 2 truncates cleaned up [ 47.573157][ T4579] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 47.622925][ T4586] loop1: detected capacity change from 0 to 512 [ 47.635250][ T4586] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 47.649141][ T4586] EXT4-fs (loop1): 1 truncate cleaned up [ 47.649494][ T4586] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 47.680567][ T4586] cgroup: subsys name conflicts with all [ 47.730244][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.741352][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 47.944813][ T4602] syzkaller0: entered promiscuous mode [ 47.944838][ T4602] syzkaller0: entered allmulticast mode [ 47.967347][ T4602] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=28181 sclass=netlink_xfrm_socket pid=4602 comm=syz.2.466 [ 48.004476][ T4618] loop3: detected capacity change from 0 to 512 [ 48.043443][ T4618] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.102668][ T4618] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.201491][ T29] kauditd_printk_skb: 174 callbacks suppressed [ 48.201510][ T29] audit: type=1400 audit(1730603208.684:568): avc: denied { read } for pid=4612 comm="syz.4.475" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 48.209377][ T4638] FAULT_INJECTION: forcing a failure. [ 48.209377][ T4638] name failslab, interval 1, probability 0, space 0, times 0 [ 48.234310][ T4613] program syz.4.475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 48.243695][ T4638] CPU: 1 UID: 0 PID: 4638 Comm: syz.1.484 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 48.243780][ T4638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 48.243795][ T4638] Call Trace: [ 48.243803][ T4638] [ 48.243814][ T4638] dump_stack_lvl+0xf2/0x150 [ 48.253279][ T29] audit: type=1400 audit(1730603208.714:569): avc: denied { open } for pid=4612 comm="syz.4.475" path="/dev/sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 48.263520][ T4638] dump_stack+0x15/0x20 [ 48.263551][ T4638] should_fail_ex+0x223/0x230 [ 48.317048][ T4638] ? copy_splice_read+0xc7/0x5d0 [ 48.322063][ T4638] should_failslab+0x8f/0xb0 [ 48.326684][ T4638] __kmalloc_noprof+0xa5/0x370 [ 48.331574][ T4638] copy_splice_read+0xc7/0x5d0 [ 48.336365][ T4638] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 48.342328][ T4638] splice_direct_to_actor+0x28b/0x670 [ 48.347722][ T4638] ? __pfx_direct_splice_actor+0x10/0x10 [ 48.353463][ T4638] do_splice_direct+0xd7/0x150 [ 48.358284][ T4638] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 48.364233][ T4638] do_sendfile+0x39b/0x970 [ 48.368673][ T4638] __x64_sys_sendfile64+0x110/0x150 [ 48.373922][ T4638] x64_sys_call+0xed5/0x2d60 [ 48.378530][ T4638] do_syscall_64+0xc9/0x1c0 [ 48.383132][ T4638] ? clear_bhb_loop+0x55/0xb0 [ 48.387828][ T4638] ? clear_bhb_loop+0x55/0xb0 [ 48.392519][ T4638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 48.398462][ T4638] RIP: 0033:0x7fcb274ae719 [ 48.402972][ T4638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 48.422611][ T4638] RSP: 002b:00007fcb26121038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 48.431154][ T4638] RAX: ffffffffffffffda RBX: 00007fcb27665f80 RCX: 00007fcb274ae719 [ 48.439201][ T4638] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 48.447267][ T4638] RBP: 00007fcb26121090 R08: 0000000000000000 R09: 0000000000000000 [ 48.455244][ T4638] R10: 0000000100000008 R11: 0000000000000246 R12: 0000000000000002 [ 48.463231][ T4638] R13: 0000000000000000 R14: 00007fcb27665f80 R15: 00007ffe00510408 [ 48.471239][ T4638] [ 48.509469][ T4610] syz.3.474 (4610) used greatest stack depth: 10400 bytes left [ 48.527269][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 48.571638][ T29] audit: type=1400 audit(1730603209.054:570): avc: denied { connect } for pid=4654 comm="syz.3.489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 48.584566][ T4655] loop3: detected capacity change from 0 to 1764 [ 48.591383][ T29] audit: type=1400 audit(1730603209.054:571): avc: denied { name_connect } for pid=4654 comm="syz.3.489" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1 [ 48.618514][ T29] audit: type=1400 audit(1730603209.054:572): avc: denied { listen } for pid=4654 comm="syz.3.489" lport=54606 faddr=::ffff:10.1.1.0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 48.640943][ T29] audit: type=1400 audit(1730603209.054:573): avc: denied { accept } for pid=4654 comm="syz.3.489" lport=54606 faddr=::ffff:10.1.1.0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 48.663507][ T29] audit: type=1400 audit(1730603209.054:574): avc: denied { setopt } for pid=4654 comm="syz.3.489" lport=54606 faddr=::ffff:10.1.1.0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1 [ 48.674974][ T4655] iso9660: Bad value for 'block' [ 48.724404][ T4665] siw: device registration error -23 [ 48.751830][ T4670] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 48.783557][ T29] audit: type=1400 audit(1730603209.264:575): avc: denied { name_bind } for pid=4673 comm="syz.2.499" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 48.879676][ T4686] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4686 comm=syz.2.503 [ 48.986598][ T4676] loop1: detected capacity change from 0 to 512 [ 48.997809][ T4676] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 49.011541][ T4676] EXT4-fs (loop1): orphan cleanup on readonly fs [ 49.018938][ T4676] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.500: bg 0: block 248: padding at end of block bitmap is not set [ 49.034284][ T4676] Quota error (device loop1): write_blk: dquota write failed [ 49.041953][ T4676] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 49.051920][ T4676] EXT4-fs error (device loop1): ext4_acquire_dquot:6879: comm syz.1.500: Failed to acquire dquot type 1 [ 49.063747][ T4676] EXT4-fs (loop1): 1 truncate cleaned up [ 49.071501][ T4676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 49.097275][ T4704] __nla_validate_parse: 10 callbacks suppressed [ 49.097293][ T4704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.509'. [ 49.137770][ T4708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.512'. [ 49.244928][ T4717] loop0: detected capacity change from 0 to 512 [ 49.262551][ T4717] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 49.275260][ T4717] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 49.347734][ T4717] syz.0.514 (4717) used greatest stack depth: 10368 bytes left [ 49.361958][ T4725] xt_addrtype: ipv6 does not support BROADCAST matching [ 49.370496][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.597128][ T4676] syz.1.500 (4676) used greatest stack depth: 9344 bytes left [ 49.627864][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 49.744354][ T4742] netlink: 12 bytes leftover after parsing attributes in process `syz.1.522'. [ 49.769892][ T4740] netlink: 12 bytes leftover after parsing attributes in process `syz.2.524'. [ 49.805484][ T4745] loop4: detected capacity change from 0 to 512 [ 49.831958][ T4745] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 49.868838][ T4745] EXT4-fs (loop4): 1 truncate cleaned up [ 49.889880][ T4745] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 49.961580][ T4745] cgroup: subsys name conflicts with all [ 49.977424][ T4755] loop2: detected capacity change from 0 to 1024 [ 49.992347][ T4755] EXT4-fs: Ignoring removed oldalloc option [ 50.010795][ T4755] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 50.013713][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.041160][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 50.112050][ T4765] netlink: 12 bytes leftover after parsing attributes in process `syz.2.531'. [ 50.184242][ T4770] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=4770 comm=syz.2.534 [ 50.229661][ T4772] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 50.334878][ T4779] netlink: 12 bytes leftover after parsing attributes in process `syz.4.536'. [ 50.460357][ T4793] loop4: detected capacity change from 0 to 512 [ 50.488614][ T4793] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 50.523884][ T4793] EXT4-fs (loop4): 1 truncate cleaned up [ 50.534494][ T4793] cgroup: subsys name conflicts with all [ 50.575070][ T4805] FAULT_INJECTION: forcing a failure. [ 50.575070][ T4805] name failslab, interval 1, probability 0, space 0, times 0 [ 50.587879][ T4805] CPU: 1 UID: 0 PID: 4805 Comm: syz.0.542 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 50.594948][ T4809] netlink: 20 bytes leftover after parsing attributes in process `syz.4.544'. [ 50.598484][ T4805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 50.617428][ T4805] Call Trace: [ 50.620850][ T4805] [ 50.623830][ T4805] dump_stack_lvl+0xf2/0x150 [ 50.628464][ T4805] dump_stack+0x15/0x20 [ 50.632675][ T4805] should_fail_ex+0x223/0x230 [ 50.637510][ T4805] ? sidtab_sid2str_get+0xb8/0x140 [ 50.637543][ T4805] should_failslab+0x8f/0xb0 [ 50.637572][ T4805] __kmalloc_node_track_caller_noprof+0xa6/0x380 [ 50.637611][ T4805] kmemdup_noprof+0x2a/0x60 [ 50.637713][ T4805] sidtab_sid2str_get+0xb8/0x140 [ 50.637740][ T4805] security_sid_to_context_core+0x1eb/0x2f0 [ 50.669187][ T4805] security_sid_to_context+0x27/0x30 [ 50.674527][ T4805] avc_audit_post_callback+0x9d/0x530 [ 50.674566][ T4805] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 50.674601][ T4805] common_lsm_audit+0x7cc/0xfc0 [ 50.674649][ T4805] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 50.674768][ T4805] ? avc_denied+0xf1/0x110 [ 50.674797][ T4805] slow_avc_audit+0xf9/0x140 [ 50.674831][ T4805] avc_has_perm+0x129/0x160 [ 50.674866][ T4805] selinux_netlink_send+0x367/0x4b0 [ 50.675056][ T4805] security_netlink_send+0x3d/0x80 [ 50.675090][ T4805] netlink_sendmsg+0x48c/0x6e0 [ 50.675115][ T4805] ? __pfx_netlink_sendmsg+0x10/0x10 [ 50.675183][ T4805] __sock_sendmsg+0x140/0x180 [ 50.675216][ T4805] ____sys_sendmsg+0x312/0x410 [ 50.675242][ T4805] __sys_sendmsg+0x1d9/0x270 [ 50.675273][ T4805] __x64_sys_sendmsg+0x46/0x50 [ 50.675292][ T4805] x64_sys_call+0x2689/0x2d60 [ 50.675428][ T4805] do_syscall_64+0xc9/0x1c0 [ 50.675452][ T4805] ? clear_bhb_loop+0x55/0xb0 [ 50.675472][ T4805] ? clear_bhb_loop+0x55/0xb0 [ 50.675497][ T4805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 50.675610][ T4805] RIP: 0033:0x7fdd2e52e719 [ 50.675626][ T4805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 50.675649][ T4805] RSP: 002b:00007fdd2d1a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 50.675681][ T4805] RAX: ffffffffffffffda RBX: 00007fdd2e6e5f80 RCX: 00007fdd2e52e719 [ 50.675698][ T4805] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 000000000000000b [ 50.675715][ T4805] RBP: 00007fdd2d1a1090 R08: 0000000000000000 R09: 0000000000000000 [ 50.675729][ T4805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 50.675744][ T4805] R13: 0000000000000000 R14: 00007fdd2e6e5f80 R15: 00007ffc0def17e8 [ 50.675763][ T4805] [ 50.695415][ T4805] netlink: 104 bytes leftover after parsing attributes in process `syz.0.542'. [ 50.772581][ T4827] netlink: 12 bytes leftover after parsing attributes in process `syz.1.550'. [ 51.013676][ T4830] loop3: detected capacity change from 0 to 512 [ 51.058457][ T4847] loop0: detected capacity change from 0 to 512 [ 51.081043][ T4852] loop2: detected capacity change from 0 to 256 [ 51.095430][ T4852] FAT-fs (loop2): Directory bread(block 64) failed [ 51.105334][ T4852] FAT-fs (loop2): Directory bread(block 65) failed [ 51.112054][ T4847] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 51.119316][ T4852] FAT-fs (loop2): Directory bread(block 66) failed [ 51.129415][ T4830] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 51.143705][ T4830] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 51.157414][ T4852] FAT-fs (loop2): Directory bread(block 67) failed [ 51.165731][ T4852] FAT-fs (loop2): Directory bread(block 68) failed [ 51.172526][ T4830] EXT4-fs (loop3): 1 truncate cleaned up [ 51.179875][ T4852] FAT-fs (loop2): Directory bread(block 69) failed [ 51.186812][ T4852] FAT-fs (loop2): Directory bread(block 70) failed [ 51.193745][ T4847] EXT4-fs (loop0): 1 truncate cleaned up [ 51.203707][ T4847] cgroup: subsys name conflicts with all [ 51.219819][ T4852] FAT-fs (loop2): Directory bread(block 71) failed [ 51.226399][ T4852] FAT-fs (loop2): Directory bread(block 72) failed [ 51.233153][ T4852] FAT-fs (loop2): Directory bread(block 73) failed [ 51.328876][ T4865] netlink: 28 bytes leftover after parsing attributes in process `syz.0.559'. [ 51.376725][ T11] kworker/u8:0: attempt to access beyond end of device [ 51.376725][ T11] loop2: rw=1, sector=1224, nr_sectors = 32 limit=256 [ 51.390542][ T11] kworker/u8:0: attempt to access beyond end of device [ 51.390542][ T11] loop2: rw=1, sector=1288, nr_sectors = 96 limit=256 [ 51.500344][ T4885] loop0: detected capacity change from 0 to 512 [ 51.506808][ T4885] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 51.527754][ T4885] EXT4-fs (loop0): 1 truncate cleaned up [ 51.540979][ T4885] cgroup: subsys name conflicts with all [ 51.613678][ T4893] syz.3.571[4893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.613797][ T4893] syz.3.571[4893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.625777][ T4893] syz.3.571[4893] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.641087][ T4893] xt_addrtype: ipv6 does not support BROADCAST matching [ 51.738699][ T4900] siw: device registration error -23 [ 51.798887][ T4898] syzkaller0: entered promiscuous mode [ 51.804438][ T4898] syzkaller0: entered allmulticast mode [ 51.819124][ T4898] loop2: detected capacity change from 0 to 1024 [ 51.826016][ T4898] EXT4-fs: Ignoring removed nomblk_io_submit option [ 51.833793][ T4898] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 51.887180][ T4916] loop0: detected capacity change from 0 to 512 [ 51.908456][ T4916] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 51.927274][ T4916] EXT4-fs (loop0): 1 truncate cleaned up [ 51.941701][ T4921] loop4: detected capacity change from 0 to 2048 [ 52.004419][ T4916] cgroup: subsys name conflicts with all [ 52.042621][ T4937] loop2: detected capacity change from 0 to 512 [ 52.063995][ T4941] loop1: detected capacity change from 0 to 512 [ 52.081717][ T4942] siw: device registration error -23 [ 52.108358][ T4937] ext4 filesystem being mounted at /108/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.121693][ T4941] ext4 filesystem being mounted at /123/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.243237][ T4957] loop0: detected capacity change from 0 to 512 [ 52.252851][ T4952] lo speed is unknown, defaulting to 1000 [ 52.272937][ T4960] loop2: detected capacity change from 0 to 512 [ 52.305453][ T4957] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.317988][ T4960] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 52.365162][ T4960] FAULT_INJECTION: forcing a failure. [ 52.365162][ T4960] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 52.378438][ T4960] CPU: 1 UID: 0 PID: 4960 Comm: syz.2.594 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 52.389085][ T4960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 52.399312][ T4960] Call Trace: [ 52.402601][ T4960] [ 52.405724][ T4960] dump_stack_lvl+0xf2/0x150 [ 52.410425][ T4960] dump_stack+0x15/0x20 [ 52.414617][ T4960] should_fail_ex+0x223/0x230 [ 52.419332][ T4960] should_fail+0xb/0x10 [ 52.423580][ T4960] should_fail_usercopy+0x1a/0x20 [ 52.428635][ T4960] strncpy_from_user+0x25/0x210 [ 52.433574][ T4960] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 52.439316][ T4960] getname_flags+0xb0/0x3b0 [ 52.443866][ T4960] user_path_at+0x26/0x110 [ 52.448312][ T4960] __x64_sys_llistxattr+0x73/0x130 [ 52.453460][ T4960] x64_sys_call+0x257b/0x2d60 [ 52.458211][ T4960] do_syscall_64+0xc9/0x1c0 [ 52.462750][ T4960] ? clear_bhb_loop+0x55/0xb0 [ 52.467460][ T4960] ? clear_bhb_loop+0x55/0xb0 [ 52.472179][ T4960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 52.478150][ T4960] RIP: 0033:0x7f443770e719 [ 52.482585][ T4960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.502226][ T4960] RSP: 002b:00007f4436381038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c3 [ 52.510721][ T4960] RAX: ffffffffffffffda RBX: 00007f44378c5f80 RCX: 00007f443770e719 [ 52.518717][ T4960] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280 [ 52.526782][ T4960] RBP: 00007f4436381090 R08: 0000000000000000 R09: 0000000000000000 [ 52.534782][ T4960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 52.542785][ T4960] R13: 0000000000000000 R14: 00007f44378c5f80 R15: 00007ffdffd99818 [ 52.550888][ T4960] [ 52.577007][ T4972] loop1: detected capacity change from 0 to 2048 [ 52.694703][ T4981] loop0: detected capacity change from 0 to 512 [ 52.703723][ T4981] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 52.742081][ T4981] EXT4-fs (loop0): 1 truncate cleaned up [ 52.766980][ T4984] syzkaller0: entered promiscuous mode [ 52.768754][ T4981] cgroup: subsys name conflicts with all [ 52.772635][ T4984] syzkaller0: entered allmulticast mode [ 52.823248][ T4984] loop1: detected capacity change from 0 to 1024 [ 52.830181][ T4984] EXT4-fs: Ignoring removed nomblk_io_submit option [ 52.837423][ T4984] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 52.884134][ T5000] FAULT_INJECTION: forcing a failure. [ 52.884134][ T5000] name failslab, interval 1, probability 0, space 0, times 0 [ 52.890339][ T4994] siw: device registration error -23 [ 52.896923][ T5000] CPU: 1 UID: 0 PID: 5000 Comm: syz.0.605 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 52.912778][ T5000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 52.922881][ T5000] Call Trace: [ 52.926199][ T5000] [ 52.929232][ T5000] dump_stack_lvl+0xf2/0x150 [ 52.933856][ T5000] dump_stack+0x15/0x20 [ 52.938034][ T5000] should_fail_ex+0x223/0x230 [ 52.942856][ T5000] ? __alloc_skb+0x10b/0x310 [ 52.947678][ T5000] should_failslab+0x8f/0xb0 [ 52.952295][ T5000] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 52.958298][ T5000] __alloc_skb+0x10b/0x310 [ 52.962864][ T5000] audit_log_start+0x368/0x6b0 [ 52.967661][ T5000] audit_seccomp+0x4b/0x130 [ 52.972217][ T5000] __seccomp_filter+0x6fa/0x1180 [ 52.977176][ T5000] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 52.982901][ T5000] ? vfs_write+0x596/0x920 [ 52.987432][ T5000] ? __pfx_kfree_link+0x10/0x10 [ 52.992301][ T5000] ? __rcu_read_unlock+0x4e/0x70 [ 52.997285][ T5000] ? __fget_files+0x1d4/0x210 [ 53.001989][ T5000] __secure_computing+0x9f/0x1c0 [ 53.006962][ T5000] syscall_trace_enter+0xd1/0x1f0 [ 53.012079][ T5000] ? fpregs_assert_state_consistent+0x83/0xa0 [ 53.018179][ T5000] do_syscall_64+0xaa/0x1c0 [ 53.022690][ T5000] ? clear_bhb_loop+0x55/0xb0 [ 53.027372][ T5000] ? clear_bhb_loop+0x55/0xb0 [ 53.032058][ T5000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 53.038004][ T5000] RIP: 0033:0x7fdd2e52e719 [ 53.042423][ T5000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 53.062129][ T5000] RSP: 002b:00007fdd2d1a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 53.070552][ T5000] RAX: ffffffffffffffda RBX: 00007fdd2e6e5f80 RCX: 00007fdd2e52e719 [ 53.078574][ T5000] RDX: 0000000020000240 RSI: 000000000000000d RDI: 0000000000000000 [ 53.086603][ T5000] RBP: 00007fdd2d1a1090 R08: 0000000000000000 R09: 0000000000000000 [ 53.094593][ T5000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 53.102636][ T5000] R13: 0000000000000000 R14: 00007fdd2e6e5f80 R15: 00007ffc0def17e8 [ 53.110625][ T5000] [ 53.164121][ T5006] loop2: detected capacity change from 0 to 512 [ 53.170956][ T5006] ext4: Unknown parameter 'obj_type' [ 53.210725][ T5011] syz.1.609[5011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.210794][ T5011] syz.1.609[5011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.253401][ T5011] syz.1.609[5011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.271361][ T29] kauditd_printk_skb: 151 callbacks suppressed [ 53.271376][ T29] audit: type=1400 audit(1730603213.754:725): avc: denied { create } for pid=5010 comm="syz.1.609" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 53.310905][ T29] audit: type=1326 audit(1730603213.784:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5008 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 53.354838][ T29] audit: type=1326 audit(1730603213.804:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5003 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdd2e4ca099 code=0x7ffc0000 [ 53.378161][ T29] audit: type=1326 audit(1730603213.804:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5003 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 53.383421][ T5026] loop4: detected capacity change from 0 to 512 [ 53.401634][ T29] audit: type=1326 audit(1730603213.804:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5003 comm="syz.0.607" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 53.417499][ T5026] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 53.463748][ T5026] EXT4-fs (loop4): 1 truncate cleaned up [ 53.475239][ T5026] cgroup: subsys name conflicts with all [ 53.525087][ T5040] loop1: detected capacity change from 0 to 512 [ 53.528669][ T5039] syzkaller0: entered promiscuous mode [ 53.536929][ T5039] syzkaller0: entered allmulticast mode [ 53.552282][ T29] audit: type=1326 audit(1730603214.034:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5033 comm="syz.2.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443770e719 code=0x7ffc0000 [ 53.576463][ T5039] loop4: detected capacity change from 0 to 1024 [ 53.585241][ T5039] EXT4-fs: Ignoring removed nomblk_io_submit option [ 53.596330][ T5040] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.612674][ T5042] loop0: detected capacity change from 0 to 512 [ 53.620462][ T5039] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 53.631166][ T29] audit: type=1326 audit(1730603214.034:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5033 comm="syz.2.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443770e719 code=0x7ffc0000 [ 53.654476][ T29] audit: type=1326 audit(1730603214.034:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5033 comm="syz.2.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f443770e719 code=0x7ffc0000 [ 53.677834][ T29] audit: type=1326 audit(1730603214.034:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5033 comm="syz.2.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f443770e719 code=0x7ffc0000 [ 53.701228][ T29] audit: type=1326 audit(1730603214.044:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5033 comm="syz.2.618" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f443770e719 code=0x7ffc0000 [ 53.748027][ T5042] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.913817][ T5064] loop1: detected capacity change from 0 to 512 [ 54.018722][ T5074] loop1: detected capacity change from 0 to 512 [ 54.029742][ T5074] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 54.048845][ T5074] EXT4-fs (loop1): 1 truncate cleaned up [ 54.061093][ T5074] cgroup: subsys name conflicts with all [ 54.274411][ T5088] __nla_validate_parse: 4 callbacks suppressed [ 54.274432][ T5088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.633'. [ 54.400886][ T5101] netlink: 12 bytes leftover after parsing attributes in process `syz.4.638'. [ 54.452914][ T5102] loop1: detected capacity change from 0 to 512 [ 54.482347][ T5102] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 54.496245][ T5104] siw: device registration error -23 [ 54.586383][ T5110] netlink: 12 bytes leftover after parsing attributes in process `syz.4.641'. [ 54.658605][ T5114] netlink: 12 bytes leftover after parsing attributes in process `syz.4.644'. [ 54.750170][ T5120] FAULT_INJECTION: forcing a failure. [ 54.750170][ T5120] name failslab, interval 1, probability 0, space 0, times 0 [ 54.762882][ T5120] CPU: 1 UID: 0 PID: 5120 Comm: syz.0.647 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 54.773508][ T5120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 54.783662][ T5120] Call Trace: [ 54.786963][ T5120] [ 54.789916][ T5120] dump_stack_lvl+0xf2/0x150 [ 54.794526][ T5120] dump_stack+0x15/0x20 [ 54.798754][ T5120] should_fail_ex+0x223/0x230 [ 54.803577][ T5120] ? __alloc_skb+0x10b/0x310 [ 54.808191][ T5120] should_failslab+0x8f/0xb0 [ 54.812949][ T5120] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 54.818805][ T5120] __alloc_skb+0x10b/0x310 [ 54.823310][ T5120] audit_log_start+0x368/0x6b0 [ 54.828179][ T5120] audit_seccomp+0x4b/0x130 [ 54.832691][ T5120] __seccomp_filter+0x6fa/0x1180 [ 54.837719][ T5120] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 54.843371][ T5120] ? vfs_write+0x596/0x920 [ 54.847826][ T5120] ? __rcu_read_unlock+0x4e/0x70 [ 54.852829][ T5120] ? __fget_files+0x1d4/0x210 [ 54.857622][ T5120] __secure_computing+0x9f/0x1c0 [ 54.862668][ T5120] syscall_trace_enter+0xd1/0x1f0 [ 54.867732][ T5120] ? fpregs_assert_state_consistent+0x83/0xa0 [ 54.873860][ T5120] do_syscall_64+0xaa/0x1c0 [ 54.878434][ T5120] ? clear_bhb_loop+0x55/0xb0 [ 54.883129][ T5120] ? clear_bhb_loop+0x55/0xb0 [ 54.887842][ T5120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 54.893947][ T5120] RIP: 0033:0x7fdd2e52e719 [ 54.898368][ T5120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.918035][ T5120] RSP: 002b:00007fdd2d1a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 54.926467][ T5120] RAX: ffffffffffffffda RBX: 00007fdd2e6e5f80 RCX: 00007fdd2e52e719 [ 54.934463][ T5120] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000000000000000 [ 54.942488][ T5120] RBP: 00007fdd2d1a1090 R08: 0000000000000000 R09: 0000000000000000 [ 54.950507][ T5120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 54.958484][ T5120] R13: 0000000000000000 R14: 00007fdd2e6e5f80 R15: 00007ffc0def17e8 [ 54.966486][ T5120] [ 55.036969][ T5133] netlink: 36 bytes leftover after parsing attributes in process `syz.3.652'. [ 55.045975][ T5133] netlink: 16 bytes leftover after parsing attributes in process `syz.3.652'. [ 55.054927][ T5133] netlink: 36 bytes leftover after parsing attributes in process `syz.3.652'. [ 55.060193][ T5137] netlink: 12 bytes leftover after parsing attributes in process `syz.0.654'. [ 55.073221][ T5133] netlink: 36 bytes leftover after parsing attributes in process `syz.3.652'. [ 55.098275][ T5142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.656'. [ 55.099491][ T5141] loop4: detected capacity change from 0 to 512 [ 55.151996][ T5141] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 55.160000][ T5147] loop2: detected capacity change from 0 to 164 [ 55.185222][ T5147] syz.2.659: attempt to access beyond end of device [ 55.185222][ T5147] loop2: rw=524288, sector=263328, nr_sectors = 4 limit=164 [ 55.207877][ T5153] wireguard0: entered promiscuous mode [ 55.210339][ T5147] syz.2.659: attempt to access beyond end of device [ 55.210339][ T5147] loop2: rw=0, sector=263328, nr_sectors = 4 limit=164 [ 55.213643][ T5153] wireguard0: entered allmulticast mode [ 55.321768][ T5162] netlink: 'syz.4.663': attribute type 4 has an invalid length. [ 55.321805][ T5160] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5160 comm=syz.0.662 [ 55.347876][ T5164] loop2: detected capacity change from 0 to 512 [ 55.374933][ T5164] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.664: corrupted in-inode xattr: invalid ea_ino [ 55.391067][ T5164] EXT4-fs error (device loop2): ext4_orphan_get:1393: comm syz.2.664: couldn't read orphan inode 15 (err -117) [ 55.475684][ T5179] FAULT_INJECTION: forcing a failure. [ 55.475684][ T5179] name failslab, interval 1, probability 0, space 0, times 0 [ 55.488514][ T5179] CPU: 0 UID: 0 PID: 5179 Comm: syz.4.671 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 55.499146][ T5179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 55.509215][ T5179] Call Trace: [ 55.512507][ T5179] [ 55.515446][ T5179] dump_stack_lvl+0xf2/0x150 [ 55.520080][ T5179] dump_stack+0x15/0x20 [ 55.524375][ T5179] should_fail_ex+0x223/0x230 [ 55.529075][ T5179] ? __alloc_skb+0x10b/0x310 [ 55.533806][ T5179] should_failslab+0x8f/0xb0 [ 55.538424][ T5179] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 55.544268][ T5179] __alloc_skb+0x10b/0x310 [ 55.548777][ T5179] netlink_alloc_large_skb+0xad/0xe0 [ 55.554142][ T5179] netlink_sendmsg+0x3b4/0x6e0 [ 55.558913][ T5179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 55.564221][ T5179] __sock_sendmsg+0x140/0x180 [ 55.568944][ T5179] ____sys_sendmsg+0x312/0x410 [ 55.573740][ T5179] __sys_sendmsg+0x1d9/0x270 [ 55.578426][ T5179] __x64_sys_sendmsg+0x46/0x50 [ 55.583197][ T5179] x64_sys_call+0x2689/0x2d60 [ 55.587904][ T5179] do_syscall_64+0xc9/0x1c0 [ 55.592526][ T5179] ? clear_bhb_loop+0x55/0xb0 [ 55.597215][ T5179] ? clear_bhb_loop+0x55/0xb0 [ 55.601918][ T5179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.607831][ T5179] RIP: 0033:0x7fa48610e719 [ 55.612267][ T5179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.631887][ T5179] RSP: 002b:00007fa484d87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 55.640307][ T5179] RAX: ffffffffffffffda RBX: 00007fa4862c5f80 RCX: 00007fa48610e719 [ 55.648281][ T5179] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 55.656384][ T5179] RBP: 00007fa484d87090 R08: 0000000000000000 R09: 0000000000000000 [ 55.664421][ T5179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.672405][ T5179] R13: 0000000000000000 R14: 00007fa4862c5f80 R15: 00007ffd6b5f57b8 [ 55.680462][ T5179] [ 55.710976][ T5183] sd 0:0:1:0: device reset [ 55.745178][ T5187] SELinux: Context system_u:object_r:pam_console_exec_t:s0 is not valid (left unmapped). [ 55.887285][ T5208] IPv6: NLM_F_CREATE should be specified when creating new route [ 55.915853][ T5211] loop2: detected capacity change from 0 to 512 [ 55.921701][ T5213] FAULT_INJECTION: forcing a failure. [ 55.921701][ T5213] name failslab, interval 1, probability 0, space 0, times 0 [ 55.934965][ T5213] CPU: 0 UID: 0 PID: 5213 Comm: syz.4.685 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 55.945662][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 55.955738][ T5213] Call Trace: [ 55.959026][ T5213] [ 55.961965][ T5213] dump_stack_lvl+0xf2/0x150 [ 55.966573][ T5213] dump_stack+0x15/0x20 [ 55.970891][ T5213] should_fail_ex+0x223/0x230 [ 55.975590][ T5213] ? __alloc_skb+0x10b/0x310 [ 55.980245][ T5213] should_failslab+0x8f/0xb0 [ 55.984847][ T5213] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 55.990675][ T5213] __alloc_skb+0x10b/0x310 [ 55.995235][ T5213] netlink_alloc_large_skb+0xad/0xe0 [ 56.000544][ T5213] netlink_sendmsg+0x3b4/0x6e0 [ 56.005340][ T5213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 56.010634][ T5213] __sock_sendmsg+0x140/0x180 [ 56.015507][ T5213] ____sys_sendmsg+0x312/0x410 [ 56.020282][ T5213] __sys_sendmsg+0x1d9/0x270 [ 56.024960][ T5213] __x64_sys_sendmsg+0x46/0x50 [ 56.029732][ T5213] x64_sys_call+0x2689/0x2d60 [ 56.034461][ T5213] do_syscall_64+0xc9/0x1c0 [ 56.038978][ T5213] ? clear_bhb_loop+0x55/0xb0 [ 56.043712][ T5213] ? clear_bhb_loop+0x55/0xb0 [ 56.048417][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.054388][ T5213] RIP: 0033:0x7fa48610e719 [ 56.059083][ T5213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 56.078697][ T5213] RSP: 002b:00007fa484d87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 56.087133][ T5213] RAX: ffffffffffffffda RBX: 00007fa4862c5f80 RCX: 00007fa48610e719 [ 56.095133][ T5213] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000006 [ 56.103118][ T5213] RBP: 00007fa484d87090 R08: 0000000000000000 R09: 0000000000000000 [ 56.111126][ T5213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 56.119160][ T5213] R13: 0000000000000000 R14: 00007fa4862c5f80 R15: 00007ffd6b5f57b8 [ 56.127194][ T5213] [ 56.229721][ T5211] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.356110][ T5237] loop2: detected capacity change from 0 to 512 [ 56.367258][ T5237] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 56.385686][ T5237] EXT4-fs (loop2): 1 truncate cleaned up [ 56.403638][ T5237] cgroup: subsys name conflicts with all [ 56.504255][ T5249] loop4: detected capacity change from 0 to 1024 [ 56.513680][ T5249] EXT4-fs: Ignoring removed nomblk_io_submit option [ 56.527442][ T5249] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 56.604666][ T5260] loop0: detected capacity change from 0 to 512 [ 56.623388][ T5263] loop4: detected capacity change from 0 to 1024 [ 56.642726][ T5260] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 56.752731][ T5273] binfmt_misc: register: failed to install interpreter file ./file0/../file0 [ 56.907283][ T5284] loop4: detected capacity change from 0 to 512 [ 56.949441][ T5284] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 57.027882][ T5284] EXT4-fs (loop4): 1 truncate cleaned up [ 57.050556][ T5294] loop3: detected capacity change from 0 to 1024 [ 57.058353][ T5284] cgroup: subsys name conflicts with all [ 57.064136][ T5294] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.090134][ T5294] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 57.112452][ T5296] loop1: detected capacity change from 0 to 8192 [ 57.207942][ T5310] siw: device registration error -23 [ 57.362508][ T5328] loop3: detected capacity change from 0 to 512 [ 57.380798][ T5328] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 57.407395][ T5328] EXT4-fs (loop3): 1 truncate cleaned up [ 57.439120][ T5328] cgroup: subsys name conflicts with all [ 57.463518][ T5340] loop1: detected capacity change from 0 to 1024 [ 57.472439][ T5340] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.494304][ T5340] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 57.510551][ T5345] xt_TCPMSS: Only works on TCP SYN packets [ 57.593924][ T5358] loop0: detected capacity change from 0 to 512 [ 57.630899][ T5358] ext4 filesystem being mounted at /124/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 57.651724][ T5368] FAULT_INJECTION: forcing a failure. [ 57.651724][ T5368] name failslab, interval 1, probability 0, space 0, times 0 [ 57.664423][ T5368] CPU: 1 UID: 0 PID: 5368 Comm: syz.1.737 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 57.675070][ T5368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 57.685236][ T5368] Call Trace: [ 57.688571][ T5368] [ 57.691508][ T5368] dump_stack_lvl+0xf2/0x150 [ 57.696138][ T5368] dump_stack+0x15/0x20 [ 57.700336][ T5368] should_fail_ex+0x223/0x230 [ 57.705026][ T5368] ? vm_area_dup+0x98/0x130 [ 57.709553][ T5368] should_failslab+0x8f/0xb0 [ 57.714157][ T5368] kmem_cache_alloc_noprof+0x4c/0x290 [ 57.719608][ T5368] vm_area_dup+0x98/0x130 [ 57.724057][ T5368] copy_mm+0x60b/0x10e0 [ 57.728228][ T5368] copy_process+0xd5b/0x1f90 [ 57.732828][ T5368] kernel_clone+0x167/0x5e0 [ 57.737416][ T5368] ? vfs_write+0x596/0x920 [ 57.741840][ T5368] ? __pfx_kfree_link+0x10/0x10 [ 57.746734][ T5368] __x64_sys_clone+0xe8/0x120 [ 57.751423][ T5368] x64_sys_call+0x2d23/0x2d60 [ 57.756108][ T5368] do_syscall_64+0xc9/0x1c0 [ 57.760723][ T5368] ? clear_bhb_loop+0x55/0xb0 [ 57.765402][ T5368] ? clear_bhb_loop+0x55/0xb0 [ 57.770086][ T5368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 57.776157][ T5368] RIP: 0033:0x7fcb274ae719 [ 57.780595][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 57.800306][ T5368] RSP: 002b:00007fcb26120fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 57.808779][ T5368] RAX: ffffffffffffffda RBX: 00007fcb27665f80 RCX: 00007fcb274ae719 [ 57.816747][ T5368] RDX: 0000000020000280 RSI: 0000000000000000 RDI: 0000000000004000 [ 57.824730][ T5368] RBP: 00007fcb26121090 R08: 0000000000000000 R09: 0000000000000000 [ 57.832702][ T5368] R10: 0000000020000300 R11: 0000000000000206 R12: 0000000000000002 [ 57.840673][ T5368] R13: 0000000000000000 R14: 00007fcb27665f80 R15: 00007ffe00510408 [ 57.848833][ T5368] [ 57.886843][ T5375] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5375 comm=syz.1.740 [ 57.910719][ T5379] loop4: detected capacity change from 0 to 1024 [ 57.920574][ T5381] loop0: detected capacity change from 0 to 512 [ 57.927562][ T5379] EXT4-fs: Ignoring removed nomblk_io_submit option [ 57.935099][ T5379] EXT4-fs (loop4): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 57.945605][ T5381] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 57.956753][ T5381] EXT4-fs (loop0): 1 truncate cleaned up [ 57.967344][ T5381] cgroup: subsys name conflicts with all [ 57.995413][ T5377] loop3: detected capacity change from 0 to 2048 [ 58.242876][ T5410] loop4: detected capacity change from 0 to 256 [ 58.326941][ T5419] loop4: detected capacity change from 0 to 512 [ 58.343107][ T5419] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 58.367193][ T5419] EXT4-fs (loop4): 1 truncate cleaned up [ 58.385365][ T5419] cgroup: subsys name conflicts with all [ 58.394242][ T29] kauditd_printk_skb: 201 callbacks suppressed [ 58.394268][ T29] audit: type=1326 audit(1730603218.874:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5376 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11deae719 code=0x7ffc0000 [ 58.415628][ T5426] loop0: detected capacity change from 0 to 1024 [ 58.423885][ T29] audit: type=1326 audit(1730603218.874:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5376 comm="syz.3.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe11deae719 code=0x7ffc0000 [ 58.454115][ T5426] EXT4-fs: Ignoring removed nomblk_io_submit option [ 58.468787][ T5426] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 58.491765][ T5428] tap0: tun_chr_ioctl cmd 2147767519 [ 58.557075][ T29] audit: type=1400 audit(1730603219.034:936): avc: denied { connect } for pid=5435 comm="syz.2.760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.620214][ T5440] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 58.635132][ T29] audit: type=1400 audit(1730603219.114:937): avc: denied { read } for pid=5435 comm="syz.2.760" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 58.655439][ T29] audit: type=1326 audit(1730603219.134:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5448 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 58.683036][ T29] audit: type=1326 audit(1730603219.164:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5448 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 58.706359][ T29] audit: type=1326 audit(1730603219.164:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5448 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 58.729723][ T29] audit: type=1326 audit(1730603219.164:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5448 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 58.753481][ T29] audit: type=1326 audit(1730603219.164:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5448 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 58.836949][ T5461] loop1: detected capacity change from 0 to 512 [ 58.860672][ T29] audit: type=1326 audit(1730603219.184:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5448 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 58.861074][ T5466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.902174][ T5461] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 58.926744][ T5466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.933899][ T5461] EXT4-fs (loop1): 1 truncate cleaned up [ 58.944242][ T5461] cgroup: subsys name conflicts with all [ 59.018632][ T5479] loop1: detected capacity change from 0 to 1024 [ 59.026724][ T5479] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.036361][ T5479] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 59.100642][ T5492] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5492 comm=syz.2.776 [ 59.211294][ T5507] loop4: detected capacity change from 0 to 512 [ 59.218816][ T5507] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 59.232851][ T5507] EXT4-fs (loop4): 1 truncate cleaned up [ 59.240893][ T5513] FAULT_INJECTION: forcing a failure. [ 59.240893][ T5513] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 59.254239][ T5513] CPU: 1 UID: 0 PID: 5513 Comm: syz.1.784 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 59.264910][ T5513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.275081][ T5513] Call Trace: [ 59.278366][ T5513] [ 59.281317][ T5513] dump_stack_lvl+0xf2/0x150 [ 59.285928][ T5513] dump_stack+0x15/0x20 [ 59.290102][ T5513] should_fail_ex+0x223/0x230 [ 59.294869][ T5513] should_fail_alloc_page+0xfd/0x110 [ 59.300199][ T5513] __alloc_pages_noprof+0x109/0x340 [ 59.305410][ T5513] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 59.310807][ T5513] vma_alloc_folio_noprof+0x1a0/0x2f0 [ 59.316203][ T5513] handle_mm_fault+0xdbe/0x2a80 [ 59.321144][ T5513] ? __rcu_read_lock+0x36/0x50 [ 59.325960][ T5513] __get_user_pages+0xf2c/0x2670 [ 59.330960][ T5513] __gup_longterm_locked+0xa7b/0x10b0 [ 59.336411][ T5513] ? down_read_killable+0x172/0x6b0 [ 59.341675][ T5513] ? down_read+0x171/0x4b0 [ 59.346226][ T5513] pin_user_pages_remote+0x7f/0xb0 [ 59.351416][ T5513] process_vm_rw+0x4f7/0x8c0 [ 59.356048][ T5513] ? ksys_write+0x17a/0x1b0 [ 59.360655][ T5513] __x64_sys_process_vm_writev+0x7a/0x90 [ 59.366315][ T5513] x64_sys_call+0x1a4/0x2d60 [ 59.370938][ T5513] do_syscall_64+0xc9/0x1c0 [ 59.375454][ T5513] ? clear_bhb_loop+0x55/0xb0 [ 59.380190][ T5513] ? clear_bhb_loop+0x55/0xb0 [ 59.384925][ T5513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.390903][ T5513] RIP: 0033:0x7fcb274ae719 [ 59.395325][ T5513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.414969][ T5513] RSP: 002b:00007fcb26121038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 59.423444][ T5513] RAX: ffffffffffffffda RBX: 00007fcb27665f80 RCX: 00007fcb274ae719 [ 59.431456][ T5513] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000179 [ 59.439434][ T5513] RBP: 00007fcb26121090 R08: 000000000000023a R09: 0000000000000000 [ 59.447423][ T5513] R10: 0000000020121000 R11: 0000000000000246 R12: 0000000000000002 [ 59.455469][ T5513] R13: 0000000000000000 R14: 00007fcb27665f80 R15: 00007ffe00510408 [ 59.463514][ T5513] [ 59.467220][ T5507] cgroup: subsys name conflicts with all [ 59.525088][ T5519] loop1: detected capacity change from 0 to 1024 [ 59.533759][ T5519] EXT4-fs: Ignoring removed nomblk_io_submit option [ 59.537539][ T5517] __nla_validate_parse: 12 callbacks suppressed [ 59.537558][ T5517] netlink: 12 bytes leftover after parsing attributes in process `syz.4.786'. [ 59.541348][ T5519] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 59.642156][ T5531] loop3: detected capacity change from 0 to 512 [ 59.661527][ T5531] ext4 filesystem being mounted at /176/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 59.728817][ T5540] loop0: detected capacity change from 0 to 2048 [ 59.777699][ T5542] loop4: detected capacity change from 0 to 512 [ 59.812676][ T5542] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 59.814550][ T50] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 59.859202][ T5542] EXT4-fs (loop4): 1 truncate cleaned up [ 59.873095][ T50] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28 [ 59.885466][ T50] EXT4-fs (loop0): This should not happen!! Data will be lost [ 59.885466][ T50] [ 59.895220][ T50] EXT4-fs (loop0): Total free blocks count 0 [ 59.901378][ T50] EXT4-fs (loop0): Free/Dirty block details [ 59.907287][ T50] EXT4-fs (loop0): free_blocks=2415919104 [ 59.913077][ T50] EXT4-fs (loop0): dirty_blocks=32 [ 59.918269][ T50] EXT4-fs (loop0): Block reservation details [ 59.924381][ T50] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 59.940562][ T5542] cgroup: subsys name conflicts with all [ 59.970887][ T5551] lo speed is unknown, defaulting to 1000 [ 60.006598][ T5555] loop0: detected capacity change from 0 to 128 [ 60.038478][ T5555] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (16076!=39978) [ 60.050827][ T5558] netlink: 20 bytes leftover after parsing attributes in process `syz.4.802'. [ 60.065227][ T5560] loop2: detected capacity change from 0 to 1024 [ 60.072511][ T5561] 9pnet_fd: Insufficient options for proto=fd [ 60.087855][ T5558] netlink: 56 bytes leftover after parsing attributes in process `syz.4.802'. [ 60.097952][ T5560] EXT4-fs: Ignoring removed bh option [ 60.111883][ T5555] capability: warning: `syz.0.798' uses deprecated v2 capabilities in a way that may be insecure [ 60.122830][ T5558] netlink: 16 bytes leftover after parsing attributes in process `syz.4.802'. [ 60.315296][ T5567] loop0: detected capacity change from 0 to 1024 [ 60.330235][ T5567] EXT4-fs: Ignoring removed nomblk_io_submit option [ 60.346421][ T5567] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 60.414720][ T5570] siw: device registration error -23 [ 60.570184][ T5580] loop4: detected capacity change from 0 to 512 [ 60.601294][ T5580] ext4 filesystem being mounted at /174/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 60.703385][ T5590] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 60.714896][ T5595] loop3: detected capacity change from 0 to 512 [ 60.719877][ T5591] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 60.735538][ T5595] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 60.737475][ T5590] loop1: detected capacity change from 0 to 512 [ 60.748477][ T5595] EXT4-fs (loop3): 1 truncate cleaned up [ 60.763436][ T5595] cgroup: subsys name conflicts with all [ 60.773778][ T5590] EXT4-fs error (device loop1): ext4_orphan_get:1388: inode #15: comm syz.1.811: iget: bad extended attribute block 1 [ 60.811821][ T5590] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.811: couldn't read orphan inode 15 (err -117) [ 60.853875][ T5607] siw: device registration error -23 [ 60.868321][ T5609] siw: device registration error -23 [ 60.941473][ T5611] loop4: detected capacity change from 0 to 512 [ 60.966492][ T5611] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 60.980044][ T5620] siw: device registration error -23 [ 61.042537][ T5627] netlink: 12 bytes leftover after parsing attributes in process `syz.0.824'. [ 61.122607][ T5634] siw: device registration error -23 [ 61.191238][ T5640] siw: device registration error -23 [ 61.211514][ T5641] loop0: detected capacity change from 0 to 512 [ 61.240929][ T5641] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.831: bg 0: block 393: padding at end of block bitmap is not set [ 61.245083][ T5645] FAULT_INJECTION: forcing a failure. [ 61.245083][ T5645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 61.268310][ T5645] CPU: 1 UID: 0 PID: 5645 Comm: syz.3.832 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 61.270244][ T5641] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 61.278909][ T5645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 61.278927][ T5645] Call Trace: [ 61.278934][ T5645] [ 61.278944][ T5645] dump_stack_lvl+0xf2/0x150 [ 61.308594][ T5645] dump_stack+0x15/0x20 [ 61.309557][ T5641] EXT4-fs (loop0): 2 truncates cleaned up [ 61.312756][ T5645] should_fail_ex+0x223/0x230 [ 61.323180][ T5645] should_fail+0xb/0x10 [ 61.327389][ T5645] should_fail_usercopy+0x1a/0x20 [ 61.332452][ T5645] _copy_to_user+0x20/0xa0 [ 61.336942][ T5645] simple_read_from_buffer+0xa0/0x110 [ 61.342352][ T5645] proc_fail_nth_read+0xf9/0x140 [ 61.347420][ T5645] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 61.353007][ T5645] vfs_read+0x1a2/0x700 [ 61.357215][ T5645] ? __fget_files+0x1d4/0x210 [ 61.361994][ T5645] ksys_read+0xeb/0x1b0 [ 61.366236][ T5645] __x64_sys_read+0x42/0x50 [ 61.370792][ T5645] x64_sys_call+0x27d3/0x2d60 [ 61.375497][ T5645] do_syscall_64+0xc9/0x1c0 [ 61.380028][ T5645] ? clear_bhb_loop+0x55/0xb0 [ 61.384772][ T5645] ? clear_bhb_loop+0x55/0xb0 [ 61.389467][ T5645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 61.395420][ T5645] RIP: 0033:0x7fe11dead15c [ 61.399880][ T5645] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 61.419501][ T5645] RSP: 002b:00007fe11cb27030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 61.427985][ T5645] RAX: ffffffffffffffda RBX: 00007fe11e065f80 RCX: 00007fe11dead15c [ 61.435966][ T5645] RDX: 000000000000000f RSI: 00007fe11cb270a0 RDI: 0000000000000004 [ 61.443946][ T5645] RBP: 00007fe11cb27090 R08: 0000000000000000 R09: 0000000000000000 [ 61.451931][ T5645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 61.459999][ T5645] R13: 0000000000000000 R14: 00007fe11e065f80 R15: 00007fffdfb62078 [ 61.468019][ T5645] [ 61.635567][ T5651] loop3: detected capacity change from 0 to 512 [ 61.652076][ T5651] EXT4-fs (loop3): VFS: Can't find ext4 filesystem [ 61.833216][ T5661] loop2: detected capacity change from 0 to 2048 [ 61.879518][ T5661] loop2: p1 < > p3 [ 61.884370][ T5661] loop2: p3 size 134217728 extends beyond EOD, truncated [ 61.948648][ T5666] loop2: detected capacity change from 0 to 164 [ 61.950178][ T5668] siw: device registration error -23 [ 61.980375][ T5670] loop4: detected capacity change from 0 to 512 [ 61.987368][ T5670] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 62.004422][ T5670] EXT4-fs (loop4): 1 truncate cleaned up [ 62.017054][ T5641] 9pnet_fd: p9_fd_create_tcp (5641): problem connecting socket to 127.0.0.1 [ 62.026409][ T5670] cgroup: subsys name conflicts with all [ 62.387219][ T5700] siw: device registration error -23 [ 62.424362][ T5702] loop4: detected capacity change from 0 to 1024 [ 62.434429][ T5702] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 62.683018][ T5710] loop1: detected capacity change from 0 to 512 [ 62.689871][ T5710] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 62.703874][ T5710] EXT4-fs (loop1): 1 truncate cleaned up [ 62.716701][ T5710] cgroup: subsys name conflicts with all [ 62.787675][ T5718] loop1: detected capacity change from 0 to 512 [ 62.796345][ T5718] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.859: bg 0: block 393: padding at end of block bitmap is not set [ 62.811234][ T5718] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 62.820418][ T5718] EXT4-fs (loop1): 2 truncates cleaned up [ 63.145249][ T3391] IPVS: starting estimator thread 0... [ 63.239152][ T5730] IPVS: using max 2304 ests per chain, 115200 per kthread [ 63.259300][ T5744] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'. [ 63.298662][ T5749] loop2: detected capacity change from 0 to 512 [ 63.318235][ T5749] ext4 filesystem being mounted at /159/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 63.375534][ T5749] Process accounting resumed [ 63.383378][ T5749] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 63.420693][ T5749] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 63.434448][ T5749] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 63.445456][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 63.445470][ T29] audit: type=1400 audit(1730603223.924:1002): avc: denied { mount } for pid=5748 comm="syz.2.866" name="/" dev="rpc_pipefs" ino=11103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1 [ 63.477632][ T5749] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback. [ 63.514997][ T5783] netlink: 12 bytes leftover after parsing attributes in process `syz.2.871'. [ 63.561207][ T5789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.873'. [ 63.592291][ T5791] tipc: Started in network mode [ 63.597198][ T5791] tipc: Node identity , cluster identity 4711 [ 63.603443][ T5791] tipc: Failed to obtain node identity [ 63.608989][ T5791] tipc: Enabling of bearer rejected, failed to enable media [ 63.618693][ T5791] netlink: 'syz.0.874': attribute type 10 has an invalid length. [ 63.626926][ T5718] 9pnet_fd: p9_fd_create_tcp (5718): problem connecting socket to 127.0.0.1 [ 63.635921][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.643251][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.661863][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.668960][ T5791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.676327][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.683446][ T5791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.723507][ T5791] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 63.777890][ T29] audit: type=1400 audit(1730603224.254:1003): avc: denied { bind } for pid=5796 comm="syz.0.876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 63.836558][ T29] audit: type=1400 audit(1730603224.314:1004): avc: denied { ioctl } for pid=5798 comm="syz.2.877" path="socket:[11705]" dev="sockfs" ino=11705 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 63.891738][ T5807] loop2: detected capacity change from 0 to 512 [ 63.906489][ T5807] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 63.917279][ T5807] EXT4-fs (loop2): 1 truncate cleaned up [ 63.935150][ T5813] siw: device registration error -23 [ 63.936337][ T5807] cgroup: subsys name conflicts with all [ 64.208243][ T5829] loop3: detected capacity change from 0 to 512 [ 64.235509][ T5829] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.886: bg 0: block 393: padding at end of block bitmap is not set [ 64.251226][ T5829] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 64.261231][ T5829] EXT4-fs (loop3): 2 truncates cleaned up [ 64.277457][ T5835] FAULT_INJECTION: forcing a failure. [ 64.277457][ T5835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 64.290610][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz.4.888 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 64.301221][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 64.311305][ T5835] Call Trace: [ 64.314626][ T5835] [ 64.317616][ T5835] dump_stack_lvl+0xf2/0x150 [ 64.322254][ T5835] dump_stack+0x15/0x20 [ 64.326436][ T5835] should_fail_ex+0x223/0x230 [ 64.331218][ T5835] should_fail+0xb/0x10 [ 64.335405][ T5835] should_fail_usercopy+0x1a/0x20 [ 64.340503][ T5835] _copy_from_user+0x1e/0xb0 [ 64.345214][ T5835] tiocswinsz+0x47/0x170 [ 64.349466][ T5835] tty_ioctl+0x1bd/0xbe0 [ 64.353726][ T5835] ? __pfx_tty_ioctl+0x10/0x10 [ 64.358495][ T5835] __se_sys_ioctl+0xcd/0x140 [ 64.363098][ T5835] __x64_sys_ioctl+0x43/0x50 [ 64.367754][ T5835] x64_sys_call+0x15cc/0x2d60 [ 64.372462][ T5835] do_syscall_64+0xc9/0x1c0 [ 64.376978][ T5835] ? clear_bhb_loop+0x55/0xb0 [ 64.381662][ T5835] ? clear_bhb_loop+0x55/0xb0 [ 64.386342][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.392278][ T5835] RIP: 0033:0x7fa48610e719 [ 64.396715][ T5835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.416601][ T5835] RSP: 002b:00007fa484d87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 64.425025][ T5835] RAX: ffffffffffffffda RBX: 00007fa4862c5f80 RCX: 00007fa48610e719 [ 64.433009][ T5835] RDX: 0000000020000080 RSI: 0000000000005414 RDI: 0000000000000003 [ 64.441000][ T5835] RBP: 00007fa484d87090 R08: 0000000000000000 R09: 0000000000000000 [ 64.448986][ T5835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 64.456995][ T5835] R13: 0000000000000000 R14: 00007fa4862c5f80 R15: 00007ffd6b5f57b8 [ 64.465016][ T5835] [ 64.489082][ T29] audit: type=1326 audit(1730603224.964:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5837 comm="syz.3.889" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe11deae719 code=0x0 [ 64.511916][ T29] audit: type=1326 audit(1730603224.964:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5837 comm="syz.3.889" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe11deae719 code=0x0 [ 64.562313][ T5848] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5848 comm=syz.4.892 [ 64.581411][ T5848] netlink: 60 bytes leftover after parsing attributes in process `syz.4.892'. [ 64.590810][ T5848] unsupported nlmsg_type 40 [ 64.648335][ T5858] netlink: 20 bytes leftover after parsing attributes in process `syz.1.896'. [ 64.663764][ T5858] IPv6: Can't replace route, no match found [ 64.690198][ T5862] loop1: detected capacity change from 0 to 512 [ 64.699354][ T5862] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.899: bg 0: block 393: padding at end of block bitmap is not set [ 64.714129][ T5862] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 64.723458][ T5862] EXT4-fs (loop1): 2 truncates cleaned up [ 64.815407][ T5871] loop1: detected capacity change from 0 to 512 [ 64.835681][ T5871] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 64.849393][ T29] audit: type=1326 audit(1730603225.334:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5872 comm="syz.4.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 64.872852][ T29] audit: type=1326 audit(1730603225.334:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5872 comm="syz.4.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 64.896395][ T29] audit: type=1326 audit(1730603225.334:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5872 comm="syz.4.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 64.919707][ T29] audit: type=1326 audit(1730603225.334:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5872 comm="syz.4.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 64.934476][ T5877] netlink: 112 bytes leftover after parsing attributes in process `syz.4.901'. [ 64.943071][ T29] audit: type=1326 audit(1730603225.334:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5872 comm="syz.4.901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 65.057402][ T5881] loop1: detected capacity change from 0 to 256 [ 65.105253][ T5891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.908'. [ 65.213165][ T5906] loop0: detected capacity change from 0 to 2048 [ 65.220481][ T5906] EXT4-fs: Ignoring removed orlov option [ 65.235468][ T5906] netlink: 24 bytes leftover after parsing attributes in process `syz.0.914'. [ 65.307713][ T11] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 65.325830][ T11] EXT4-fs (loop0): Remounting filesystem read-only [ 65.434371][ T5921] netlink: 12 bytes leftover after parsing attributes in process `syz.1.917'. [ 65.520224][ T5928] netlink: 12 bytes leftover after parsing attributes in process `syz.1.921'. [ 65.651723][ T5939] loop3: detected capacity change from 0 to 512 [ 65.665215][ T5940] loop1: detected capacity change from 0 to 512 [ 65.675452][ T5939] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.925: bg 0: block 393: padding at end of block bitmap is not set [ 65.713137][ T5939] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 65.714186][ T5940] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 65.725073][ T5939] EXT4-fs (loop3): 2 truncates cleaned up [ 65.813003][ T5951] syz.1.928 uses obsolete (PF_INET,SOCK_PACKET) [ 65.830233][ T5951] lo speed is unknown, defaulting to 1000 [ 65.915071][ T5951] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 65.923369][ T5951] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 66.027372][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.931'. [ 66.036299][ T5958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.931'. [ 66.152329][ T5962] loop2: detected capacity change from 0 to 512 [ 66.163525][ T5961] loop4: detected capacity change from 0 to 512 [ 66.164666][ T5961] ext4: Bad value for 'resuid' [ 66.174950][ T5961] ext4: Bad value for 'resuid' [ 66.176537][ T5962] ext4 filesystem being mounted at /170/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.285121][ T5974] syz.1.935[5974] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.285628][ T5974] syz.1.935[5974] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.297123][ T5974] syz.1.935[5974] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 66.478869][ T5939] 9pnet_fd: p9_fd_create_tcp (5939): problem connecting socket to 127.0.0.1 [ 66.504270][ T5979] usb usb1: usbfs: interface 0 claimed by hub while '+}[@' sets config #0 [ 66.720624][ T5990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.939'. [ 66.741704][ T5992] loop4: detected capacity change from 0 to 512 [ 66.748598][ T5992] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 66.762381][ T5992] EXT4-fs (loop4): 1 truncate cleaned up [ 66.918121][ T3315] EXT4-fs unmount: 127 callbacks suppressed [ 66.918170][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 66.945916][ T6002] loop3: detected capacity change from 0 to 512 [ 66.971902][ T6002] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806c018, mo2=0103] [ 66.981068][ T6002] System zones: 1-12 [ 66.989612][ T6002] EXT4-fs error (device loop3): ext4_init_orphan_info:586: comm syz.3.942: inode #0: comm syz.3.942: iget: illegal inode # [ 67.003045][ T6002] EXT4-fs (loop3): get orphan inode failed [ 67.009091][ T6002] EXT4-fs (loop3): mount failed [ 67.074591][ T6042] loop3: detected capacity change from 0 to 512 [ 67.091295][ T6042] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 67.128138][ T6052] sg_write: process 423 (syz.2.946) changed security contexts after opening file descriptor, this is not allowed. [ 67.140713][ T6052] program syz.2.946 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 67.150763][ T6042] EXT4-fs (loop3): 1 truncate cleaned up [ 67.156945][ T6042] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.187430][ T6042] cgroup: Unknown subsys name 'mask' [ 67.235011][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.821754][ T6175] loop4: detected capacity change from 0 to 512 [ 67.852399][ T6175] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 67.879543][ T6175] EXT4-fs (loop4): 1 truncate cleaned up [ 67.890933][ T6175] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.930205][ T6175] cgroup: subsys name conflicts with all [ 67.967146][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.355006][ T6199] loop4: detected capacity change from 0 to 512 [ 68.357815][ T6194] loop2: detected capacity change from 0 to 512 [ 68.414247][ T6199] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.416931][ T6194] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.967: bg 0: block 393: padding at end of block bitmap is not set [ 68.437720][ T6199] ext4 filesystem being mounted at /209/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 68.469239][ T6194] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 68.487042][ T6194] EXT4-fs (loop2): 2 truncates cleaned up [ 68.498825][ T6194] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 68.585562][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 68.717531][ T6235] program syz.3.973 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 68.727158][ T6235] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 68.739249][ T29] kauditd_printk_skb: 132 callbacks suppressed [ 68.739267][ T29] audit: type=1400 audit(1730603229.194:1144): avc: denied { write } for pid=6216 comm="syz.3.973" name="sg0" dev="devtmpfs" ino=135 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 68.818002][ T29] audit: type=1326 audit(1730603229.254:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.841529][ T29] audit: type=1326 audit(1730603229.254:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.864984][ T29] audit: type=1326 audit(1730603229.254:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.888400][ T29] audit: type=1326 audit(1730603229.254:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.911751][ T29] audit: type=1326 audit(1730603229.254:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.935069][ T29] audit: type=1326 audit(1730603229.254:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.958469][ T29] audit: type=1326 audit(1730603229.254:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 68.982058][ T29] audit: type=1326 audit(1730603229.254:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 69.005437][ T29] audit: type=1326 audit(1730603229.254:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6229 comm="syz.4.976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa48610e719 code=0x7ffc0000 [ 69.163382][ T6194] 9pnet_fd: p9_fd_create_tcp (6194): problem connecting socket to 127.0.0.1 [ 69.180463][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.543272][ T6254] loop4: detected capacity change from 0 to 1024 [ 69.575665][ T6257] loop1: detected capacity change from 0 to 512 [ 69.603754][ T6257] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 69.619410][ T6254] EXT4-fs error (device loop4): ext4_acquire_dquot:6879: comm syz.4.983: Failed to acquire dquot type 0 [ 69.634611][ T6262] __nla_validate_parse: 10 callbacks suppressed [ 69.634629][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.986'. [ 69.656667][ T6254] EXT4-fs error (device loop4): mb_free_blocks:1948: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 69.674295][ T6257] EXT4-fs (loop1): 1 truncate cleaned up [ 69.688146][ T6254] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #13: comm syz.4.983: corrupted inode contents [ 69.701751][ T6257] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.714207][ T6254] EXT4-fs error (device loop4): ext4_dirty_inode:5984: inode #13: comm syz.4.983: mark_inode_dirty error [ 69.730543][ T6257] cgroup: subsys name conflicts with all [ 69.737004][ T6254] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #13: comm syz.4.983: corrupted inode contents [ 69.762015][ T6254] EXT4-fs error (device loop4): __ext4_ext_dirty:207: inode #13: comm syz.4.983: mark_inode_dirty error [ 69.777342][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.787071][ T6254] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #13: comm syz.4.983: corrupted inode contents [ 69.816200][ T6254] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 69.826436][ T6254] EXT4-fs error (device loop4): ext4_do_update_inode:5121: inode #13: comm syz.4.983: corrupted inode contents [ 69.855205][ T6254] EXT4-fs error (device loop4): ext4_truncate:4208: inode #13: comm syz.4.983: mark_inode_dirty error [ 69.868909][ T6254] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 69.880521][ T6254] EXT4-fs (loop4): 1 truncate cleaned up [ 69.886758][ T6254] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.918351][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.931930][ T6276] netlink: 'syz.1.988': attribute type 29 has an invalid length. [ 69.939181][ T6278] netlink: 28 bytes leftover after parsing attributes in process `syz.4.989'. [ 69.945782][ T6276] netlink: 'syz.1.988': attribute type 29 has an invalid length. [ 70.055397][ T6287] netlink: 12 bytes leftover after parsing attributes in process `syz.4.993'. [ 70.331646][ T6322] loop4: detected capacity change from 0 to 512 [ 70.339377][ T6322] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 70.364434][ T6322] EXT4-fs (loop4): 1 truncate cleaned up [ 70.375124][ T6322] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.398764][ T6322] cgroup: subsys name conflicts with all [ 70.414970][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.440546][ T6335] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1000'. [ 70.460947][ T6336] loop3: detected capacity change from 0 to 512 [ 70.464528][ T6338] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1001'. [ 70.521352][ T6336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.538072][ T6336] ext4 filesystem being mounted at /213/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.592770][ T6346] lo speed is unknown, defaulting to 1000 [ 70.632138][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.646417][ T6353] loop4: detected capacity change from 0 to 512 [ 70.674151][ T6353] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 70.693127][ T6359] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1006'. [ 70.708843][ T6353] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 70.773235][ T6365] loop3: detected capacity change from 0 to 512 [ 70.788782][ T6365] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 70.827111][ T6365] EXT4-fs (loop3): 1 truncate cleaned up [ 70.837509][ T6365] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.853953][ T6375] loop1: detected capacity change from 0 to 1024 [ 70.860873][ T6375] EXT4-fs: Ignoring removed nobh option [ 70.866473][ T6375] EXT4-fs: Ignoring removed orlov option [ 70.871958][ T6365] cgroup: subsys name conflicts with all [ 70.879692][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.895416][ T3327] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 70.899898][ T6375] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 70.920678][ T6375] EXT4-fs error (device loop1): __ext4_remount:6522: comm syz.1.1013: Abort forced by user [ 70.932476][ T6375] EXT4-fs (loop1): Remounting filesystem read-only [ 70.943694][ T6375] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: none. [ 70.956730][ T6379] syzkaller0: entered allmulticast mode [ 70.987110][ T6375] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 70.996199][ T6375] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop1 ino=12 [ 71.020034][ T6379] syzkaller0 (unregistering): left allmulticast mode [ 71.033405][ T6385] siw: device registration error -23 [ 71.038514][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.073834][ T6387] FAULT_INJECTION: forcing a failure. [ 71.073834][ T6387] name failslab, interval 1, probability 0, space 0, times 0 [ 71.086620][ T6387] CPU: 1 UID: 0 PID: 6387 Comm: syz.3.1020 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 71.097439][ T6387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.107505][ T6387] Call Trace: [ 71.110788][ T6387] [ 71.113780][ T6387] dump_stack_lvl+0xf2/0x150 [ 71.118430][ T6387] dump_stack+0x15/0x20 [ 71.122667][ T6387] should_fail_ex+0x223/0x230 [ 71.127379][ T6387] ? iter_file_splice_write+0x102/0x980 [ 71.132999][ T6387] should_failslab+0x8f/0xb0 [ 71.137626][ T6387] __kmalloc_noprof+0xa5/0x370 [ 71.142420][ T6387] iter_file_splice_write+0x102/0x980 [ 71.147862][ T6387] ? current_time+0xfa/0x1a0 [ 71.152469][ T6387] ? atime_needs_update+0x3c5/0x3e0 [ 71.157700][ T6387] ? touch_atime+0x110/0x350 [ 71.162308][ T6387] ? shmem_file_splice_read+0x572/0x5c0 [ 71.167920][ T6387] ? __pfx_iter_file_splice_write+0x10/0x10 [ 71.173832][ T6387] direct_splice_actor+0x160/0x2c0 [ 71.178968][ T6387] splice_direct_to_actor+0x302/0x670 [ 71.184371][ T6387] ? __pfx_direct_splice_actor+0x10/0x10 [ 71.190108][ T6387] do_splice_direct+0xd7/0x150 [ 71.194892][ T6387] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 71.200894][ T6387] do_sendfile+0x39b/0x970 [ 71.205342][ T6387] __x64_sys_sendfile64+0x110/0x150 [ 71.210590][ T6387] x64_sys_call+0xed5/0x2d60 [ 71.215249][ T6387] do_syscall_64+0xc9/0x1c0 [ 71.219776][ T6387] ? clear_bhb_loop+0x55/0xb0 [ 71.224530][ T6387] ? clear_bhb_loop+0x55/0xb0 [ 71.229224][ T6387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.235536][ T6387] RIP: 0033:0x7fe11deae719 [ 71.239958][ T6387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.259588][ T6387] RSP: 002b:00007fe11cb27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 71.268020][ T6387] RAX: ffffffffffffffda RBX: 00007fe11e065f80 RCX: 00007fe11deae719 [ 71.276001][ T6387] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000007 [ 71.283983][ T6387] RBP: 00007fe11cb27090 R08: 0000000000000000 R09: 0000000000000000 [ 71.291973][ T6387] R10: 000000000000e066 R11: 0000000000000246 R12: 0000000000000002 [ 71.300026][ T6387] R13: 0000000000000000 R14: 00007fe11e065f80 R15: 00007fffdfb62078 [ 71.308016][ T6387] [ 71.346308][ T6393] loop4: detected capacity change from 0 to 2048 [ 71.354141][ T6395] loop1: detected capacity change from 0 to 2048 [ 71.418350][ T6395] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.446202][ T6407] loop2: detected capacity change from 0 to 512 [ 71.454836][ T6393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.487302][ T6407] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 71.499292][ T6408] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 71.502998][ T6393] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1019'. [ 71.518761][ T6393] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1019'. [ 71.527920][ T6393] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1019'. [ 71.537933][ T6393] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1019'. [ 71.538607][ T6407] EXT4-fs (loop2): 1 truncate cleaned up [ 71.555737][ T6407] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 71.576354][ T6407] cgroup: subsys name conflicts with all [ 71.614349][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.628996][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 71.724613][ T6429] siw: device registration error -23 [ 71.804146][ T6435] loop3: detected capacity change from 0 to 256 [ 71.849212][ T6435] loop3: detected capacity change from 256 to 11 [ 71.862417][ T6435] FAT-fs (loop3): Directory bread(block 3) failed [ 71.899480][ T6435] FAT-fs (loop3): Directory bread(block 3) failed [ 71.915221][ T3327] FAT-fs (loop3): Directory bread(block 3) failed [ 71.923513][ T6457] FAULT_INJECTION: forcing a failure. [ 71.923513][ T6457] name failslab, interval 1, probability 0, space 0, times 0 [ 71.936249][ T6457] CPU: 0 UID: 0 PID: 6457 Comm: syz.4.1041 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 71.946961][ T6457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 71.957046][ T6457] Call Trace: [ 71.960355][ T6457] [ 71.960367][ T6457] dump_stack_lvl+0xf2/0x150 [ 71.960402][ T6457] dump_stack+0x15/0x20 [ 71.960425][ T6457] should_fail_ex+0x223/0x230 [ 71.960514][ T6457] ? sock_kmalloc+0x83/0xc0 [ 71.960540][ T6457] should_failslab+0x8f/0xb0 [ 71.960567][ T6457] __kmalloc_noprof+0xa5/0x370 [ 71.960604][ T6457] sock_kmalloc+0x83/0xc0 [ 71.960624][ T6457] ____sys_sendmsg+0x127/0x410 [ 71.960677][ T6457] __sys_sendmsg+0x1d9/0x270 [ 71.960715][ T6457] __x64_sys_sendmsg+0x46/0x50 [ 71.960739][ T6457] x64_sys_call+0x2689/0x2d60 [ 71.960775][ T6457] do_syscall_64+0xc9/0x1c0 [ 71.960858][ T6457] ? clear_bhb_loop+0x55/0xb0 [ 71.960883][ T6457] ? clear_bhb_loop+0x55/0xb0 [ 71.960937][ T6457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.960978][ T6457] RIP: 0033:0x7fa48610e719 [ 71.960997][ T6457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.058183][ T6457] RSP: 002b:00007fa484d87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 72.058280][ T6457] RAX: ffffffffffffffda RBX: 00007fa4862c5f80 RCX: 00007fa48610e719 [ 72.058294][ T6457] RDX: 0000000000000000 RSI: 0000000020007940 RDI: 0000000000000007 [ 72.058307][ T6457] RBP: 00007fa484d87090 R08: 0000000000000000 R09: 0000000000000000 [ 72.058321][ T6457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 72.058334][ T6457] R13: 0000000000000000 R14: 00007fa4862c5f80 R15: 00007ffd6b5f57b8 [ 72.058403][ T6457] [ 72.185403][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.227649][ T6475] loop4: detected capacity change from 0 to 512 [ 72.249601][ T6475] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1049: bg 0: block 393: padding at end of block bitmap is not set [ 72.291957][ T6480] lo speed is unknown, defaulting to 1000 [ 72.299846][ T6475] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6550: Corrupt filesystem [ 72.318928][ T6475] EXT4-fs (loop4): 2 truncates cleaned up [ 72.333899][ T6475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.335066][ T6150] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.368386][ T6485] loop1: detected capacity change from 0 to 512 [ 72.379786][ T6485] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 72.433029][ T6150] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.448860][ T6485] EXT4-fs (loop1): 1 truncate cleaned up [ 72.452711][ T6493] loop2: detected capacity change from 0 to 4096 [ 72.463302][ T6485] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.517602][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.524956][ T6493] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 72.545474][ T6150] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.587920][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 72.644596][ T6150] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.673450][ T6486] lo speed is unknown, defaulting to 1000 [ 72.779895][ T6150] bridge_slave_1: left allmulticast mode [ 72.785701][ T6150] bridge_slave_1: left promiscuous mode [ 72.791411][ T6150] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.803720][ T6524] loop2: detected capacity change from 0 to 2048 [ 72.811664][ T6150] bridge_slave_0: left allmulticast mode [ 72.817351][ T6150] bridge_slave_0: left promiscuous mode [ 72.823128][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.896324][ T6524] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.988447][ T3315] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 73.011481][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.055858][ T6475] 9pnet_fd: p9_fd_create_tcp (6475): problem connecting socket to 127.0.0.1 [ 73.074082][ T3320] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 73.126912][ T6543] loop4: detected capacity change from 0 to 512 [ 73.146132][ T6543] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 73.164046][ T6543] ext4 filesystem being mounted at /236/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.215994][ T6538] FAULT_INJECTION: forcing a failure. [ 73.215994][ T6538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 73.229288][ T6538] CPU: 0 UID: 0 PID: 6538 Comm: syz.2.1069 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 73.239991][ T6538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 73.250074][ T6538] Call Trace: [ 73.253363][ T6538] [ 73.256305][ T6538] dump_stack_lvl+0xf2/0x150 [ 73.260948][ T6538] dump_stack+0x15/0x20 [ 73.265142][ T6538] should_fail_ex+0x223/0x230 [ 73.269978][ T6538] should_fail+0xb/0x10 [ 73.274214][ T6538] should_fail_usercopy+0x1a/0x20 [ 73.279269][ T6538] fpu__restore_sig+0x11d/0xb00 [ 73.284159][ T6538] ? audit_log_end+0x1d0/0x1e0 [ 73.288953][ T6538] ? kmem_cache_free+0xdc/0x2d0 [ 73.293938][ T6538] restore_sigcontext+0x1b5/0x220 [ 73.299079][ T6538] __do_sys_rt_sigreturn+0xfd/0x160 [ 73.304347][ T6538] x64_sys_call+0x28e1/0x2d60 [ 73.309055][ T6538] do_syscall_64+0xc9/0x1c0 [ 73.313588][ T6538] ? clear_bhb_loop+0x55/0xb0 [ 73.318361][ T6538] ? clear_bhb_loop+0x55/0xb0 [ 73.323067][ T6538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.329098][ T6538] RIP: 0033:0x7f443770e719 [ 73.333640][ T6538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.353274][ T6538] RSP: 002b:00007f4436381038 EFLAGS: 00000246 [ 73.359359][ T6538] RAX: 0000000000000000 RBX: 00007f44378c5f80 RCX: 00007f443770e719 [ 73.367341][ T6538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.375320][ T6538] RBP: 00007f4436381090 R08: 0000000000000000 R09: 0000000000000000 [ 73.383307][ T6538] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 73.391297][ T6538] R13: 0000000000000000 R14: 00007f44378c5f80 R15: 00007ffdffd99818 [ 73.399380][ T6538] [ 73.844454][ T6573] FAULT_INJECTION: forcing a failure. [ 73.844454][ T6573] name failslab, interval 1, probability 0, space 0, times 0 [ 73.857198][ T6573] CPU: 0 UID: 0 PID: 6573 Comm: syz.0.1077 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 73.867897][ T6573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 73.877969][ T6573] Call Trace: [ 73.881342][ T6573] [ 73.884274][ T6573] dump_stack_lvl+0xf2/0x150 [ 73.888970][ T6573] dump_stack+0x15/0x20 [ 73.893206][ T6573] should_fail_ex+0x223/0x230 [ 73.897922][ T6573] ? dup_task_struct+0x6c/0x710 [ 73.902823][ T6573] should_failslab+0x8f/0xb0 [ 73.907570][ T6573] kmem_cache_alloc_node_noprof+0x51/0x2b0 [ 73.913404][ T6573] dup_task_struct+0x6c/0x710 [ 73.918113][ T6573] ? kstrtoull+0x110/0x140 [ 73.922568][ T6573] copy_process+0x3a9/0x1f90 [ 73.927336][ T6573] ? 0xffffffff81000000 [ 73.931938][ T6573] ? selinux_file_permission+0x22a/0x360 [ 73.937743][ T6573] ? __rcu_read_unlock+0x4e/0x70 [ 73.942836][ T6573] kernel_clone+0x167/0x5e0 [ 73.947368][ T6573] ? vfs_write+0x596/0x920 [ 73.951914][ T6573] ? __pfx_kfree_link+0x10/0x10 [ 73.956898][ T6573] __x64_sys_clone+0xe8/0x120 [ 73.961609][ T6573] x64_sys_call+0x2d23/0x2d60 [ 73.966581][ T6573] do_syscall_64+0xc9/0x1c0 [ 73.971104][ T6573] ? clear_bhb_loop+0x55/0xb0 [ 73.975844][ T6573] ? clear_bhb_loop+0x55/0xb0 [ 73.980572][ T6573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.986506][ T6573] RIP: 0033:0x7fdd2e52e719 [ 73.990943][ T6573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.010579][ T6573] RSP: 002b:00007fdd2d1a0fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 74.019099][ T6573] RAX: ffffffffffffffda RBX: 00007fdd2e6e5f80 RCX: 00007fdd2e52e719 [ 74.027125][ T6573] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 74.035198][ T6573] RBP: 00007fdd2d1a1090 R08: 0000000000000000 R09: 0000000000000000 [ 74.043195][ T6573] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 74.051183][ T6573] R13: 0000000000000000 R14: 00007fdd2e6e5f80 R15: 00007ffc0def17e8 [ 74.059185][ T6573] [ 74.184197][ T29] kauditd_printk_skb: 399 callbacks suppressed [ 74.184215][ T29] audit: type=1400 audit(1730603234.664:1549): avc: denied { execute } for pid=6575 comm="syz.0.1078" path="/197/cpu.stat" dev="tmpfs" ino=1042 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 74.471514][ T6150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.482104][ T6150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.492541][ T6150] bond0 (unregistering): Released all slaves [ 74.506986][ T6527] lo speed is unknown, defaulting to 1000 [ 74.521407][ T6533] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 74.529662][ T6533] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 74.546404][ T6559] netlink: 'syz.4.1071': attribute type 11 has an invalid length. [ 74.574375][ T3320] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 74.607163][ T6150] hsr_slave_0: left promiscuous mode [ 74.615466][ T6150] hsr_slave_1: left promiscuous mode [ 74.622895][ T6150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.630491][ T6150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.649734][ T6150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.657267][ T6150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.671011][ T6150] veth1_macvtap: left promiscuous mode [ 74.676648][ T6150] veth0_macvtap: left promiscuous mode [ 74.682386][ T6150] veth1_vlan: left promiscuous mode [ 74.687667][ T6150] veth0_vlan: left promiscuous mode [ 74.744650][ T6598] __nla_validate_parse: 12 callbacks suppressed [ 74.744667][ T6598] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1079'. [ 74.784064][ T6150] team0 (unregistering): Port device team_slave_1 removed [ 74.794748][ T6150] team0 (unregistering): Port device team_slave_0 removed [ 74.850136][ T6486] chnl_net:caif_netlink_parms(): no params data found [ 74.903331][ T6486] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.910460][ T6486] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.917922][ T6486] bridge_slave_0: entered allmulticast mode [ 74.925690][ T6486] bridge_slave_0: entered promiscuous mode [ 74.933217][ T6486] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.940379][ T6486] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.947826][ T6486] bridge_slave_1: entered allmulticast mode [ 74.954628][ T6486] bridge_slave_1: entered promiscuous mode [ 75.030425][ T6486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.040258][ T29] audit: type=1400 audit(1730603235.504:1550): avc: denied { bind } for pid=6608 comm="syz.2.1083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 75.055129][ T6560] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.086595][ T6486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.234208][ T6486] team0: Port device team_slave_0 added [ 75.262611][ T6486] team0: Port device team_slave_1 added [ 75.318444][ T6623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'. [ 75.348918][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.355995][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.382171][ T6486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.393846][ T6486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.400896][ T6486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.426903][ T6486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.448870][ T6150] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.449405][ T6639] loop0: detected capacity change from 0 to 512 [ 75.515609][ T6639] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.528432][ T6639] ext4 filesystem being mounted at /199/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.531098][ T6150] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.565333][ T6649] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1089'. [ 75.582590][ T6486] hsr_slave_0: entered promiscuous mode [ 75.589123][ T6486] hsr_slave_1: entered promiscuous mode [ 75.595598][ T6486] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.604038][ T6486] Cannot create hsr debugfs directory [ 75.615161][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.636381][ T6150] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.688927][ T6150] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.703428][ T6624] lo speed is unknown, defaulting to 1000 [ 75.833358][ T6150] bridge_slave_1: left allmulticast mode [ 75.839123][ T6150] bridge_slave_1: left promiscuous mode [ 75.844961][ T6150] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.855367][ T6150] bridge_slave_0: left allmulticast mode [ 75.861103][ T6150] bridge_slave_0: left promiscuous mode [ 75.866845][ T6150] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.877352][ T29] audit: type=1400 audit(1730603236.354:1551): avc: denied { create } for pid=6678 comm="syz.1.1094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 76.219020][ C0] hrtimer: interrupt took 23250 ns [ 76.353414][ T6688] loop2: detected capacity change from 0 to 128 [ 76.412113][ T6688] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 76.426261][ T6688] ext4 filesystem being mounted at /206/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 76.591889][ T6695] loop0: detected capacity change from 0 to 512 [ 76.620741][ T6695] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.636361][ T6695] ext4 filesystem being mounted at /202/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.700895][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.828114][ T6701] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1099'. [ 77.181713][ T6150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.192179][ T6150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.204343][ T6150] bond0 (unregistering): Released all slaves [ 77.302584][ T6150] hsr_slave_0: left promiscuous mode [ 77.319791][ T6150] hsr_slave_1: left promiscuous mode [ 77.329656][ T6150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.337106][ T6150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.413983][ T29] audit: type=1400 audit(1730603237.884:1552): avc: denied { read } for pid=6708 comm="syz.0.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 77.417011][ T6150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.440733][ T6150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.476934][ T6150] veth1_macvtap: left promiscuous mode [ 77.482545][ T6150] veth0_macvtap: left promiscuous mode [ 77.488118][ T6150] veth1_vlan: left promiscuous mode [ 77.493529][ T6150] veth0_vlan: left promiscuous mode [ 77.556979][ T29] audit: type=1326 audit(1730603238.034:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6719 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb274ae719 code=0x7ffc0000 [ 77.580539][ T29] audit: type=1326 audit(1730603238.034:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6719 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fcb274ae719 code=0x7ffc0000 [ 77.624354][ T29] audit: type=1326 audit(1730603238.064:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6719 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb274ae719 code=0x7ffc0000 [ 77.647922][ T29] audit: type=1326 audit(1730603238.064:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6719 comm="syz.1.1103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7fcb274ae719 code=0x7ffc0000 [ 77.652505][ T6721] loop0: detected capacity change from 0 to 128 [ 77.706617][ T6721] EXT4-fs: Ignoring removed oldalloc option [ 77.732386][ T6721] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 77.761332][ T6721] ext4 filesystem being mounted at /206/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 77.797648][ T6150] team0 (unregistering): Port device team_slave_1 removed [ 77.811523][ T6150] team0 (unregistering): Port device team_slave_0 removed [ 77.821044][ T6721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1102'. [ 77.876351][ T6725] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1103'. [ 77.938042][ T6624] chnl_net:caif_netlink_parms(): no params data found [ 77.948693][ T3317] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 77.950811][ T6486] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 77.972673][ T6486] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 78.030307][ T6486] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 78.038663][ T6734] loop0: detected capacity change from 0 to 4096 [ 78.090139][ T6734] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 78.109335][ T6486] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 78.112921][ T6734] 9pnet_virtio: no channels available for device 127.0.0.1 [ 78.160235][ T29] audit: type=1326 audit(1730603238.614:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.0.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 78.166585][ T6486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.183678][ T29] audit: type=1326 audit(1730603238.614:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6733 comm="syz.0.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 78.236348][ T3317] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 78.256503][ T6624] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.263705][ T6624] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.294990][ T6624] bridge_slave_0: entered allmulticast mode [ 78.305680][ T6624] bridge_slave_0: entered promiscuous mode [ 78.317679][ T6486] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.345716][ T6156] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.352835][ T6156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.369933][ T6624] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.377065][ T6624] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.398829][ T6624] bridge_slave_1: entered allmulticast mode [ 78.406475][ T6624] bridge_slave_1: entered promiscuous mode [ 78.416347][ T6156] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.423456][ T6156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.475378][ T6486] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.500670][ T6624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.527059][ T6624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.541509][ T6773] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1107'. [ 78.584776][ T6486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.601680][ T6624] team0: Port device team_slave_0 added [ 78.609775][ T6624] team0: Port device team_slave_1 added [ 78.659368][ T6624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.663513][ T6796] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1108'. [ 78.666456][ T6624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.701641][ T6624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.727447][ T6624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.734609][ T6624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.760663][ T6624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.788224][ T6624] hsr_slave_0: entered promiscuous mode [ 78.795004][ T6624] hsr_slave_1: entered promiscuous mode [ 78.801205][ T6624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.809497][ T6624] Cannot create hsr debugfs directory [ 78.836903][ T6804] loop1: detected capacity change from 0 to 512 [ 78.853564][ T6804] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 78.872791][ T6804] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c018, mo2=0102] [ 78.882590][ T6804] System zones: 1-12 [ 78.887902][ T6804] EXT4-fs (loop1): 1 truncate cleaned up [ 78.894552][ T6804] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.954815][ T6624] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 78.971485][ T6624] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 78.982347][ T6624] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 78.996500][ T6624] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 79.005597][ T6824] netlink: 'syz.1.1109': attribute type 4 has an invalid length. [ 79.013560][ T6824] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1109'. [ 79.069262][ T6486] veth0_vlan: entered promiscuous mode [ 79.082416][ T6486] veth1_vlan: entered promiscuous mode [ 79.106399][ T6486] veth0_macvtap: entered promiscuous mode [ 79.120076][ T6486] veth1_macvtap: entered promiscuous mode [ 79.164523][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.175037][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.184894][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.195678][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.205625][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.216195][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.227211][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.244705][ T6624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.253662][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.264212][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.274152][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.284691][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.294710][ T6486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.305210][ T6486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.317481][ T6486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.325964][ T6847] IPv6: Can't replace route, no match found [ 79.339712][ T6624] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.360542][ T6624] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 79.370947][ T6624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.389643][ T6156] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.396760][ T6156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.405797][ T6156] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.412942][ T6156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.428975][ T6486] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.437797][ T6486] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.446640][ T6486] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.455418][ T6486] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.508504][ T6624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.523748][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 79.523769][ T29] audit: type=1400 audit(1730603240.004:1569): avc: denied { mount } for pid=6486 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 79.552220][ T29] audit: type=1400 audit(1730603240.004:1570): avc: denied { mounton } for pid=6486 comm="syz-executor" path="/root/syzkaller.hKzc0w/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 79.622866][ T29] audit: type=1326 audit(1730603240.094:1571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.646391][ T29] audit: type=1326 audit(1730603240.094:1572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.670234][ T29] audit: type=1326 audit(1730603240.094:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.693858][ T29] audit: type=1326 audit(1730603240.094:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.717913][ T29] audit: type=1326 audit(1730603240.094:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.741467][ T29] audit: type=1326 audit(1730603240.094:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.764942][ T29] audit: type=1326 audit(1730603240.094:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.788422][ T29] audit: type=1326 audit(1730603240.094:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.0.1113" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdd2e52e719 code=0x7ffc0000 [ 79.816019][ T3314] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 80.051014][ T6624] veth0_vlan: entered promiscuous mode [ 80.079172][ T6624] veth1_vlan: entered promiscuous mode [ 80.125493][ T6624] veth0_macvtap: entered promiscuous mode [ 80.140800][ T6624] veth1_macvtap: entered promiscuous mode [ 80.170255][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.180822][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.190764][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.201240][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.211149][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.221702][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.231601][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.242084][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.256600][ T6624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.273954][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.284479][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.294463][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.304950][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.315024][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.325554][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.335435][ T6624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.345990][ T6624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.373162][ T6624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.389764][ T6919] lo speed is unknown, defaulting to 1000 [ 80.392512][ T6624] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.404385][ T6624] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.413153][ T6624] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.421967][ T6624] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.431213][ T6855] ================================================================== [ 80.439342][ T6855] BUG: KCSAN: data-race in _free_event / perf_pending_task [ 80.446600][ T6855] [ 80.448949][ T6855] write to 0xffff888116f59938 of 4 bytes by task 6856 on cpu 1: [ 80.456677][ T6855] perf_pending_task+0xe8/0x220 [ 80.461583][ T6855] task_work_run+0x13a/0x1a0 [ 80.466219][ T6855] syscall_exit_to_user_mode+0xbe/0x130 [ 80.471810][ T6855] do_syscall_64+0xd6/0x1c0 [ 80.476360][ T6855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.482320][ T6855] [ 80.484667][ T6855] read to 0xffff888116f59938 of 4 bytes by task 6855 on cpu 0: [ 80.492270][ T6855] _free_event+0xcf/0xa10 [ 80.496627][ T6855] perf_event_release_kernel+0x61a/0x670 [ 80.502360][ T6855] perf_release+0x1f/0x30 [ 80.506709][ T6855] __fput+0x17a/0x6d0 [ 80.510706][ T6855] ____fput+0x1c/0x30 [ 80.514740][ T6855] task_work_run+0x13a/0x1a0 [ 80.519359][ T6855] syscall_exit_to_user_mode+0xbe/0x130 [ 80.524960][ T6855] do_syscall_64+0xd6/0x1c0 [ 80.529484][ T6855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.535419][ T6855] [ 80.537742][ T6855] value changed: 0x7eb3f003 -> 0x00000000 [ 80.543459][ T6855] [ 80.545780][ T6855] Reported by Kernel Concurrency Sanitizer on: [ 80.551946][ T6855] CPU: 0 UID: 0 PID: 6855 Comm: syz.0.1113 Not tainted 6.12.0-rc5-syzkaller-00299-g11066801dd4b #0 [ 80.562626][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 80.572690][ T6855] ==================================================================