last executing test programs: 13.830559647s ago: executing program 4 (id=1745): r0 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000040)=""/11, 0xb}, {&(0x7f0000000080)=""/185, 0xb9}, {&(0x7f0000000140)=""/246, 0xf6}], 0x3, 0x0, 0x0, 0x14004090}, 0x0) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'veth1_to_team\x00'}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000340)='blkio.bfq.time_recursive\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x1) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000380)={0x1f, 0x4, 0x3}, 0x6) setsockopt$MRT_DONE(r2, 0x0, 0xc9, 0x0, 0x0) write$cgroup_devices(r2, &(0x7f00000003c0)={'a', ' *:* ', 'w\x00'}, 0x8) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = syz_io_uring_setup(0x589, &(0x7f0000000400)={0x0, 0xe7b6, 0x8000, 0x0, 0x2bf, 0x0, r2}, &(0x7f0000000480), &(0x7f00000004c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r4, 0x660c) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) connect$vsock_stream(r2, &(0x7f0000000540)={0x28, 0x0, 0x2711, @host}, 0x10) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000580)={0x7, r5, 0x78, {0x1, 0x3}, 0x8}, 0x1) socket$netlink(0x10, 0x3, 0x8) r6 = syz_open_dev$vcsa(&(0x7f00000005c0), 0x9, 0x2001) ioctl$TIOCNXCL(r6, 0x540d) io_setup(0x400000, &(0x7f0000000600)=0x0) io_destroy(r7) getdents(r2, &(0x7f0000000640)=""/41, 0x29) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000680)='xen_cpu_load_idt\x00', r6, 0x0, 0x100000000}, 0x18) socket$inet_mptcp(0x2, 0x1, 0x106) io_uring_register$IORING_REGISTER_CLOCK(r2, 0x1d, &(0x7f0000000700)={0x1}, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000740)=@gcm_256={{0x304}, "1970e0ed9d294c60", "d319f6159bcb0334c358a8d7e61821db6345b0e2c591f3bf0ce38e4936b55a92", "093c9108", "b6bf3bfe1b283bb2"}, 0x38) getsockname$packet(r2, &(0x7f0000000780), &(0x7f00000007c0)=0x14) 13.710578409s ago: executing program 4 (id=1746): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) wait4(0xffffffffffffffff, 0x0, 0x8, 0x0) 13.352169055s ago: executing program 4 (id=1751): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) rt_sigprocmask(0x2000000, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) 13.200755157s ago: executing program 4 (id=1752): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00fffc00000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d1621017"], 0x190) syz_emit_ethernet(0x4e, &(0x7f0000002e40)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd607428dd00183afffe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x14, &(0x7f00000001c0), 0x1, 0x563, &(0x7f0000002240)="$eJzs3d9rW1UcAPDvTZP91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0WRlNl9GkY60Dtwf34osMQUVBfNd3H4f/gH/FQAdDRtEHXyo3vem6JWm7LWsy7+cDt5yTe5Nzvzn3e3pu7g0JILfG0j+FiBcj4qsk4mBEJNm6YmQrx9a2W7l3dTpdklhd/fivpLVdWm+/Vvt5+7PKCxHx2xcRxwud7TaWlucqtVp1IauPN+cvjTeWlk9cmK/MVmerFyenpk69OTX5zttv9S3W187+891Ht94/9eXRlW9+uXPoZhKn40C2bmMcT+DaxspYjGXvSSlOP7ThRB8aGybJoHeAxzKS5Xkp0jHgYIxkWQ/8/30eEatATiXyH3KqPQ9on9v36Tz4mXH3vbUToM74i2ufjcSe1rnRvpXkgTOj9Hx3tA/tp238+ucPN9Ml+vc5BMCWrl2PiJPFYuf4l2Tj3+M7uY1tHm7D+Ac751Y6/3m92/ynsD7/iS7zn/1dcvdxbJ3/hTt9aKandP73btf57/pFq9GRrPZca85XSs5fqFXTse35iDgWpd1pfbPrOadWbq/2Wrdx/pcuafvtuWC2H3eKux98zkylWXqSmDe6ez3ipa7z32S9/5Mu/Z++H2e32caRYrzSa93W8T9dqz9FvNq1/+9f0Uo2vz453joexttHRae/bxz5vVf7g44/7f99m8c/mmy8Xtt49DZ+3PNvtde6B+KPbR//lV3JJ63yruyxK5Vmc2EiYlfyYefjk/ef2663t0/jP3Z08/Gv2/G/NyI+3Wb8Nw7//PK24h9Q/888Uv8/euH2B59936v9jvjTjuvo/zdapWPZI2n/bxXXdnfwSd47AAAAAAAAGDaFiDgQSaG8Xi4UyuW1+zsOx75Crd5oHj9fX7w4E63vyo5GqdC+0n1ww/0QE9n9sO365EP1qYg4FBFfj+xt1cvT9drMoIMHAAAAAAAAAAAAAAAAAACAIbG/x/f/U3+MDHrvgKfOT35Dfm2Z//34pSdgKPn/D/kl/yG/5D/kl/yH/JL/kF/yH/JL/kN+yX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoq7NnzqTL6sq9q9Npfeby0uJc/fKJmWpjrjy/OF2eri9cKs/W67O1anm6Pr/V69Xq9UsTk7F4ZbxZbTTHG0vL5+brixeb5y7MV2ar56qlHYkKAAAAAAAAAAAAAAAAAAAAni2NpeW5Sq1WXchl4du+vmAhIoYjrp0sFIdjNxT6XBj0yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9/0XAAD//9sVMh4=") socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) sendmsg$tipc(r1, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x20000002}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a3e38c2cda49050cb32ca7040a388c75741ac07d3befc714df35dc92ff70ad041cf17b70a971c142bb89ecfe25290750e989c8666560a61b62fdc4fadef7f30b6269a669ef99be7e7ba7ddddf99949fedc0c331796988c6eedb5c66cbe2870a2affce0b550c3411a2aaf302481ee93398c0fbc0c815cfe1e78bf8fed7f19f2c2dae17a4533aa85f6b787f8072adda379118d76dbba3cebfc4c8aacbb1f79a28ec3a0ec99816e3c8721ddcde1ce73b0704063474", 0xe50}, {0x0}, {0x0}, {0x0}, {&(0x7f00000020c0)}], 0x5}, 0x0) r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) ptrace$getregset(0x4204, r5, 0x2, &(0x7f0000000880)={&(0x7f0000001240)=""/4096, 0x1000}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00'}, 0x18) ftruncate(r4, 0x2007ffc) sendfile(r4, r4, 0x0, 0x800000009) 13.038929139s ago: executing program 4 (id=1756): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x53e, &(0x7f0000000940)="$eJzs3UFvI1cdAPD/eO3d7G62SYEDVGoptGi3grWThrYRh1IkBKdKiMJ5CYkTRXHiKHbaTVRB9hMgIQRInODCBYkPgIRW4sKxQqoEZ5CKQIhuQYIDdJDtcRKcceKsnHjX+f2kybz3xjP/9xy/8YznaSaAC+vZiHgtIj5M0/SFiJjKygvZFHudqfW6Dx68vdiakkjTN/6eRJKVdbeVZPPr2WoTEfH1r0Z8Ozkat7Gzu7ZQqxW7+UpzfbPS2Nm9vbq+sFJdqW7Mzc2+PP/K/EvzM0Np542IePXLf/7h937+lVd//bm3/nTnr7e+06rWZLb8cDtOqXjcwk7TS1cmelbYeshgj6JWe0rdzNXB1rl3hvUBAKC/1jH+RyLi0xHxQkzFpeMPZwEAAIDHUPrFyfhPEpHmu9ynHAAAAHiMFNpjYJNCORsLMBmFQrncGcP7sbhWqNUbzc8u17c3ljpjZaejVFherVVnsrHC01FKWvnZdvog/2JPfi4inoyIH0xdbefLi/Xa0qh//AAAAIAL4nrP+f8/pzrn/wAAAMCYmT5+8dR51QMAAAA4Oyec/wMAAABjwPk/AAAAjLWvvf56a0q7z79eenNne63+5u2lamOtvL69WF6sb22WV+r1lfY9+9ZP2l6tXt/8fGxs3600q41mpbGze2e9vr3RvLMaE+fSIAAAAOCIJz95/w9JROx94Wp7ark86koB56K4n0qyeU7v/+MTnfl751Qp4FxcGuA1713JL3ecAI+3Ym9Bn74OjJ/SqCsAjFxywvKewTvX9lPvZPNPDb9OAADAcN38RP71/5OvC+wVzqF6wBnSieHi6vmeTz3rBy6O9vX/QQfyOFiAsVIaaAQgMM5Oef3/wDuDRkjTU1UIAAAYusn2lBTK2c97k1EolMsRN9qPBSgly6u16kxEPBERv58qXWnlZ9trJieeMwAAAAAAAAAAAAAAAAAAAAAAAAAAHWmaRAoAAACMtYjCX5LfdO7lf3Pq+cne3wcuJ/9uPxL4ckS89ZM3fnR3odncmm2Vv79f3vxxVv7iKH7BAAAAAHp1z9Pb83+NujYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJsPHry92J0GePnVYcX925ciYjovfjEm2vOJKEXEtX8kUTy0XhIRl4YQf+9eRHw8L37SqtZ+yLz4w3gTTogf09m7kBf/+hDiw0V2v7X/eS2v/xXi2fY8v/8VI/4v/7D67/9if/93qU//vzFgjKfe/WWlb/x7EU8V8/c/3fhJn/jPDRj/W9/Y3e23LP1pxM3u9097j3c4wkGq0lzfrDR2dm+vri+sVFeqG3Nzsy/PvzL/0vxMZXm1Vs3+5sb4/tO/+vC49l/L/f5Lstr0b//zOdvL+07677t3H3y0m9k7Gv/Wcznxf/uz7BVH4xeyOJ/J0kn2XrXTe53387BnfvG7Z45r/9JB+0un+f/f6rfRXkc6ytODfnQAgDPQ2NldW6jVqltjm2idpT8C1bjoiW++/wh+2L471A2maZq2+lTOovsRMch2khhySwv59TlI9P2njHrPBAAADNvBQf+oawIAAAAAAAAAAAAAAAAAAAAX13ncZa035sEtkJNh3EIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//A/7SsQ==") 12.615110596s ago: executing program 4 (id=1760): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000000000}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2}, 0x0, 0x5, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48) 12.614919846s ago: executing program 32 (id=1760): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x90, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8000000000000000}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x2}, 0x0, 0x5, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0a000000020000000900000008"], 0x48) 2.897705255s ago: executing program 2 (id=1881): r0 = socket(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f000000000000000000", 0x19) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000100)={'tunl0\x00', 0x0, 0x40, 0x10, 0xe, 0x0, {{0xa, 0x4, 0x1, 0x38, 0x28, 0x68, 0x0, 0xc, 0x29, 0x0, @broadcast, @broadcast, {[@ra={0x94, 0x4}, @cipso={0x86, 0xa, 0x2, [{0x1, 0x4, "5bf4"}]}, @ra={0x94, 0x4}, @end]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'gre0\x00', 0x0, 0x8, 0x10, 0x3, 0x5, {{0x18, 0x4, 0x3, 0x6, 0x60, 0x65, 0x0, 0x6, 0x4, 0x0, @broadcast, @broadcast, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0xf, 0x7, [@rand_addr=0x64010100, @private=0xa010100, @broadcast]}, @rr={0x7, 0xf, 0x8d, [@private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100]}, @ra={0x94, 0x4}, @generic={0x82, 0x9, "4d364dfb09e18f"}, @ra={0x94, 0x4}, @noop, @end, @rr={0x7, 0x17, 0xcc, [@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @remote, @multicast2, @empty]}]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000008000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@version_9p2000}]}}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x20008810) r7 = socket$can_j1939(0x1d, 0x2, 0x7) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x12, 0xa01, 0x0, 0x0, {0x80, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0) bind$can_j1939(r7, &(0x7f0000000100), 0x18) socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_DISABLE_BEARER(r9, &(0x7f00000007c0)={0x0, 0xfffffffffffffe77, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, 0x0, 0x1, 0x0, 0x0, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}}, 0x2c}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000001c0)={'sit0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r11, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8, 0x2, 0xffff8001}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x48801}, 0x0) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14) 2.58549904s ago: executing program 2 (id=1886): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0b00000005000000020000000400000025400300", @ANYRES32, @ANYBLOB='\x00'/17, @ANYRES32=0x0, @ANYRES32, @ANYBLOB, @ANYBLOB], 0x50) r2 = epoll_create1(0x0) flistxattr(r2, 0x0, 0x0) 2.517669201s ago: executing program 2 (id=1888): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r0 = socket(0x22, 0x6, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x80000000, 0xa6, 0xfffffffd, 0x3, 0xb, "182ea5cf616750f446c831272fdb4d76c96143"}) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r4, 0x0) connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) gettid() rt_tgsigqueueinfo(0x0, r2, 0x40, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32], 0x18}}], 0x1, 0x0) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) sendmsg$FOU_CMD_GET(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="2c00000066b2feb6ea34d7054fa58264ceb9cc7b045a6422f046308c5064a9c43032be311319aff50fa9e04132997c04646fa4871e6ebee173770509419bf90966bc0bb817c55264d0ba6da71b5fcb03e376e6e325fe07c8404540fb8944c515986b671873691236c2612edd29e60b93bdc94cbffd38caa2e90c0f0b71c60585531edfcbab28bf255002c9106a7a4c026e2599a0100fdfb0218abfb184aaa767acc6", @ANYRES16=r5, @ANYBLOB="000125bd7000ffdbdf2503000000060001004e21000006000a004e22000008000600ffffffff"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x40) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8) 1.575258176s ago: executing program 2 (id=1913): socket$inet_smc(0x2b, 0x1, 0x0) r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x56) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0xf62c, 0x800, 0x3, 0x37d}, &(0x7f0000000340)=0x0, &(0x7f0000000280)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1b, 0xf, &(0x7f00000006c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB="61a0d31f326c682341722b37d11e09aea8e2f55a4de66ef6b9a68450c89fcf02081e2845a74d17ec8e23588495cf828f41f6098de59f39cdfebc1000cb73366e6e9b7f20c06c533ffe56983f3ab0433d8bc8c1b6b1410a6ac00c1b78b744ad54e9cc75cf9ccf07ef9a98779e0d7481c1a0b1f4f36cc3d6cacd1340f5c67738b76b5858c8c2b1a0ec3a35e2f01ca959392ac171be580d1ef7a989caea3ba758a63a3affbdc471b99684b471bcef9fb34091ac1a8c5e4349d32078f267e627ef5d0b3022eb6f02e193bde25b45361bff84e6a2be2d96ba2ea26af46a4f6fa5601d128ce054cbafa4e4", @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x2d) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x103f81af530ab711, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x20000000000001d5, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffea2}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x10) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000001400048008000140000000000800024000000b002c000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xb4}}, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYRESHEX=r6, @ANYRESOCT=r7, @ANYBLOB="0000007b9df8e4b6130000bfa200943c000000070a0000f8ffffffb703000008000000b704000000000000850000000100ecff95"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0xffffffffffffffca, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r12}, 0x10) r13 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x3f) ioctl$TIOCSETD(r13, 0x5423, 0x0) r14 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r14, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) write$cgroup_subtree(r1, &(0x7f00000006c0)=ANY=[], 0xfe33) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socket(0x10, 0x3, 0x0) 1.159658932s ago: executing program 5 (id=1919): ioctl$USBDEVFS_FORBID_SUSPEND(0xffffffffffffffff, 0x5521) 1.122567513s ago: executing program 5 (id=1920): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[], 0x50) socket$kcm(0x29, 0x2, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20400, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f00007fe000/0x800000)=nil) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000020000090900010073797a31000000007c000000030a01040000000000000000020000060900010073797a31000000000900030073797a300000000014000480080001400000000308000240"], 0xc4}, 0x1, 0x0, 0x0, 0x24004900}, 0x2000) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x2) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0xf, 0x0, 0x0, 0x4}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000540)=ANY=[@ANYBLOB="18080000b00000000000000004000400851000000600000018100000", @ANYRES32=r0, @ANYBLOB="0000000000000000000000000010000018000000f8ffffff00000000000000009500000000000000950a000000000000215eebb4f0e230b0e88901"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) r3 = msgget$private(0x0, 0x790) msgctl$IPC_RMID(r3, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x30}, 0x18) socket(0x2, 0x2, 0x1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{}, {0xffffffff, 0xffffffff}]}) timer_create(0x1, &(0x7f0000000780)={0x0, 0x15, 0x5999f2f8a25f11f4, @thr={&(0x7f00000005c0)="32ee638dc247dccb18e93b9e6ac5f99530f608e054ef80afca3dc744c0f83d5f9612627465c19347b2d21acd8d415dbd6d6d90cf3776628ba4a3e3ddcaf2826462f715403094b7daabf083528603832a9e6b29a04dca829859a830d169cfc8ed6124ccb2d0a127178a96ce7675d50a9d02099be9deef5483f4bcdbb6b72307c49493361ac2ad0d4a634e79d47c6c30df4ad57a32e8d06509e2eeadb6f48f41ced9eb5e22c0ead160687d723f7203a71ec95ba29e041d3a298de3e9e027fe8ec40e3c5398e31e5c1bdeb62b9ababa02", &(0x7f00000006c0)="5a5a250b1289fe412412a9541a9932665f19c779613a78087641faab4735f59ca95731630f53531762f44e1ec94ef869e247d59ee3849aa7c63e510d8d6326c38b59091299fb58288ef80e7664b350fa1606f7d0151fce9ce18a0c0b007deafded17007a48fea3477bb6430eadbef8b490f7fc8437a00448fad408636e8a43c430848b7e80006686776e658c29aa731b97617ddd5123abebedca0f"}}, &(0x7f00000007c0)=0x0) timer_delete(r5) 1.121473343s ago: executing program 3 (id=1921): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0106000000e800001ad58bef77d3f113caab1ea3da96d1cec2fa684f2c00048073744000696e6b000014000780080003d64f1e7346ce3e831f0b5460fdfd813021e6ed878fe7cdf27e61ac25fbea6e06dfc90dc672e89d7cf107016f012078ea8a826459c2abe0e5c5de64fafffb3d39852ee18e743a5731e7af042926c5f64c48d73c9203f14fabfc4cec08f923771c101577b514c24459610d78b9955269a9826bed6a2f55101426a8543a88225bfc35c241f9dacb00"/193], 0x40}}, 0x0) socket$kcm(0x2, 0xa, 0x2) r3 = socket$can_raw(0x1d, 0x3, 0x1) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r6, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r3, &(0x7f00000000c0)={0x1d, r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000850000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) lchown(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0) 1.085909423s ago: executing program 5 (id=1922): socket$kcm(0x29, 0x2, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x80, 0x4, 0x20}) bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=ANY=[@ANYBLOB="05000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000005bcb00001860000000010000680000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0}, 0x94) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff00000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000952a9e6400"/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000100)='mm_lru_insertion\x00', r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r5}, 0x10) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) (async) rename(&(0x7f0000000600)='./file0\x00', &(0x7f00000006c0)='./file0\x00') write$cgroup_type(r6, &(0x7f0000000180), 0x40010) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x10000002}, 0x18) (async) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010200000000000000020000000900010073797a300000000040000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000001400048008000140000000000800024000000b002c000000030a03000000000000000000020000000900010073797a300000000009000300"], 0xb4}}, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x4c}, 0x1, 0x0, 0x0, 0x20000094}, 0x44001) (async) socket$inet(0x2, 0x3, 0x3) (async) sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x54, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x4ec, 0x21}}}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x7}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x54}, 0x1, 0x0, 0x0, 0x2000}, 0x40) (async) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000740ab487b1b512f33a8dbd67a8b35f2405127f309901ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d93c0857ecac854ac51ad69639d98adb2c1464e444cc1a6a2e7ee244622433b51f58606b063f4938101a7e764c957eba2e913b2ac10435471fa769740a1275cb467e5264b71bc8727fc12e9aba46e4a8abf3dda91e0da608d6a0a35573d5524fb25451cc230518"], 0x558}}, 0x40) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x1, 0x0, 0x5, 0x3}) (async) fcntl$lock(r0, 0x26, &(0x7f0000000040)={0x1, 0x2, 0x9, 0x401}) (async) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x8001, 0x401}, 0x100002, 0x0, 0xfffffffc, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) 1.054881384s ago: executing program 5 (id=1923): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0500000004000000ff0f00000500000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r0 = socket(0x22, 0x6, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f0000000200)={0x80000000, 0xa6, 0xfffffffd, 0x3, 0xb, "182ea5cf616750f446c831272fdb4d76c96143"}) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r4, 0x0) connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) gettid() rt_tgsigqueueinfo(0x0, r2, 0x40, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32], 0x18}}], 0x1, 0x0) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) sendmsg$FOU_CMD_GET(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="2c00000066b2feb6ea34d7054fa58264ceb9cc7b045a6422f046308c5064a9c43032be311319aff50fa9e04132997c04646fa4871e6ebee173770509419bf90966bc0bb817c55264d0ba6da71b5fcb03e376e6e325fe07c8404540fb8944c515986b671873691236c2612edd29e60b93bdc94cbffd38caa2e90c0f0b71c60585531edfcbab28bf255002c9106a7a4c026e2599a0100fdfb0218abfb184aaa767acc6", @ANYRES16=r5, @ANYBLOB="000125bd7000ffdbdf2503000000060001004e21000006000a004e22000008000600ffffffff"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x40) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x7c8) 1.054439393s ago: executing program 3 (id=1924): r0 = socket(0xa, 0x5, 0x0) r1 = epoll_create1(0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r3}, 0x18) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x2017be01}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000000)={0x40000000, 0x300}) 1.022685114s ago: executing program 3 (id=1925): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x53e, &(0x7f0000000940)="$eJzs3UFvI1cdAPD/eO3d7G62SYEDVGoptGi3grWThrYRh1IkBKdKiMJ5CYkTRXHiKHbaTVRB9hMgIQRInODCBYkPgIRW4sKxQqoEZ5CKQIhuQYIDdJDtcRKcceKsnHjX+f2kybz3xjP/9xy/8YznaSaAC+vZiHgtIj5M0/SFiJjKygvZFHudqfW6Dx68vdiakkjTN/6eRJKVdbeVZPPr2WoTEfH1r0Z8Ozkat7Gzu7ZQqxW7+UpzfbPS2Nm9vbq+sFJdqW7Mzc2+PP/K/EvzM0Np542IePXLf/7h937+lVd//bm3/nTnr7e+06rWZLb8cDtOqXjcwk7TS1cmelbYeshgj6JWe0rdzNXB1rl3hvUBAKC/1jH+RyLi0xHxQkzFpeMPZwEAAIDHUPrFyfhPEpHmu9ynHAAAAHiMFNpjYJNCORsLMBmFQrncGcP7sbhWqNUbzc8u17c3ljpjZaejVFherVVnsrHC01FKWvnZdvog/2JPfi4inoyIH0xdbefLi/Xa0qh//AAAAIAL4nrP+f8/pzrn/wAAAMCYmT5+8dR51QMAAAA4Oyec/wMAAABjwPk/AAAAjLWvvf56a0q7z79eenNne63+5u2lamOtvL69WF6sb22WV+r1lfY9+9ZP2l6tXt/8fGxs3600q41mpbGze2e9vr3RvLMaE+fSIAAAAOCIJz95/w9JROx94Wp7ark86koB56K4n0qyeU7v/+MTnfl751Qp4FxcGuA1713JL3ecAI+3Ym9Bn74OjJ/SqCsAjFxywvKewTvX9lPvZPNPDb9OAADAcN38RP71/5OvC+wVzqF6wBnSieHi6vmeTz3rBy6O9vX/QQfyOFiAsVIaaAQgMM5Oef3/wDuDRkjTU1UIAAAYusn2lBTK2c97k1EolMsRN9qPBSgly6u16kxEPBERv58qXWnlZ9trJieeMwAAAAAAAAAAAAAAAAAAAAAAAAAAHWmaRAoAAACMtYjCX5LfdO7lf3Pq+cne3wcuJ/9uPxL4ckS89ZM3fnR3odncmm2Vv79f3vxxVv7iKH7BAAAAAHp1z9Pb83+NujYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJsPHry92J0GePnVYcX925ciYjovfjEm2vOJKEXEtX8kUTy0XhIRl4YQf+9eRHw8L37SqtZ+yLz4w3gTTogf09m7kBf/+hDiw0V2v7X/eS2v/xXi2fY8v/8VI/4v/7D67/9if/93qU//vzFgjKfe/WWlb/x7EU8V8/c/3fhJn/jPDRj/W9/Y3e23LP1pxM3u9097j3c4wkGq0lzfrDR2dm+vri+sVFeqG3Nzsy/PvzL/0vxMZXm1Vs3+5sb4/tO/+vC49l/L/f5Lstr0b//zOdvL+07677t3H3y0m9k7Gv/Wcznxf/uz7BVH4xeyOJ/J0kn2XrXTe53387BnfvG7Z45r/9JB+0un+f/f6rfRXkc6ytODfnQAgDPQ2NldW6jVqltjm2idpT8C1bjoiW++/wh+2L471A2maZq2+lTOovsRMch2khhySwv59TlI9P2njHrPBAAADNvBQf+oawIAAAAAAAAAAAAAAAAAAAAX13ncZa035sEtkJNh3EIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//A/7SsQ==") 939.622675ms ago: executing program 3 (id=1928): r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$inet6(r1, &(0x7f0000000340)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "a6341a1a379332f5", "1fd33c81cf7995313c09de00fd6ded74", "62266bd8", "1e00040000000100"}, 0x28) write$binfmt_script(r1, &(0x7f0000000500)={'#! ', './file0'}, 0xb) close_range(r0, r1, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000340)={0x1, 0x1}) 824.754127ms ago: executing program 0 (id=1930): r0 = socket(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500001000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'erspan0\x00', &(0x7f0000000100)={'tunl0\x00', 0x0, 0x40, 0x10, 0xe, 0x0, {{0xa, 0x4, 0x1, 0x38, 0x28, 0x68, 0x0, 0xc, 0x29, 0x0, @broadcast, @broadcast, {[@ra={0x94, 0x4}, @cipso={0x86, 0xa, 0x2, [{0x1, 0x4, "5bf4"}]}, @ra={0x94, 0x4}, @end]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'gre0\x00', 0x0, 0x8, 0x10, 0x3, 0x5, {{0x13, 0x4, 0x3, 0x6, 0x4c, 0x65, 0x0, 0x6, 0x4, 0x0, @broadcast, @broadcast, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0xf, 0x7, [@rand_addr=0x64010100, @private=0xa010100, @broadcast]}, @rr={0x7, 0xf, 0x8d, [@private=0xa010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100]}, @ra={0x94, 0x4}, @generic={0x82, 0x9, "4d364dfb09e18f"}, @ra={0x94, 0x4}, @noop, @end]}}}}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000008000008500000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r5}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@version_9p2000}]}}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x20008810) r7 = socket$can_j1939(0x1d, 0x2, 0x7) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x12, 0xa01, 0x0, 0x0, {0x80, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x0) bind$can_j1939(r7, &(0x7f0000000100), 0x18) socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r9, &(0x7f00000007c0)={0x0, 0xfffffffffffffe77, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, r10, 0x1, 0x0, 0x0, {{}, {}, {0x10, 0x13, @udp='udp:syz1\x00'}}}, 0x2c}}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000001c0)={'sit0\x00'}) getsockname$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14) 821.723247ms ago: executing program 3 (id=1931): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = mq_open(&(0x7f0000000480)='!>f\b\xbb\xa4C\xc4\xac\xfasel8A\xce\xdd\xac\x94W\x87\x00\x02\x00\x10\x00\x00\x00\x00\xd7\\', 0x40, 0x5f, &(0x7f0000000440)={0x2000000000002000, 0x2000001, 0x4000000000004, 0x3}) madvise(&(0x7f00001e5000/0x3000)=nil, 0x3000, 0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x5f, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x6ab344bb741060b0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) sync() bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0xfffffffffffffda0, 0x0, 0x0, 0x46, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]}) setgroups(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2) flock(r1, 0x2) close(0xffffffffffffffff) close_range(r0, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x800) socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) llistxattr(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000001200), 0xffffffffffffffff) r3 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f00000007c0)={'fscrypt:', @desc2}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441700322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6de6269613800", 0x1}, 0x48, 0xfffffffffffffffb) keyctl$KEYCTL_MOVE(0x4, r3, 0x0, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x4, r3, r3, r3, 0x0) unshare(0x20400) inotify_rm_watch(0xffffffffffffffff, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4) 746.754439ms ago: executing program 0 (id=1932): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[], 0x50) socket$kcm(0x29, 0x2, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20400, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f00007fe000/0x800000)=nil) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000020000090900010073797a31000000007c000000030a01040000000000000000020000060900010073797a31000000000900030073797a300000000014000480080001400000000308000240"], 0xc4}, 0x1, 0x0, 0x0, 0x24004900}, 0x2000) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x2) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0xf, 0x0, 0x0, 0x4}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000540)=ANY=[@ANYBLOB="18080000b00000000000000004000400851000000600000018100000", @ANYRES32=r0, @ANYBLOB="0000000000000000000000000010000018000000f8ffffff00000000000000009500000000000000950a000000000000215eebb4f0e230b0e88901"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) r3 = msgget$private(0x0, 0x790) msgctl$IPC_RMID(r3, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x30}, 0x18) socket(0x2, 0x2, 0x1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{}, {0xffffffff, 0xffffffff}]}) timer_create(0x1, &(0x7f0000000780)={0x0, 0x15, 0x5999f2f8a25f11f4, @thr={&(0x7f00000005c0)="32ee638dc247dccb18e93b9e6ac5f99530f608e054ef80afca3dc744c0f83d5f9612627465c19347b2d21acd8d415dbd6d6d90cf3776628ba4a3e3ddcaf2826462f715403094b7daabf083528603832a9e6b29a04dca829859a830d169cfc8ed6124ccb2d0a127178a96ce7675d50a9d02099be9deef5483f4bcdbb6b72307c49493361ac2ad0d4a634e79d47c6c30df4ad57a32e8d06509e2eeadb6f48f41ced9eb5e22c0ead160687d723f7203a71ec95ba29e041d3a298de3e9e027fe8ec40e3c5398e31e5c1bdeb62b9ababa02", &(0x7f00000006c0)="5a5a250b1289fe412412a9541a9932665f19c779613a78087641faab4735f59ca95731630f53531762f44e1ec94ef869e247d59ee3849aa7c63e510d8d6326c38b59091299fb58288ef80e7664b350fa1606f7d0151fce9ce18a0c0b007deafded17007a48fea3477bb6430eadbef8b490f7fc8437a00448fad408636e8a43c430848b7e80006686776e658c29aa731b97617ddd5123abebedca0f"}}, &(0x7f00000007c0)=0x0) timer_delete(r5) 697.20144ms ago: executing program 3 (id=1934): r0 = socket(0x28, 0x2, 0xfffffffe) r1 = epoll_create1(0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7fff}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r3}, 0x18) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r10}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r11}, 0x18) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r9}, &(0x7f0000000000), &(0x7f0000000080)=r5}, 0x20) sendmsg$inet(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvfrom(r6, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0) r12 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r12, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r13}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r15, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r14, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x9}], 0x2, 0x0, 0x0) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000140)=0x800000e9, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x2017be01}) 687.313609ms ago: executing program 0 (id=1935): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0106000000e800001ad58bef77d3f113caab1ea3da96d1cec2fa684f2c00048073744000696e6b000014000780080003d64f1e7346ce3e831f0b5460fdfd813021e6ed878fe7cdf27e61ac25fbea6e06dfc90dc672e89d7cf107016f012078ea8a826459c2abe0e5c5de64fafffb3d39852ee18e743a5731e7af042926c5f64c48d73c9203f14fabfc4cec08f923771c101577b514c24459610d78b9955269a9826bed6a2f55101426a8543a88225bfc35c241f9dacb00"/193], 0x40}}, 0x0) socket$kcm(0x2, 0xa, 0x2) r3 = socket$can_raw(0x1d, 0x3, 0x1) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a000000020000000110000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r6, 0x400, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r3, &(0x7f00000000c0)={0x1d, r7}, 0x10) lchown(&(0x7f00000003c0)='./file1\x00', 0x0, 0x0) 644.88866ms ago: executing program 2 (id=1937): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0x2000007d, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x48) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r4 = dup(r3) write$P9_RLERRORu(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r4, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) creat(&(0x7f00000003c0)='./file0\x00', 0x36) 566.340291ms ago: executing program 2 (id=1938): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48) r0 = socket(0x22, 0x6, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r4, 0x0) connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r4, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) 520.737002ms ago: executing program 0 (id=1939): syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32, @ANYRES16=r1], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 382.588124ms ago: executing program 1 (id=1940): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f50850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) ioctl$SNAPSHOT_FREE(r0, 0x3305) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x36, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x0, 0x10000, 0x0, 0x7, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f0000001540)=0x0) io_submit(r4, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r3, 0x0}]) ioctl$TIOCL_GETMOUSEREPORTING(r3, 0x541c, &(0x7f0000000080)) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/seq/clients\x00', 0x0, 0x0) 336.835355ms ago: executing program 0 (id=1941): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10) sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0xf5}}, 0x10, 0x0}, 0x0) 320.528675ms ago: executing program 0 (id=1942): r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000010) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f0000000040)=0x80000001, 0x4) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x10, 0x0, @fd_index=0x3}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_setup(0x1083f, &(0x7f00000000c0)={0x0, 0x589e, 0x0, 0x1, 0xa002ae}, &(0x7f0000000300)=0x0, &(0x7f0000000200)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0) r2 = syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file2\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x360, &(0x7f0000000b00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPFhBXdm3ZPPWl5g0/trvB0omM/PszmQn5dm0m718+/MPKiVLK+kNiSaVRERErkSyEpVAxH+MuuWEhB3KSzO///j8+mYx6VWolfzGyzml1Nz8dx9+kvK7nU3LRfbdy99yv148ffHs5T8b75ctVbZUtdZQutqu/dzQt01D7ZatiqbUqmnolqHKVcuoe+3f+Nsxa3t7TaVXd2fTe3XDspRebaqK0VSNmmrUm0p/Ty9XlaZpajYtuEnxeG1Nzw8ZvDPiwWBM6vW8PiUiqZ6W4vFEBgQAACaqO/+POin9MPn/lswVCstryunczv9PXjhvzLx1Oufn/2eJfvn/Kz952+rI/53TiXb+X/POD0o35/9fyh3y/96M6HEZOv/PjmEwGM58oqcq0vHMyf/T/vvXdfTOyaJbIP8HAAAAAAAAAAAAAAAAAAAAAOBJcGXbGdu2M8Fj8NO+hMB/jgdp0PGfFpGkc/Rtjv9Dtr65JUn3wj3nGJuf7Rf3i96j3+FcREwx/ra7OWsjuPJIObLyvXngxx/sF6fclnxJyk68LElGsu56CsXb9sobheUl5fHjW5cppcPxOcnIU+H4b93V6cTnOuP9/SfkxYVQvCYZ+WFHamLKrhvZ3v+nS0q9/mahKz7l9hORX+79oAAAAAAAMGKaaul7/q5pg9q9bxnJl9yPiQxZlIz81f/8frHv+Xks81xs0rMHAAAAAOBxsJofV3SJGnW3YJr9CikZ2DSCQqyjJi4ifTsnumri1215KjTD244nId4dTP7rvL4KXtW7RAX/SOEMvNXk31FFhhtPMH+3JhJrNf1513lFDsVdAIfhpqjcIjzWPfh5p0L17bwwcDtH/kRaNcHHRokBr7Os9m4nes1KiPfU2JHhFsAzX3z9x+jeIK+e+ivgo5s7H5mGfSC3OShdBWcXvU3xsf/iAQAAAHDv2kl/UPNauDl8I5HwzXL4yz0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM0lq/06ypMeo4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/8W/AQAA//9/d/Qh") perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x37, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0xd}, 0x4c58, 0x10000, 0x0, 0x1, 0x8, 0x20002, 0xb, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0x1, 0x12) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r3, 0x800448d4, &(0x7f0000000000)={0x0, 0xe, "e900", 0xc}) fsetxattr$trusted_overlay_nlink(r2, &(0x7f0000000040), &(0x7f00000000c0)={'U+', 0xe4a}, 0x16, 0x0) r4 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0xa48a, @ipv4={'\x00', '\xff\xff', @loopback}, 0xf6f}, 0x1c) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x100000df, @empty}, 0x1c) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r5 = inotify_init1(0x800) inotify_add_watch(r5, &(0x7f00000002c0)='./file0\x00', 0x500082c) lsetxattr$security_selinux(&(0x7f0000000400)='./file2\x00', &(0x7f0000000000), &(0x7f0000000340)='system_u:object_r:scsi_generic_device_t:s0\x00', 0x2b, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x40) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000002540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6e, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) symlink(0x0, 0x0) 186.491557ms ago: executing program 1 (id=1943): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000580)='./file0\x00', 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="002918d910d46be7099c66b02010b1f0b7c3dc1dabe625969fb0adc922385af53d57a1d35dd71c90d9dd649b53142dd3d4108b4c7db82e8475d5bb6fa2fa626cd92c7326ce1ba2f33b0aef2b2164e01d910058000084696959ea7f5a607a6572d2640cf9312a07000000260e3651a0cbfd2c080990fb4c76e9e613a759863734a70d0600ec77e8ba76aacbb21e4b903aa4873a9951f269a9c0f87805a1a0cbdf6b8644a1de05a8d9dd9687d67c8af7f68cb59e60d1fbefb49b93d6b72cce4162edc4468a13987d94d428df36915621aeff6dc1358a7331fa69e05c417c0196322e1e6b8dc29c496c76d02dfc2d7b48616fb3f01b221f4f8f484a00090964922de8909a1f9f7ef655a12a68a56cb341a8fba4cd81cedec9cb518d13d2a2564427b63b037494748a24daa21fe1256df68d000b2778bf0437cc642cd83c5a1b34eeffdf93ecbd85bb340eeef68dd60101769c74f94d217264c171feea0305bfc87c36247d90b129a9973f00000001d99b195d2f75653a0193672783c6dbca5d1445110621d8095064f0a034f492cf5aa4767a772d6f4967722546bfd83d3202f76c20a9d7f40f9e7818d77129df7fd072804e0227ecaa03dddd303a318d6f7763ce011543587e6a306780ca2f37db7e8a5b64a5059ac91ff2110e40ea13d70e1504653ba9eebcf61b427797fb3fd79d2bb9aaa13c9729fe323c4ac222991981381e004684fb200b17d2f6ede181067662ad8a31f45b613869ca8fc5b1dbe62407a1f6dcb86a4c430210e9bcfca9b83283b87316c4d17f388e0bab0500000092a82e12f8e5348f11e7739033e9081bfc598746cf032fa55d0300470000000019ac65f89ca7d96da3ca2db52f8ec80462fddf42dbbca24b720000000000000000000000000000005214e7febdbc00"], 0x1, 0x120b, &(0x7f0000002300)="$eJzs3M9rXFUUB/CTNv1hajJRa7UF6UE3unk2WbhyEyQF6YDSNoVWEF7NRIeZzIS8ITBFbHdu/TvEpTtB/AeyceNacJeNyy7EJ84LtglxEcFOWz6fzRzm3i9zH28YeJd7Zu/9bzZ7G1WxUY7ixMxMzG5F5MOMjBNxMhoP4p1bv/z6xo3bd66ttNur1zOvrtxcei8zFy7/+MmX37350+jcre8XfjgTu4uf7v2+/Nvuhd2Le3/e/KJbZbfKwXCUZd4dDkfl3X4n17tVr8j8uN8pq052B1Vn+8D4Rn+4tTXOcrA+P7e13amqLAfj7HXGORrmaHuc5edld5BFUeT8XPDfnY61bx/WdR1R16fidNR1Xb8Qc3EuXoz5WIhWLMZL8XK8Eufj1bgQr8XrcXEya9orBwAAAAAAAAAAAAAAAAAAgOeL/n8AAAAAAAAAAAAAAAAAAACYPv3/AAAAAAAAAAAAAAAAAAAAMH36/wEAAAAAAAAAAAAAAAAAAGD6bty+c22l3V69nnk2YvPrnbWdtea1GV/ZiG70oxNXohV/xKT7v9HUVz9sr17JicV4d/P+fv7+ztrJg/mlyd8JHJlfavJ5MH8m5h7PL0crzh+dXz4yfzbefuuxfBGt+PmzGEY/1uPv7KP8V0uZH3zUPpS/NJkHAAAAz4Mi/3Hk83tR5MxMM/XQePPmv+8P1K1D+wOHnq9n49LsFC+ciWp8r1f2+53tZ6vY/0rGvV55+WlYj+IYxf69e/C0rOcZLU5FxP/4EVP8UeKJeXTTp70SAAAAAAAAAAAAjuMYBwNnm/O2xz9OOO1rBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5iB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcFAAD//78558w=") rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000001300)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r2, 0x10001, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000020000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_open_dev$tty20(0xc, 0x4, 0x0) r6 = creat(&(0x7f0000000100)='./file0\x00', 0x3) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000003c0)={0x0}, &(0x7f0000000400)=0xc) syz_open_procfs(r8, &(0x7f0000000440)='net/udp\x00') write$qrtrtun(r6, &(0x7f0000000300)="ca0e808bb35bda", 0x7) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r7, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], &(0x7f0000000500)=[0x2], 0x0, 0x2000000000000088}}, 0x40) r9 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000c80)=@o_path={&(0x7f0000000c40)='./file0\x00', 0x0, 0x4010, r7}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000cc0)={&(0x7f0000000480)='rpcgss_createauth\x00', r9, 0x0, 0x5502}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) write$selinux_validatetrans(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="7379737465745f723a6465766963656b69745f657865635f743a73302073797374656d5f753a6f626a8e0bdfc8723a6b6c6f67645f7661725f72756e5f743a7330203030303030303030303030303030303635353337202f7362696e2f6468636c69656e7400"/111], 0x6f) openat$tun(0xffffffffffffff9c, 0x0, 0xa2f01, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000240), 0x1, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x35c26d572c4a5ad, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10) clock_gettime(0x1, &(0x7f00000000c0)) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000200)=0x7ffffffc) close(r0) 156.526348ms ago: executing program 1 (id=1944): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x159d0682f53ea167, 0x2, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = mq_open(&(0x7f0000000480)='!>f\b\xbb\xa4C\xc4\xac\xfasel8A\xce\xdd\xac\x94W\x87\x00\x02\x00\x10\x00\x00\x00\x00\xd7\\', 0x40, 0x5f, &(0x7f0000000440)={0x2000000000002000, 0x2000001, 0x4000000000004, 0x3}) madvise(&(0x7f00001e5000/0x3000)=nil, 0x3000, 0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x19, 0x5f, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYRES32], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x6ab344bb741060b0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) sync() bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0xfffffffffffffda0, 0x0, 0x0, 0x46, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]}) setgroups(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x2) flock(r1, 0x2) close(0xffffffffffffffff) close_range(r0, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, 0x800) socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10) llistxattr(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000001200), 0xffffffffffffffff) r3 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f00000007c0)={'fscrypt:', @desc2}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441700322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6de6269613800", 0x1}, 0x48, 0xfffffffffffffffb) keyctl$KEYCTL_MOVE(0x4, r3, 0x0, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x4, r3, r3, r3, 0x0) unshare(0x20400) inotify_rm_watch(0xffffffffffffffff, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000), 0x4) 135.865068ms ago: executing program 5 (id=1945): syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/FH50/9GTqJCAqqp7ypiIPbdaAjNKKBUS4sITjmWY2dtrEzVpNwCwJvuuimf9cVRAhCdBEEYhddhRLeddGdd15kV0lEJ+Y0N5tapk7y/brYHvZ8P4fv+bPD9h1s+vjda9GwY4TNlFTXV0l1u+RktkqapVoW5OTI9ZH3+85duHg6EAx2nFXtDHT7/KradGC09+bwobHUjvMvm17XyXjzpekZ/9T47vE909+7r0YcjTgai6fU1L54PGX22Zb233eihuoZ2zIdSyMxx0qW9MN2PJHIqBnrb2xIJC3HUTOW0aiV0VRcU8mMmlfMSEwNw9DGBsHKhtOPAst3Q89nXVdmUu9cty4nruvmX6zfxOmhwubOv+sWnf87lZ4SNlHRTb1exB5Kh9KhwnOhHwhLRGyxpFW88k3y14j7eMSdu1Tyjzf8I8HJo2/fqGqzDNrZ+Xw2HfKU5n3idT2FTEGh7jwV7PBpQWn+P2kozvvFK7vK5/1l87VyuKUob4hXJi9LXGyZGD34Zapr6MFCftCneqIruCT/v/QvHqZnnyt0fgAAAAAAAAAAWAtDfyq7fm/kB9weUNXGJf1CvtzvA0vX51vLrs/XyN6ayu47AAAAAADbhZMZiJq2bSX/ssh/lV+P7fx7xZNbvz94f+fKY1raPBPtH3KJrbBff1B87dkS0ygtZH71abXBnnV+pywWn9ZlO1Xz81t+zMnejy9W3U7tL8dnOWMbf1cCAAAAsBEWP/S3STb8Kp3tOXav0nMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGC7WcNfjk08LNfSfLHzablWpfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgJT8CAAD//wva0Pw=") bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000010c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) renameat2(r0, &(0x7f0000000140)='./file1\x00', r0, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1) 94.793318ms ago: executing program 1 (id=1946): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[], 0x50) socket$kcm(0x29, 0x2, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20400, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f00007fe000/0x800000)=nil) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000020000090900010073797a31000000007c000000030a01040000000000000000020000060900010073797a31000000000900030073797a30000000001400048008000140000000030800024000"], 0xc4}, 0x1, 0x0, 0x0, 0x24004900}, 0x2000) ioctl$TIOCSETD(r1, 0x5423, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0x2) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0xf, 0x0, 0x0, 0x4}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000540)=ANY=[@ANYBLOB="18080000b00000000000000004000400851000000600000018100000", @ANYRES32=r0, @ANYBLOB="0000000000000000000000000010000018000000f8ffffff00000000000000009500000000000000950a000000000000215eebb4f0e230b0e88901"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) r3 = msgget$private(0x0, 0x790) msgctl$IPC_RMID(r3, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x30}, 0x18) socket(0x2, 0x2, 0x1) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_GETFSMAP(r4, 0xc0c0583b, &(0x7f0000000d40)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{}, {0xffffffff, 0xffffffff}]}) timer_create(0x1, &(0x7f0000000780)={0x0, 0x15, 0x5999f2f8a25f11f4, @thr={&(0x7f00000005c0)="32ee638dc247dccb18e93b9e6ac5f99530f608e054ef80afca3dc744c0f83d5f9612627465c19347b2d21acd8d415dbd6d6d90cf3776628ba4a3e3ddcaf2826462f715403094b7daabf083528603832a9e6b29a04dca829859a830d169cfc8ed6124ccb2d0a127178a96ce7675d50a9d02099be9deef5483f4bcdbb6b72307c49493361ac2ad0d4a634e79d47c6c30df4ad57a32e8d06509e2eeadb6f48f41ced9eb5e22c0ead160687d723f7203a71ec95ba29e041d3a298de3e9e027fe8ec40e3c5398e31e5c1bdeb62b9ababa02", &(0x7f00000006c0)="5a5a250b1289fe412412a9541a9932665f19c779613a78087641faab4735f59ca95731630f53531762f44e1ec94ef869e247d59ee3849aa7c63e510d8d6326c38b59091299fb58288ef80e7664b350fa1606f7d0151fce9ce18a0c0b007deafded17007a48fea3477bb6430eadbef8b490f7fc8437a00448fad408636e8a43c430848b7e80006686776e658c29aa731b97617ddd5123abebedca0f"}}, &(0x7f00000007c0)=0x0) timer_delete(r5) 82.532499ms ago: executing program 5 (id=1947): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/diskstats\x00', 0x0, 0x0) syz_genetlink_get_family_id$smc(&(0x7f00000001c0), r0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x2, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast}) 1.20669ms ago: executing program 1 (id=1948): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x4000000ffb, 0x8) syz_clone(0x4021400, 0x0, 0x9000, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1949): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f00000003c0), 0xfc, 0x53e, &(0x7f0000000940)="$eJzs3UFvI1cdAPD/eO3d7G62SYEDVGoptGi3grWThrYRh1IkBKdKiMJ5CYkTRXHiKHbaTVRB9hMgIQRInODCBYkPgIRW4sKxQqoEZ5CKQIhuQYIDdJDtcRKcceKsnHjX+f2kybz3xjP/9xy/8YznaSaAC+vZiHgtIj5M0/SFiJjKygvZFHudqfW6Dx68vdiakkjTN/6eRJKVdbeVZPPr2WoTEfH1r0Z8Ozkat7Gzu7ZQqxW7+UpzfbPS2Nm9vbq+sFJdqW7Mzc2+PP/K/EvzM0Np542IePXLf/7h937+lVd//bm3/nTnr7e+06rWZLb8cDtOqXjcwk7TS1cmelbYeshgj6JWe0rdzNXB1rl3hvUBAKC/1jH+RyLi0xHxQkzFpeMPZwEAAIDHUPrFyfhPEpHmu9ynHAAAAHiMFNpjYJNCORsLMBmFQrncGcP7sbhWqNUbzc8u17c3ljpjZaejVFherVVnsrHC01FKWvnZdvog/2JPfi4inoyIH0xdbefLi/Xa0qh//AAAAIAL4nrP+f8/pzrn/wAAAMCYmT5+8dR51QMAAAA4Oyec/wMAAABjwPk/AAAAjLWvvf56a0q7z79eenNne63+5u2lamOtvL69WF6sb22WV+r1lfY9+9ZP2l6tXt/8fGxs3600q41mpbGze2e9vr3RvLMaE+fSIAAAAOCIJz95/w9JROx94Wp7ark86koB56K4n0qyeU7v/+MTnfl751Qp4FxcGuA1713JL3ecAI+3Ym9Bn74OjJ/SqCsAjFxywvKewTvX9lPvZPNPDb9OAADAcN38RP71/5OvC+wVzqF6wBnSieHi6vmeTz3rBy6O9vX/QQfyOFiAsVIaaAQgMM5Oef3/wDuDRkjTU1UIAAAYusn2lBTK2c97k1EolMsRN9qPBSgly6u16kxEPBERv58qXWnlZ9trJieeMwAAAAAAAAAAAAAAAAAAAAAAAAAAHWmaRAoAAACMtYjCX5LfdO7lf3Pq+cne3wcuJ/9uPxL4ckS89ZM3fnR3odncmm2Vv79f3vxxVv7iKH7BAAAAAHp1z9Pb83+NujYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjJsPHry92J0GePnVYcX925ciYjovfjEm2vOJKEXEtX8kUTy0XhIRl4YQf+9eRHw8L37SqtZ+yLz4w3gTTogf09m7kBf/+hDiw0V2v7X/eS2v/xXi2fY8v/8VI/4v/7D67/9if/93qU//vzFgjKfe/WWlb/x7EU8V8/c/3fhJn/jPDRj/W9/Y3e23LP1pxM3u9097j3c4wkGq0lzfrDR2dm+vri+sVFeqG3Nzsy/PvzL/0vxMZXm1Vs3+5sb4/tO/+vC49l/L/f5Lstr0b//zOdvL+07677t3H3y0m9k7Gv/Wcznxf/uz7BVH4xeyOJ/J0kn2XrXTe53387BnfvG7Z45r/9JB+0un+f/f6rfRXkc6ytODfnQAgDPQ2NldW6jVqltjm2idpT8C1bjoiW++/wh+2L471A2maZq2+lTOovsRMch2khhySwv59TlI9P2njHrPBAAADNvBQf+oawIAAAAAAAAAAAAAAAAAAAAX13ncZa035sEtkJNh3EIbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAo/hcAAP//A/7SsQ==") kernel console output (not intermixed with test programs): 0001 R15: 00007f7de409e5e0 [ 133.455049][ T7606] [ 133.455082][ T7606] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 133.635851][ T7606] loop2: detected capacity change from 0 to 164 [ 133.734931][ T7615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.744012][ T7615] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.759994][ T7626] loop3: detected capacity change from 0 to 512 [ 133.770640][ T7626] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1336: Failed to acquire dquot type 1 [ 133.783366][ T7626] EXT4-fs (loop3): 1 truncate cleaned up [ 133.789476][ T7626] ext4 filesystem being mounted at /252/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.090039][ T7645] ref_ctr_offset mismatch. inode: 0x540 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x30656c69662f2e [ 134.306288][ T7660] syzkaller1: entered promiscuous mode [ 134.312120][ T7660] syzkaller1: entered allmulticast mode [ 134.325936][ T7662] loop2: detected capacity change from 0 to 512 [ 134.348913][ T7662] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1348: Failed to acquire dquot type 1 [ 134.362959][ T7662] EXT4-fs (loop2): 1 truncate cleaned up [ 134.369735][ T7662] ext4 filesystem being mounted at /279/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.387704][ T7662] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1348: Failed to acquire dquot type 1 [ 134.783252][ T7687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.792190][ T7687] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.578632][ T7710] syzkaller1: entered promiscuous mode [ 135.584332][ T7710] syzkaller1: entered allmulticast mode [ 135.702746][ T7717] loop1: detected capacity change from 0 to 512 [ 135.739312][ T7717] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1368: Failed to acquire dquot type 1 [ 135.762646][ T7717] EXT4-fs (loop1): 1 truncate cleaned up [ 135.778541][ T7717] ext4 filesystem being mounted at /301/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.079827][ T7739] loop3: detected capacity change from 0 to 512 [ 136.100890][ T7746] netlink: 'syz.4.1378': attribute type 1 has an invalid length. [ 136.108808][ T7746] netlink: 'syz.4.1378': attribute type 4 has an invalid length. [ 136.116936][ T7746] __nla_validate_parse: 6 callbacks suppressed [ 136.116964][ T7746] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1378'. [ 136.144141][ T7739] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1375: Failed to acquire dquot type 1 [ 136.168157][ T7739] EXT4-fs (loop3): 1 truncate cleaned up [ 136.176448][ T7739] ext4 filesystem being mounted at /263/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.222647][ T7755] loop4: detected capacity change from 0 to 164 [ 136.238764][ T7755] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 136.351225][ T7760] loop3: detected capacity change from 0 to 1764 [ 136.385239][ T7760] iso9660: Unknown parameter 'ma' [ 136.420455][ T7760] netlink: 'syz.3.1380': attribute type 21 has an invalid length. [ 136.452334][ T7760] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1380'. [ 136.484282][ T29] kauditd_printk_skb: 1574 callbacks suppressed [ 136.484365][ T29] audit: type=1326 audit(1752740847.273:18748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9cc94858e7 code=0x7ffc0000 [ 136.546028][ T29] audit: type=1326 audit(1752740847.310:18749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9cc942ab19 code=0x7ffc0000 [ 136.569658][ T29] audit: type=1326 audit(1752740847.310:18750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9cc94858e7 code=0x7ffc0000 [ 136.593142][ T29] audit: type=1326 audit(1752740847.310:18751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9cc942ab19 code=0x7ffc0000 [ 136.604674][ T7769] loop4: detected capacity change from 0 to 512 [ 136.616658][ T29] audit: type=1326 audit(1752740847.310:18752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f9cc948e929 code=0x7ffc0000 [ 136.646840][ T29] audit: type=1326 audit(1752740847.329:18753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9cc94858e7 code=0x7ffc0000 [ 136.670424][ T29] audit: type=1326 audit(1752740847.329:18754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9cc942ab19 code=0x7ffc0000 [ 136.694253][ T29] audit: type=1326 audit(1752740847.329:18755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f9cc948e929 code=0x7ffc0000 [ 136.750843][ T7769] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 136.815948][ T29] audit: type=1326 audit(1752740847.432:18756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9cc94858e7 code=0x7ffc0000 [ 136.823347][ T7772] loop3: detected capacity change from 0 to 1024 [ 136.839574][ T29] audit: type=1326 audit(1752740847.432:18757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7743 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9cc942ab19 code=0x7ffc0000 [ 136.872241][ T7769] EXT4-fs (loop4): 1 truncate cleaned up [ 136.894421][ T7769] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1385'. [ 136.994049][ T7778] loop4: detected capacity change from 0 to 512 [ 137.048793][ T7778] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1387: Failed to acquire dquot type 1 [ 137.065338][ T7782] loop1: detected capacity change from 0 to 512 [ 137.077567][ T7778] EXT4-fs (loop4): 1 truncate cleaned up [ 137.101041][ T7778] ext4 filesystem being mounted at /269/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.137961][ T7782] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1388: Failed to acquire dquot type 1 [ 137.151799][ T7778] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1387: Failed to acquire dquot type 1 [ 137.182767][ T7782] EXT4-fs (loop1): 1 truncate cleaned up [ 137.189585][ T7782] ext4 filesystem being mounted at /305/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.280346][ T7787] loop4: detected capacity change from 0 to 512 [ 137.328655][ T7787] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1389: Failed to acquire dquot type 1 [ 137.375708][ T7787] EXT4-fs (loop4): 1 truncate cleaned up [ 137.392733][ T7787] ext4 filesystem being mounted at /270/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.476929][ T7796] loop4: detected capacity change from 0 to 128 [ 137.549510][ T23] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 137.557080][ T23] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 137.564577][ T23] hid-generic 0003:0004:0000.0002: unknown main item tag 0x0 [ 137.575338][ T7800] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1395'. [ 137.577005][ T23] hid-generic 0003:0004:0000.0002: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 137.650198][ T7812] loop4: detected capacity change from 0 to 512 [ 137.668798][ T7812] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 137.678189][ T7812] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 137.702459][ T7812] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 137.722879][ T7812] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 137.743671][ T7812] System zones: 0-2, 18-18, 34-34 [ 137.749764][ T7812] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.1398: iget: bad i_size value: 360287970189639680 [ 137.766099][ T7812] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1398: couldn't read orphan inode 15 (err -117) [ 137.837220][ T7819] loop2: detected capacity change from 0 to 512 [ 137.864222][ T7819] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1401: Failed to acquire dquot type 1 [ 137.876798][ T7819] EXT4-fs (loop2): 1 truncate cleaned up [ 137.883187][ T7819] ext4 filesystem being mounted at /284/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 137.913182][ T7827] loop3: detected capacity change from 0 to 164 [ 137.943762][ T7827] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 137.999450][ T7835] loop2: detected capacity change from 0 to 128 [ 138.169207][ T7847] loop2: detected capacity change from 0 to 1024 [ 138.194197][ T7847] EXT4-fs mount: 130 callbacks suppressed [ 138.194260][ T7847] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 138.598722][ T7858] loop1: detected capacity change from 0 to 512 [ 138.641480][ T7858] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.703702][ T7864] loop3: detected capacity change from 0 to 512 [ 138.712478][ T7858] ext4 filesystem being mounted at /309/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.742771][ T7864] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1415: Failed to acquire dquot type 1 [ 138.773600][ T7864] EXT4-fs (loop3): 1 truncate cleaned up [ 138.780821][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.790132][ T7864] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 138.805437][ T7864] ext4 filesystem being mounted at /270/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 138.885829][ T7868] loop1: detected capacity change from 0 to 8192 [ 138.893140][ T7864] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1415: Failed to acquire dquot type 1 [ 138.991838][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.039887][ T7874] loop3: detected capacity change from 0 to 512 [ 139.050073][ T7872] loop1: detected capacity change from 0 to 512 [ 139.050559][ T7876] loop4: detected capacity change from 0 to 164 [ 139.087214][ T7874] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 139.096420][ T7874] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 139.109177][ T7876] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 139.110043][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.139189][ T7872] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1418: Failed to acquire dquot type 1 [ 139.166743][ T7874] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 139.175990][ T7872] EXT4-fs (loop1): 1 truncate cleaned up [ 139.187420][ T7872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.201690][ T7874] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 139.242563][ T7874] System zones: 0-2, 18-18, 34-34 [ 139.252137][ T7874] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1419: iget: bad i_size value: 360287970189639680 [ 139.265344][ T7872] ext4 filesystem being mounted at /312/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 139.305508][ T7874] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1419: couldn't read orphan inode 15 (err -117) [ 139.367424][ T7887] netlink: 'syz.2.1424': attribute type 10 has an invalid length. [ 139.375426][ T7887] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1424'. [ 139.387626][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.589674][ T7874] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 139.625691][ T7892] loop4: detected capacity change from 0 to 512 [ 140.048111][ T7892] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 140.080456][ T7892] EXT4-fs (loop4): 1 truncate cleaned up [ 140.086879][ T7892] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.392347][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.486754][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.551560][ T7905] syzkaller1: entered promiscuous mode [ 140.557184][ T7905] syzkaller1: entered allmulticast mode [ 140.589079][ T7909] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1431'. [ 140.616932][ T7911] loop4: detected capacity change from 0 to 512 [ 140.657519][ T7916] loop2: detected capacity change from 0 to 512 [ 140.669607][ T7911] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1432: Failed to acquire dquot type 1 [ 140.692377][ T7916] FAT-fs (loop2): bogus sectors per cluster 0 [ 140.698682][ T7916] FAT-fs (loop2): Can't find a valid FAT filesystem [ 140.705407][ T7911] EXT4-fs (loop4): 1 truncate cleaned up [ 140.717280][ T7911] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.748427][ T7911] ext4 filesystem being mounted at /280/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 140.811664][ T7926] loop1: detected capacity change from 0 to 512 [ 140.819344][ T7925] netlink: 'syz.2.1438': attribute type 10 has an invalid length. [ 140.827641][ T7925] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1438'. [ 140.840658][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.864444][ T7928] loop3: detected capacity change from 0 to 512 [ 140.911043][ T7928] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 140.920675][ T7928] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 140.964219][ T7930] loop4: detected capacity change from 0 to 8192 [ 140.978887][ T7926] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 140.990728][ T7928] EXT4-fs (loop3): warning: checktime reached, running e2fsck is recommended [ 141.033447][ T7928] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 141.064659][ T7926] EXT4-fs (loop1): 1 truncate cleaned up [ 141.074961][ T7928] System zones: 0-2, 18-18, 34-34 [ 141.101541][ T7926] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.110067][ T7928] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1440: iget: bad i_size value: 360287970189639680 [ 141.118301][ T7926] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1437'. [ 141.148593][ T7928] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1440: couldn't read orphan inode 15 (err -117) [ 141.237384][ T7939] loop4: detected capacity change from 0 to 164 [ 141.242114][ T7928] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.263200][ T7939] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 141.276879][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.396328][ T7947] loop4: detected capacity change from 0 to 164 [ 141.396919][ T7942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 141.418971][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.433322][ T7947] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 141.445253][ T7942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 141.518886][ T7951] loop4: detected capacity change from 0 to 128 [ 141.593886][ T7951] netlink: 'syz.4.1446': attribute type 21 has an invalid length. [ 141.638678][ T7951] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1446'. [ 141.698904][ T7954] syzkaller1: entered promiscuous mode [ 141.704670][ T7954] syzkaller1: entered allmulticast mode [ 141.844755][ T29] kauditd_printk_skb: 548 callbacks suppressed [ 141.844770][ T29] audit: type=1326 audit(1752740852.287:19288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 141.900323][ T29] audit: type=1326 audit(1752740852.334:19289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 141.924175][ T29] audit: type=1326 audit(1752740852.334:19290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 141.948458][ T29] audit: type=1326 audit(1752740852.334:19291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 141.972171][ T29] audit: type=1326 audit(1752740852.334:19292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 141.983664][ T7956] loop4: detected capacity change from 0 to 512 [ 141.995799][ T29] audit: type=1326 audit(1752740852.343:19293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 142.026046][ T29] audit: type=1326 audit(1752740852.343:19294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 142.050255][ T29] audit: type=1326 audit(1752740852.343:19295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 142.073873][ T29] audit: type=1326 audit(1752740852.343:19296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 142.097973][ T29] audit: type=1326 audit(1752740852.343:19297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7948 comm="syz.3.1456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 142.108786][ T7959] loop1: detected capacity change from 0 to 512 [ 142.157512][ T7960] loop2: detected capacity change from 0 to 512 [ 142.181323][ T7960] FAT-fs (loop2): bogus sectors per cluster 0 [ 142.187495][ T7960] FAT-fs (loop2): Can't find a valid FAT filesystem [ 142.195060][ T7959] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1450: Failed to acquire dquot type 1 [ 142.219045][ T7956] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1448: Failed to acquire dquot type 1 [ 142.236961][ T7959] EXT4-fs (loop1): 1 truncate cleaned up [ 142.251727][ T7959] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.274477][ T7956] EXT4-fs (loop4): 1 truncate cleaned up [ 142.286117][ T7956] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.305752][ T7959] ext4 filesystem being mounted at /319/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.324588][ T7956] ext4 filesystem being mounted at /288/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.358650][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.433831][ T7975] loop1: detected capacity change from 0 to 512 [ 142.441371][ T7975] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 142.452616][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.468214][ T7977] loop2: detected capacity change from 0 to 164 [ 142.476850][ T7975] EXT4-fs (loop1): 1 truncate cleaned up [ 142.487234][ T7977] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 142.491406][ T7975] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.532420][ T7975] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1452'. [ 142.542676][ T7985] netlink: 'syz.2.1461': attribute type 10 has an invalid length. [ 142.550688][ T7985] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1461'. [ 142.573988][ T31] tipc: Subscription rejected, illegal request [ 142.605770][ T7994] loop3: detected capacity change from 0 to 512 [ 142.764777][ T7994] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1464: Failed to acquire dquot type 1 [ 142.802665][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.823730][ T7994] EXT4-fs (loop3): 1 truncate cleaned up [ 142.829870][ T7994] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.098457][ T8006] loop1: detected capacity change from 0 to 512 [ 143.285710][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.287496][ T8006] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1465: Failed to acquire dquot type 1 [ 143.318212][ T8006] EXT4-fs (loop1): 1 truncate cleaned up [ 143.327449][ T8006] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.348199][ T8014] loop4: detected capacity change from 0 to 128 [ 143.353251][ T8015] loop3: detected capacity change from 0 to 512 [ 143.384997][ T8015] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1468: Failed to acquire dquot type 1 [ 143.486183][ T8015] EXT4-fs (loop3): 1 truncate cleaned up [ 143.492506][ T8015] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.528087][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.605661][ T8021] loop1: detected capacity change from 0 to 164 [ 143.616021][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.626706][ T8019] loop4: detected capacity change from 0 to 8192 [ 143.638870][ T8021] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 143.727960][ T8027] loop2: detected capacity change from 0 to 512 [ 143.761508][ T8027] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 143.814370][ T8027] EXT4-fs (loop2): 1 truncate cleaned up [ 143.826921][ T8027] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 143.844176][ T8027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1476'. [ 143.946633][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.029409][ T8056] loop3: detected capacity change from 0 to 512 [ 144.042986][ T8056] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1484: Failed to acquire dquot type 1 [ 144.111858][ T8061] loop1: detected capacity change from 0 to 512 [ 144.121734][ T8061] FAT-fs (loop1): bogus sectors per cluster 0 [ 144.128201][ T8061] FAT-fs (loop1): Can't find a valid FAT filesystem [ 144.154019][ T8056] EXT4-fs (loop3): 1 truncate cleaned up [ 144.178070][ T8056] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.199162][ T8064] loop1: detected capacity change from 0 to 8192 [ 144.225862][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.284562][ T8069] netlink: 'syz.1.1488': attribute type 10 has an invalid length. [ 144.292755][ T8069] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1488'. [ 144.332807][ T8071] loop3: detected capacity change from 0 to 164 [ 144.352722][ T8071] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 144.642868][ T8082] loop3: detected capacity change from 0 to 512 [ 144.696193][ T8082] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 144.819844][ T8082] EXT4-fs (loop3): 1 truncate cleaned up [ 144.827891][ T8082] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 144.957759][ T8082] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1493'. [ 145.156173][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.206780][ T8093] loop4: detected capacity change from 0 to 8192 [ 145.408547][ T8112] loop4: detected capacity change from 0 to 512 [ 145.458042][ T8112] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1502: Failed to acquire dquot type 1 [ 145.491519][ T8113] loop2: detected capacity change from 0 to 8192 [ 145.500002][ T8112] EXT4-fs (loop4): 1 truncate cleaned up [ 145.508270][ T8112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.617602][ T8123] netlink: 'syz.2.1507': attribute type 21 has an invalid length. [ 145.622818][ T8126] loop3: detected capacity change from 0 to 512 [ 145.642033][ T8126] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 145.656309][ T8123] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1507'. [ 145.661268][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.697614][ T8128] 9pnet: Could not find request transport: 0xffffffffffffffff [ 145.706826][ T8126] EXT4-fs (loop3): 1 truncate cleaned up [ 145.720027][ T8126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.747949][ T8132] loop2: detected capacity change from 0 to 512 [ 145.779143][ T8126] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1508'. [ 145.797130][ T8132] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1511: Failed to acquire dquot type 1 [ 145.816776][ T8132] EXT4-fs (loop2): 1 truncate cleaned up [ 145.825235][ T8132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.848263][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.886599][ T8150] loop2: detected capacity change from 0 to 128 [ 145.914084][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.028240][ T8166] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1521'. [ 146.070953][ T8171] loop3: detected capacity change from 0 to 128 [ 146.085152][ T8171] netlink: 'syz.3.1523': attribute type 21 has an invalid length. [ 146.093867][ T8171] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1523'. [ 146.101281][ T8173] nfs4: Unknown parameter '' [ 146.113792][ T8173] bridge_slave_1: left allmulticast mode [ 146.119695][ T8173] bridge_slave_1: left promiscuous mode [ 146.125598][ T8173] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.139468][ T8173] bridge_slave_0: left allmulticast mode [ 146.145296][ T8173] bridge_slave_0: left promiscuous mode [ 146.151223][ T8173] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.201662][ T8180] loop3: detected capacity change from 0 to 512 [ 146.224673][ T8180] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1527: Failed to acquire dquot type 1 [ 146.237181][ T8180] EXT4-fs (loop3): 1 truncate cleaned up [ 146.243572][ T8180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.269068][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.302250][ T8186] loop3: detected capacity change from 0 to 512 [ 146.319252][ T8186] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 146.332523][ T8186] EXT4-fs (loop3): 1 truncate cleaned up [ 146.340152][ T8186] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 146.427133][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.881642][ T8229] loop2: detected capacity change from 0 to 512 [ 146.888774][ T8229] FAT-fs (loop2): bogus sectors per cluster 0 [ 146.895042][ T8229] FAT-fs (loop2): Can't find a valid FAT filesystem [ 146.932735][ T8231] loop2: detected capacity change from 0 to 2048 [ 146.940235][ T8231] EXT4-fs: Ignoring removed mblk_io_submit option [ 146.947870][ T8231] EXT4-fs (loop2): couldn't mount as ext2 due to feature incompatibilities [ 147.018720][ T8231] __nla_validate_parse: 6 callbacks suppressed [ 147.018737][ T8231] netlink: 332 bytes leftover after parsing attributes in process `syz.2.1545'. [ 147.034919][ T8231] netlink: 'syz.2.1545': attribute type 9 has an invalid length. [ 147.042782][ T8231] netlink: 108 bytes leftover after parsing attributes in process `syz.2.1545'. [ 147.051992][ T8231] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1545'. [ 147.062520][ T8231] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1545'. [ 147.164893][ T8242] FAULT_INJECTION: forcing a failure. [ 147.164893][ T8242] name failslab, interval 1, probability 0, space 0, times 0 [ 147.178120][ T8242] CPU: 1 UID: 0 PID: 8242 Comm: syz.4.1550 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 147.178213][ T8242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.178226][ T8242] Call Trace: [ 147.178233][ T8242] [ 147.178241][ T8242] __dump_stack+0x1d/0x30 [ 147.178263][ T8242] dump_stack_lvl+0xe8/0x140 [ 147.178288][ T8242] dump_stack+0x15/0x1b [ 147.178381][ T8242] should_fail_ex+0x265/0x280 [ 147.178416][ T8242] should_failslab+0x8c/0xb0 [ 147.178443][ T8242] kmem_cache_alloc_noprof+0x50/0x310 [ 147.178470][ T8242] ? security_file_alloc+0x32/0x100 [ 147.178572][ T8242] security_file_alloc+0x32/0x100 [ 147.178606][ T8242] init_file+0x5c/0x1d0 [ 147.178630][ T8242] alloc_empty_file+0x8b/0x200 [ 147.178692][ T8242] alloc_file_pseudo+0xc6/0x160 [ 147.178737][ T8242] __shmem_file_setup+0x1de/0x210 [ 147.178839][ T8242] shmem_file_setup+0x3b/0x50 [ 147.178873][ T8242] __se_sys_memfd_create+0x2c3/0x590 [ 147.178904][ T8242] __x64_sys_memfd_create+0x31/0x40 [ 147.178988][ T8242] x64_sys_call+0x122f/0x2fb0 [ 147.179014][ T8242] do_syscall_64+0xd2/0x200 [ 147.179034][ T8242] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 147.179065][ T8242] ? clear_bhb_loop+0x40/0x90 [ 147.179174][ T8242] ? clear_bhb_loop+0x40/0x90 [ 147.179199][ T8242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.179223][ T8242] RIP: 0033:0x7fc639bae929 [ 147.179242][ T8242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.179263][ T8242] RSP: 002b:00007fc638216e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 147.179306][ T8242] RAX: ffffffffffffffda RBX: 000000000000053a RCX: 00007fc639bae929 [ 147.179321][ T8242] RDX: 00007fc638216ef0 RSI: 0000000000000000 RDI: 00007fc639c31634 [ 147.179336][ T8242] RBP: 0000200000000c80 R08: 00007fc638216bb7 R09: 00007fc638216e40 [ 147.179351][ T8242] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000500 [ 147.179364][ T8242] R13: 00007fc638216ef0 R14: 00007fc638216eb0 R15: 0000200000000080 [ 147.179384][ T8242] [ 147.215292][ T29] kauditd_printk_skb: 1273 callbacks suppressed [ 147.215312][ T29] audit: type=1400 audit(139.927:20553): avc: denied { map_create } for pid=8243 comm="syz.2.1551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 147.405976][ T8249] audit: audit_backlog=65 > audit_backlog_limit=64 [ 147.412589][ T8247] audit: audit_backlog=65 > audit_backlog_limit=64 [ 147.428960][ T8249] audit: audit_lost=5 audit_rate_limit=0 audit_backlog_limit=64 [ 147.435517][ T8247] audit: audit_lost=6 audit_rate_limit=0 audit_backlog_limit=64 [ 147.442186][ T8249] audit: backlog limit exceeded [ 147.449837][ T8247] audit: backlog limit exceeded [ 147.470020][ T8249] audit: audit_backlog=65 > audit_backlog_limit=64 [ 147.471669][ T29] audit: type=1400 audit(139.936:20554): avc: denied { map_read map_write } for pid=8243 comm="syz.2.1551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 147.476813][ T8249] audit: audit_lost=7 audit_rate_limit=0 audit_backlog_limit=64 [ 147.618997][ T8257] capability: warning: `syz.3.1557' uses 32-bit capabilities (legacy support in use) [ 147.693126][ T8253] ref_ctr_offset mismatch. inode: 0x614 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x30656c69662f2e [ 147.760167][ T8266] loop3: detected capacity change from 0 to 1024 [ 147.776880][ T8266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 147.817228][ T8275] loop4: detected capacity change from 0 to 128 [ 147.830215][ T8272] syzkaller1: entered promiscuous mode [ 147.835920][ T8272] syzkaller1: entered allmulticast mode [ 147.847073][ T8275] netlink: 'syz.4.1563': attribute type 21 has an invalid length. [ 147.855076][ T8275] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1563'. [ 147.888374][ T8277] loop4: detected capacity change from 0 to 512 [ 147.902324][ T8277] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1565: Failed to acquire dquot type 1 [ 147.915372][ T8277] EXT4-fs (loop4): 1 truncate cleaned up [ 147.923052][ T8277] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.951274][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 147.993218][ T8282] loop4: detected capacity change from 0 to 1024 [ 148.008523][ T8282] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.051264][ T8289] netlink: 'syz.0.1568': attribute type 1 has an invalid length. [ 148.060068][ T8289] netlink: 'syz.0.1568': attribute type 4 has an invalid length. [ 148.069152][ T8289] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1568'. [ 148.070801][ T3304] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.209237][ T8305] loop4: detected capacity change from 0 to 128 [ 148.235079][ T8305] netlink: 'syz.4.1576': attribute type 21 has an invalid length. [ 148.248183][ T8305] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1576'. [ 148.257530][ T8307] loop2: detected capacity change from 0 to 512 [ 148.286596][ T8307] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1577: Failed to acquire dquot type 1 [ 148.299644][ T8307] EXT4-fs (loop2): 1 truncate cleaned up [ 148.306228][ T8307] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.330021][ T8313] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1579'. [ 148.372201][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.400779][ T8320] netlink: 'syz.4.1583': attribute type 1 has an invalid length. [ 148.408892][ T8320] netlink: 'syz.4.1583': attribute type 4 has an invalid length. [ 148.416769][ T8320] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1583'. [ 148.432254][ T8322] FAULT_INJECTION: forcing a failure. [ 148.432254][ T8322] name failslab, interval 1, probability 0, space 0, times 0 [ 148.450151][ T8322] CPU: 1 UID: 0 PID: 8322 Comm: syz.2.1582 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 148.450183][ T8322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.450199][ T8322] Call Trace: [ 148.450206][ T8322] [ 148.450215][ T8322] __dump_stack+0x1d/0x30 [ 148.450241][ T8322] dump_stack_lvl+0xe8/0x140 [ 148.450265][ T8322] dump_stack+0x15/0x1b [ 148.450298][ T8322] should_fail_ex+0x265/0x280 [ 148.450334][ T8322] should_failslab+0x8c/0xb0 [ 148.450420][ T8322] kmem_cache_alloc_noprof+0x50/0x310 [ 148.450445][ T8322] ? copy_fs_struct+0x31/0x110 [ 148.450549][ T8322] copy_fs_struct+0x31/0x110 [ 148.450570][ T8322] ksys_unshare+0x2c6/0x6d0 [ 148.450624][ T8322] ? ksys_write+0x192/0x1a0 [ 148.450662][ T8322] __x64_sys_unshare+0x1f/0x30 [ 148.450702][ T8322] x64_sys_call+0x2d4b/0x2fb0 [ 148.450728][ T8322] do_syscall_64+0xd2/0x200 [ 148.450751][ T8322] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 148.450908][ T8322] ? clear_bhb_loop+0x40/0x90 [ 148.451000][ T8322] ? clear_bhb_loop+0x40/0x90 [ 148.451073][ T8322] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.451158][ T8322] RIP: 0033:0x7f7de5a3e929 [ 148.451206][ T8322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.451226][ T8322] RSP: 002b:00007f7de409f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 148.451247][ T8322] RAX: ffffffffffffffda RBX: 00007f7de5c65fa0 RCX: 00007f7de5a3e929 [ 148.451260][ T8322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020400 [ 148.451272][ T8322] RBP: 00007f7de409f090 R08: 0000000000000000 R09: 0000000000000000 [ 148.451296][ T8322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.451308][ T8322] R13: 0000000000000000 R14: 00007f7de5c65fa0 R15: 00007fff8b6b0a58 [ 148.451327][ T8322] [ 148.692316][ T8324] loop2: detected capacity change from 0 to 512 [ 148.733156][ T8324] EXT4-fs error (device loop2): ext4_ext_check_inode:523: inode #3: comm syz.2.1584: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 148.761174][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.783449][ T8324] EXT4-fs error (device loop2): ext4_quota_enable:7127: comm syz.2.1584: Bad quota inode: 3, type: 0 [ 148.834517][ T8324] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 148.861999][ T8324] EXT4-fs (loop2): mount failed [ 148.871653][ T8342] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1591'. [ 148.908526][ T8343] syzkaller1: entered promiscuous mode [ 148.914173][ T8343] syzkaller1: entered allmulticast mode [ 149.005734][ T8349] loop3: detected capacity change from 0 to 512 [ 149.020179][ T8351] loop2: detected capacity change from 0 to 512 [ 149.047099][ T8349] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 149.093835][ T8351] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1594: Failed to acquire dquot type 1 [ 149.112358][ T8357] loop1: detected capacity change from 0 to 256 [ 149.124406][ T8349] EXT4-fs (loop3): 1 truncate cleaned up [ 149.140494][ T8357] vfat: Unknown parameter 'shor†name' [ 149.146968][ T8349] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.172241][ T8351] EXT4-fs (loop2): 1 truncate cleaned up [ 149.178995][ T8351] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.253420][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.335307][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.386458][ T8365] loop3: detected capacity change from 0 to 1024 [ 149.398969][ T8362] loop2: detected capacity change from 0 to 512 [ 149.415569][ T8362] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.443151][ T8365] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.566083][ T37] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 149.588103][ T37] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1025 with error 28 [ 149.601414][ T37] EXT4-fs (loop2): This should not happen!! Data will be lost [ 149.601414][ T37] [ 149.611730][ T37] EXT4-fs (loop2): Total free blocks count 0 [ 149.617889][ T37] EXT4-fs (loop2): Free/Dirty block details [ 149.623860][ T37] EXT4-fs (loop2): free_blocks=65280 [ 149.629911][ T37] EXT4-fs (loop2): dirty_blocks=1025 [ 149.635423][ T37] EXT4-fs (loop2): Block reservation details [ 149.641654][ T37] EXT4-fs (loop2): i_reserved_data_blocks=1025 [ 149.702023][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 149.740791][ T8381] loop1: detected capacity change from 0 to 512 [ 149.748578][ T8381] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 149.757909][ T8381] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 149.784382][ T8381] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 149.788259][ T8383] loop2: detected capacity change from 0 to 512 [ 149.794317][ T8381] System zones: 0-2, 18-18, 34-34 [ 149.805685][ T8383] FAT-fs (loop2): bogus sectors per cluster 0 [ 149.812117][ T8383] FAT-fs (loop2): Can't find a valid FAT filesystem [ 149.885127][ T8381] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.1602: iget: bad i_size value: 360287970189639680 [ 149.900495][ T8381] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.1602: couldn't read orphan inode 15 (err -117) [ 149.937697][ T8391] loop2: detected capacity change from 0 to 128 [ 149.949495][ T8381] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 149.968580][ T8391] netlink: 'syz.2.1604': attribute type 21 has an invalid length. [ 149.991773][ T8393] syzkaller1: entered promiscuous mode [ 149.997493][ T8393] syzkaller1: entered allmulticast mode [ 150.015070][ T8395] program syz.2.1606 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 150.043677][ T8397] loop4: detected capacity change from 0 to 512 [ 150.052569][ T8397] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 150.071178][ T8397] EXT4-fs (loop4): 1 truncate cleaned up [ 150.078241][ T8397] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.078852][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.320468][ T8419] loop3: detected capacity change from 0 to 512 [ 150.337205][ T8422] loop4: detected capacity change from 0 to 1024 [ 150.363147][ T8419] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1614: Failed to acquire dquot type 1 [ 150.386379][ T8419] EXT4-fs (loop3): 1 truncate cleaned up [ 150.426352][ T8430] loop3: detected capacity change from 0 to 512 [ 150.446431][ T8430] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1617: Failed to acquire dquot type 1 [ 150.460490][ T8430] EXT4-fs (loop3): 1 truncate cleaned up [ 150.468469][ T8430] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1617: Failed to acquire dquot type 1 [ 150.613022][ T8443] loop4: detected capacity change from 0 to 512 [ 150.639019][ T8443] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1621: Failed to acquire dquot type 1 [ 150.653596][ T8443] EXT4-fs (loop4): 1 truncate cleaned up [ 150.693466][ T8449] loop4: detected capacity change from 0 to 512 [ 150.701779][ T8451] loop3: detected capacity change from 0 to 512 [ 150.714690][ T8449] FAT-fs (loop4): bogus sectors per cluster 0 [ 150.720869][ T8449] FAT-fs (loop4): Can't find a valid FAT filesystem [ 150.728916][ T8451] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 150.741773][ T8451] EXT4-fs (loop3): 1 truncate cleaned up [ 150.925951][ T8466] loop4: detected capacity change from 0 to 512 [ 150.937971][ T8466] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1628: Failed to acquire dquot type 1 [ 150.950783][ T8466] EXT4-fs (loop4): 1 truncate cleaned up [ 150.965978][ T8470] loop3: detected capacity change from 0 to 128 [ 150.978768][ T8470] netlink: 'syz.3.1629': attribute type 21 has an invalid length. [ 151.129433][ T8486] netlink: 'syz.1.1636': attribute type 1 has an invalid length. [ 151.213832][ T8492] loop1: detected capacity change from 0 to 512 [ 151.327388][ T8492] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1639: Failed to acquire dquot type 1 [ 151.352424][ T8492] EXT4-fs (loop1): 1 truncate cleaned up [ 151.369121][ T8504] mmap: syz.4.1637 (8504) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 151.415996][ T8507] loop1: detected capacity change from 0 to 512 [ 151.425986][ T8508] loop2: detected capacity change from 0 to 128 [ 151.462778][ T8507] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1643: Failed to acquire dquot type 1 [ 151.477997][ T8507] EXT4-fs (loop1): 1 truncate cleaned up [ 151.505396][ T8507] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1643: Failed to acquire dquot type 1 [ 151.688884][ T8528] loop3: detected capacity change from 0 to 512 [ 151.719232][ T8528] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1649: Failed to acquire dquot type 1 [ 151.733113][ T8528] EXT4-fs (loop3): 1 truncate cleaned up [ 151.800237][ T8537] random: crng reseeded on system resumption [ 151.930388][ T8554] atomic_op ffff88811ae83d28 conn xmit_atomic 0000000000000000 [ 151.982674][ T8557] loop1: detected capacity change from 0 to 1024 [ 152.024824][ T8559] loop2: detected capacity change from 0 to 128 [ 152.155334][ T8571] FAULT_INJECTION: forcing a failure. [ 152.155334][ T8571] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.168787][ T8571] CPU: 0 UID: 0 PID: 8571 Comm: syz.0.1664 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 152.168814][ T8571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.168826][ T8571] Call Trace: [ 152.168833][ T8571] [ 152.168879][ T8571] __dump_stack+0x1d/0x30 [ 152.168979][ T8571] dump_stack_lvl+0xe8/0x140 [ 152.169002][ T8571] dump_stack+0x15/0x1b [ 152.169021][ T8571] should_fail_ex+0x265/0x280 [ 152.169052][ T8571] should_fail+0xb/0x20 [ 152.169096][ T8571] should_fail_usercopy+0x1a/0x20 [ 152.169134][ T8571] _copy_from_user+0x1c/0xb0 [ 152.169158][ T8571] __se_sys_move_pages+0xd3c/0x1350 [ 152.169192][ T8571] ? get_pid_task+0x96/0xd0 [ 152.169231][ T8571] ? ksys_write+0x192/0x1a0 [ 152.169265][ T8571] __x64_sys_move_pages+0x78/0x90 [ 152.169289][ T8571] x64_sys_call+0x2eab/0x2fb0 [ 152.169358][ T8571] do_syscall_64+0xd2/0x200 [ 152.169389][ T8571] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 152.169474][ T8571] ? clear_bhb_loop+0x40/0x90 [ 152.169501][ T8571] ? clear_bhb_loop+0x40/0x90 [ 152.169553][ T8571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.169589][ T8571] RIP: 0033:0x7f0d2b96e929 [ 152.169604][ T8571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.169624][ T8571] RSP: 002b:00007f0d29fcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 152.169647][ T8571] RAX: ffffffffffffffda RBX: 00007f0d2bb95fa0 RCX: 00007f0d2b96e929 [ 152.169716][ T8571] RDX: 0000200000000080 RSI: 0000000000001efe RDI: 0000000000000000 [ 152.169732][ T8571] RBP: 00007f0d29fcf090 R08: 0000200000000040 R09: 0000000000000000 [ 152.169744][ T8571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.169755][ T8571] R13: 0000000000000000 R14: 00007f0d2bb95fa0 R15: 00007ffced206968 [ 152.169854][ T8571] [ 152.584090][ T29] kauditd_printk_skb: 1307 callbacks suppressed [ 152.584106][ T29] audit: type=1400 audit(144.959:21834): avc: denied { create } for pid=8585 comm="syz.0.1668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 152.777502][ T29] audit: type=1400 audit(145.128:21835): avc: denied { getopt } for pid=8600 comm="syz.4.1673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 152.834222][ T8605] loop4: detected capacity change from 0 to 128 [ 152.841741][ T8606] __nla_validate_parse: 12 callbacks suppressed [ 152.841758][ T8606] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1670'. [ 152.853327][ T29] audit: type=1400 audit(145.165:21836): avc: denied { write } for pid=8600 comm="syz.4.1673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 152.881695][ T8606] 0ªX¹¦À: renamed from caif0 [ 152.923089][ T8609] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 152.952950][ T8606] 0ªX¹¦À: entered allmulticast mode [ 152.957693][ T29] audit: type=1326 audit(145.268:21837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 152.959567][ T8606] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 152.984651][ T29] audit: type=1326 audit(145.268:21838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 153.029594][ T29] audit: type=1326 audit(145.268:21839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 153.055399][ T29] audit: type=1326 audit(145.268:21840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 153.079435][ T29] audit: type=1326 audit(145.268:21841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 153.103440][ T29] audit: type=1326 audit(145.268:21842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 153.127120][ T29] audit: type=1326 audit(145.268:21843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8607 comm="syz.3.1675" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 153.210882][ T8613] loop1: detected capacity change from 0 to 512 [ 153.232747][ T8615] loop4: detected capacity change from 0 to 512 [ 153.241376][ T8613] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 153.256542][ T8615] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 153.266175][ T8615] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 153.283018][ T8613] EXT4-fs (loop1): 1 truncate cleaned up [ 153.292683][ T8615] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 153.320712][ T8613] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1676'. [ 153.334859][ T8615] System zones: 0-2, 18-18, 34-34 [ 153.340432][ T8615] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.1677: iget: bad i_size value: 360287970189639680 [ 153.381891][ T8615] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.1677: couldn't read orphan inode 15 (err -117) [ 153.396538][ T8620] FAULT_INJECTION: forcing a failure. [ 153.396538][ T8620] name failslab, interval 1, probability 0, space 0, times 0 [ 153.411020][ T8620] CPU: 0 UID: 0 PID: 8620 Comm: syz.0.1678 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 153.411048][ T8620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 153.411141][ T8620] Call Trace: [ 153.411148][ T8620] [ 153.411156][ T8620] __dump_stack+0x1d/0x30 [ 153.411181][ T8620] dump_stack_lvl+0xe8/0x140 [ 153.411202][ T8620] dump_stack+0x15/0x1b [ 153.411218][ T8620] should_fail_ex+0x265/0x280 [ 153.411251][ T8620] should_failslab+0x8c/0xb0 [ 153.411341][ T8620] __kmalloc_noprof+0xa5/0x3e0 [ 153.411393][ T8620] ? sk_prot_alloc+0xa8/0x190 [ 153.411499][ T8620] ? should_fail_ex+0xdb/0x280 [ 153.411534][ T8620] sk_prot_alloc+0xa8/0x190 [ 153.411567][ T8620] sk_alloc+0x34/0x360 [ 153.411613][ T8620] bpf_prog_test_run_skb+0x234/0xbd0 [ 153.411646][ T8620] ? __rcu_read_unlock+0x4f/0x70 [ 153.411739][ T8620] ? __fget_files+0x184/0x1c0 [ 153.411760][ T8620] ? __rcu_read_unlock+0x4f/0x70 [ 153.411789][ T8620] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 153.411827][ T8620] bpf_prog_test_run+0x22a/0x390 [ 153.411900][ T8620] __sys_bpf+0x3dc/0x790 [ 153.411960][ T8620] __x64_sys_bpf+0x41/0x50 [ 153.411985][ T8620] x64_sys_call+0x2478/0x2fb0 [ 153.412010][ T8620] do_syscall_64+0xd2/0x200 [ 153.412031][ T8620] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 153.412063][ T8620] ? clear_bhb_loop+0x40/0x90 [ 153.412105][ T8620] ? clear_bhb_loop+0x40/0x90 [ 153.412179][ T8620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.412205][ T8620] RIP: 0033:0x7f0d2b96e929 [ 153.412223][ T8620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.412247][ T8620] RSP: 002b:00007f0d29fcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 153.412329][ T8620] RAX: ffffffffffffffda RBX: 00007f0d2bb95fa0 RCX: 00007f0d2b96e929 [ 153.412345][ T8620] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 153.412361][ T8620] RBP: 00007f0d29fcf090 R08: 0000000000000000 R09: 0000000000000000 [ 153.412376][ T8620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.412388][ T8620] R13: 0000000000000000 R14: 00007f0d2bb95fa0 R15: 00007ffced206968 [ 153.412407][ T8620] [ 153.773286][ T8633] validate_nla: 3 callbacks suppressed [ 153.773314][ T8633] netlink: 'syz.2.1684': attribute type 1 has an invalid length. [ 153.785043][ T8631] loop4: detected capacity change from 0 to 2048 [ 153.787269][ T8633] netlink: 'syz.2.1684': attribute type 4 has an invalid length. [ 153.802370][ T8633] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1684'. [ 153.875350][ T8646] loop3: detected capacity change from 0 to 128 [ 153.899973][ T8648] netlink: 'wÞ£ÿ': attribute type 7 has an invalid length. [ 153.907452][ T8648] netlink: 8 bytes leftover after parsing attributes in process `wÞ£ÿ'. [ 153.962423][ T8656] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1683'. [ 154.013920][ T8661] netlink: 'syz.3.1692': attribute type 10 has an invalid length. [ 154.023085][ T8661] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1692'. [ 155.026191][ T8674] netlink: 'syz.1.1697': attribute type 1 has an invalid length. [ 155.031797][ T8678] syzkaller1: entered promiscuous mode [ 155.035089][ T8674] netlink: 'syz.1.1697': attribute type 4 has an invalid length. [ 155.040043][ T8678] syzkaller1: entered allmulticast mode [ 155.053750][ T8674] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1697'. [ 155.082907][ T8680] netlink: 'syz.3.1699': attribute type 1 has an invalid length. [ 155.091065][ T8680] netlink: 'syz.3.1699': attribute type 4 has an invalid length. [ 155.099606][ T8680] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1699'. [ 155.114388][ T8682] loop2: detected capacity change from 0 to 128 [ 155.191951][ T8690] FAULT_INJECTION: forcing a failure. [ 155.191951][ T8690] name failslab, interval 1, probability 0, space 0, times 0 [ 155.205590][ T8690] CPU: 1 UID: 0 PID: 8690 Comm: syz.2.1703 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 155.205628][ T8690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.205645][ T8690] Call Trace: [ 155.205652][ T8690] [ 155.205661][ T8690] __dump_stack+0x1d/0x30 [ 155.205692][ T8690] dump_stack_lvl+0xe8/0x140 [ 155.205716][ T8690] dump_stack+0x15/0x1b [ 155.205735][ T8690] should_fail_ex+0x265/0x280 [ 155.205777][ T8690] should_failslab+0x8c/0xb0 [ 155.205806][ T8690] __kmalloc_noprof+0xa5/0x3e0 [ 155.205903][ T8690] ? kernfs_fop_write_iter+0xe1/0x2d0 [ 155.205931][ T8690] ? splice_from_pipe_next+0x321/0x380 [ 155.205968][ T8690] kernfs_fop_write_iter+0xe1/0x2d0 [ 155.206060][ T8690] ? iov_iter_bvec+0xa4/0xd0 [ 155.206082][ T8690] iter_file_splice_write+0x5f2/0x970 [ 155.206349][ T8690] ? __pfx_iter_file_splice_write+0x10/0x10 [ 155.206466][ T8690] do_splice+0x977/0x10b0 [ 155.206506][ T8690] ? __rcu_read_unlock+0x4f/0x70 [ 155.206535][ T8690] ? __fget_files+0x184/0x1c0 [ 155.206561][ T8690] __se_sys_splice+0x26c/0x3a0 [ 155.206627][ T8690] __x64_sys_splice+0x78/0x90 [ 155.206665][ T8690] x64_sys_call+0xb0a/0x2fb0 [ 155.206692][ T8690] do_syscall_64+0xd2/0x200 [ 155.206751][ T8690] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 155.206777][ T8690] ? clear_bhb_loop+0x40/0x90 [ 155.206804][ T8690] ? clear_bhb_loop+0x40/0x90 [ 155.206831][ T8690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.206858][ T8690] RIP: 0033:0x7f7de5a3e929 [ 155.206916][ T8690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.207009][ T8690] RSP: 002b:00007f7de409f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 155.207035][ T8690] RAX: ffffffffffffffda RBX: 00007f7de5c65fa0 RCX: 00007f7de5a3e929 [ 155.207051][ T8690] RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000004 [ 155.207066][ T8690] RBP: 00007f7de409f090 R08: 0000000000000008 R09: 0000000000000000 [ 155.207132][ T8690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.207147][ T8690] R13: 0000000000000000 R14: 00007f7de5c65fa0 R15: 00007fff8b6b0a58 [ 155.207173][ T8690] [ 155.496605][ T8695] loop1: detected capacity change from 0 to 2048 [ 155.540110][ T8695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1705'. [ 155.550460][ T8695] FAULT_INJECTION: forcing a failure. [ 155.550460][ T8695] name failslab, interval 1, probability 0, space 0, times 0 [ 155.564006][ T8695] CPU: 1 UID: 0 PID: 8695 Comm: syz.1.1705 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 155.564039][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.564059][ T8695] Call Trace: [ 155.564064][ T8695] [ 155.564070][ T8695] __dump_stack+0x1d/0x30 [ 155.564090][ T8695] dump_stack_lvl+0xe8/0x140 [ 155.564121][ T8695] dump_stack+0x15/0x1b [ 155.564141][ T8695] should_fail_ex+0x265/0x280 [ 155.564187][ T8695] should_failslab+0x8c/0xb0 [ 155.564216][ T8695] kmem_cache_alloc_node_noprof+0x57/0x320 [ 155.564249][ T8695] ? __alloc_skb+0x101/0x320 [ 155.564418][ T8695] __alloc_skb+0x101/0x320 [ 155.564453][ T8695] rtmsg_ifinfo_build_skb+0x5f/0x1b0 [ 155.564538][ T8695] ? kvfree_call_rcu+0x29a/0x320 [ 155.564574][ T8695] ? __pfx_rtnetlink_event+0x10/0x10 [ 155.564599][ T8695] rtnetlink_event+0x18c/0x200 [ 155.564626][ T8695] raw_notifier_call_chain+0x6c/0x1b0 [ 155.564769][ T8695] ? call_netdevice_notifiers_info+0x9c/0x100 [ 155.564802][ T8695] call_netdevice_notifiers_info+0xae/0x100 [ 155.564897][ T8695] __netdev_upper_dev_unlink+0x17f/0x760 [ 155.564929][ T8695] ? _raw_spin_unlock+0x26/0x50 [ 155.564962][ T8695] ? __schedule+0x6a8/0xb30 [ 155.564987][ T8695] ? schedule+0x5f/0xd0 [ 155.565075][ T8695] ? __list_add_valid_or_report+0x38/0xe0 [ 155.565138][ T8695] ? unregister_netdevice_queue+0x12b/0x220 [ 155.565168][ T8695] ? __pfx_macvtap_dellink+0x10/0x10 [ 155.565207][ T8695] netdev_upper_dev_unlink+0x1d/0x30 [ 155.565237][ T8695] macvlan_dellink+0x291/0x2b0 [ 155.565276][ T8695] ? __pfx_macvtap_dellink+0x10/0x10 [ 155.565331][ T8695] macvtap_dellink+0x31/0x40 [ 155.565354][ T8695] rtnl_dellink+0x3ba/0x550 [ 155.565403][ T8695] ? security_capable+0x83/0x90 [ 155.565427][ T8695] ? ns_capable+0x7d/0xb0 [ 155.565498][ T8695] ? __pfx_rtnl_dellink+0x10/0x10 [ 155.565519][ T8695] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 155.565571][ T8695] ? avc_has_perm_noaudit+0x1b1/0x200 [ 155.565605][ T8695] netlink_rcv_skb+0x120/0x220 [ 155.565691][ T8695] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 155.565726][ T8695] rtnetlink_rcv+0x1c/0x30 [ 155.565748][ T8695] netlink_unicast+0x5a5/0x680 [ 155.565851][ T8695] netlink_sendmsg+0x58b/0x6b0 [ 155.565953][ T8695] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.565972][ T8695] __sock_sendmsg+0x145/0x180 [ 155.565997][ T8695] ____sys_sendmsg+0x31e/0x4e0 [ 155.566077][ T8695] ___sys_sendmsg+0x17b/0x1d0 [ 155.566190][ T8695] __x64_sys_sendmsg+0xd4/0x160 [ 155.566239][ T8695] x64_sys_call+0x2999/0x2fb0 [ 155.566270][ T8695] do_syscall_64+0xd2/0x200 [ 155.566286][ T8695] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 155.566311][ T8695] ? clear_bhb_loop+0x40/0x90 [ 155.566407][ T8695] ? clear_bhb_loop+0x40/0x90 [ 155.566428][ T8695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.566612][ T8695] RIP: 0033:0x7f9cc948e929 [ 155.566632][ T8695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.566655][ T8695] RSP: 002b:00007f9cc7aef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.566679][ T8695] RAX: ffffffffffffffda RBX: 00007f9cc96b5fa0 RCX: 00007f9cc948e929 [ 155.566737][ T8695] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000008 [ 155.566752][ T8695] RBP: 00007f9cc7aef090 R08: 0000000000000000 R09: 0000000000000000 [ 155.566767][ T8695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.566783][ T8695] R13: 0000000000000000 R14: 00007f9cc96b5fa0 R15: 00007ffc4761a988 [ 155.566806][ T8695] [ 155.939564][ T8711] netlink: 'syz.0.1709': attribute type 10 has an invalid length. [ 155.947918][ T8711] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1709'. [ 155.997999][ T8714] loop2: detected capacity change from 0 to 512 [ 156.019107][ T8714] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1710: Failed to acquire dquot type 1 [ 156.087603][ T8714] EXT4-fs (loop2): 1 truncate cleaned up [ 156.108449][ T8721] syzkaller1: entered promiscuous mode [ 156.114800][ T8721] syzkaller1: entered allmulticast mode [ 156.137011][ T8723] loop2: detected capacity change from 0 to 128 [ 156.261761][ T8732] SELinux: policydb magic number 0xc7219d35 does not match expected magic number 0xf97cff8c [ 156.304052][ T8732] SELinux: failed to load policy [ 156.396320][ T8732] SELinux: policydb magic number 0x1 does not match expected magic number 0xf97cff8c [ 156.443103][ T8737] FAULT_INJECTION: forcing a failure. [ 156.443103][ T8737] name failslab, interval 1, probability 0, space 0, times 0 [ 156.459273][ T8737] CPU: 1 UID: 0 PID: 8737 Comm: syz.4.1717 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 156.459469][ T8737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.459486][ T8737] Call Trace: [ 156.459494][ T8737] [ 156.459503][ T8737] __dump_stack+0x1d/0x30 [ 156.459524][ T8737] dump_stack_lvl+0xe8/0x140 [ 156.459542][ T8737] dump_stack+0x15/0x1b [ 156.459653][ T8737] should_fail_ex+0x265/0x280 [ 156.459682][ T8737] should_failslab+0x8c/0xb0 [ 156.459738][ T8737] __kmalloc_noprof+0xa5/0x3e0 [ 156.459766][ T8737] ? sk_prot_alloc+0xa8/0x190 [ 156.459795][ T8737] ? should_fail_ex+0xdb/0x280 [ 156.459867][ T8737] sk_prot_alloc+0xa8/0x190 [ 156.459975][ T8737] sk_alloc+0x34/0x360 [ 156.460007][ T8737] bpf_prog_test_run_skb+0x234/0xbd0 [ 156.460047][ T8737] ? __rcu_read_unlock+0x4f/0x70 [ 156.460080][ T8737] ? __fget_files+0x184/0x1c0 [ 156.460101][ T8737] ? __rcu_read_unlock+0x4f/0x70 [ 156.460168][ T8737] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 156.460205][ T8737] bpf_prog_test_run+0x22a/0x390 [ 156.460266][ T8737] __sys_bpf+0x3dc/0x790 [ 156.460300][ T8737] __x64_sys_bpf+0x41/0x50 [ 156.460333][ T8737] x64_sys_call+0x2478/0x2fb0 [ 156.460371][ T8737] do_syscall_64+0xd2/0x200 [ 156.460470][ T8737] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 156.460500][ T8737] ? clear_bhb_loop+0x40/0x90 [ 156.460526][ T8737] ? clear_bhb_loop+0x40/0x90 [ 156.460553][ T8737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.460579][ T8737] RIP: 0033:0x7fc639bae929 [ 156.460596][ T8737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.460662][ T8737] RSP: 002b:00007fc638217038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 156.460730][ T8737] RAX: ffffffffffffffda RBX: 00007fc639dd5fa0 RCX: 00007fc639bae929 [ 156.460746][ T8737] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 156.460760][ T8737] RBP: 00007fc638217090 R08: 0000000000000000 R09: 0000000000000000 [ 156.460772][ T8737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.460842][ T8737] R13: 0000000000000000 R14: 00007fc639dd5fa0 R15: 00007ffe0287b438 [ 156.460862][ T8737] [ 156.529586][ T8732] SELinux: failed to load policy [ 156.612698][ T8740] loop4: detected capacity change from 0 to 512 [ 156.748520][ T8740] EXT4-fs (loop4): shut down requested (0) [ 156.788225][ T8752] loop2: detected capacity change from 0 to 128 [ 156.849186][ T8755] loop2: detected capacity change from 0 to 512 [ 156.874141][ T8755] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1723: Failed to acquire dquot type 1 [ 156.877309][ T8759] loop4: detected capacity change from 0 to 512 [ 156.902772][ T8755] EXT4-fs (loop2): 1 truncate cleaned up [ 156.926465][ T8755] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1723: Failed to acquire dquot type 1 [ 156.950543][ T8763] FAULT_INJECTION: forcing a failure. [ 156.950543][ T8763] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.966084][ T8763] CPU: 1 UID: 0 PID: 8763 Comm: syz.0.1725 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 156.966148][ T8763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.966165][ T8763] Call Trace: [ 156.966174][ T8763] [ 156.966184][ T8763] __dump_stack+0x1d/0x30 [ 156.966210][ T8763] dump_stack_lvl+0xe8/0x140 [ 156.966300][ T8763] dump_stack+0x15/0x1b [ 156.966392][ T8763] should_fail_ex+0x265/0x280 [ 156.966510][ T8763] should_fail+0xb/0x20 [ 156.966604][ T8763] should_fail_usercopy+0x1a/0x20 [ 156.966703][ T8763] _copy_to_user+0x20/0xa0 [ 156.966729][ T8763] simple_read_from_buffer+0xb5/0x130 [ 156.966769][ T8763] proc_fail_nth_read+0x100/0x140 [ 156.966843][ T8763] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 156.966874][ T8763] vfs_read+0x19d/0x6f0 [ 156.966979][ T8763] ? __rcu_read_unlock+0x4f/0x70 [ 156.967006][ T8763] ? __fget_files+0x184/0x1c0 [ 156.967043][ T8763] ksys_read+0xda/0x1a0 [ 156.967080][ T8763] __x64_sys_read+0x40/0x50 [ 156.967121][ T8763] x64_sys_call+0x2d77/0x2fb0 [ 156.967147][ T8763] do_syscall_64+0xd2/0x200 [ 156.967168][ T8763] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 156.967233][ T8763] ? clear_bhb_loop+0x40/0x90 [ 156.967259][ T8763] ? clear_bhb_loop+0x40/0x90 [ 156.967309][ T8763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.967336][ T8763] RIP: 0033:0x7f0d2b96d33c [ 156.967416][ T8763] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 156.967437][ T8763] RSP: 002b:00007f0d29fcf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 156.967460][ T8763] RAX: ffffffffffffffda RBX: 00007f0d2bb95fa0 RCX: 00007f0d2b96d33c [ 156.967476][ T8763] RDX: 000000000000000f RSI: 00007f0d29fcf0a0 RDI: 0000000000000004 [ 156.967490][ T8763] RBP: 00007f0d29fcf090 R08: 0000000000000000 R09: 0000000000000000 [ 156.967505][ T8763] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 156.967521][ T8763] R13: 0000000000000000 R14: 00007f0d2bb95fa0 R15: 00007ffced206968 [ 156.967582][ T8763] [ 156.972130][ T8759] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1724: Failed to acquire dquot type 1 [ 157.113182][ T8774] netlink: 'syz.3.1727': attribute type 1 has an invalid length. [ 157.114607][ T8759] EXT4-fs (loop4): 1 truncate cleaned up [ 157.252475][ T8781] loop4: detected capacity change from 0 to 512 [ 157.260639][ T8781] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 157.269934][ T8781] EXT4-fs (loop4): The Hurd can't support 64-bit file systems [ 157.312724][ T8786] loop4: detected capacity change from 0 to 128 [ 157.357958][ T8794] loop2: detected capacity change from 0 to 512 [ 157.379558][ T8794] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 157.468699][ T8800] loop4: detected capacity change from 0 to 512 [ 157.487998][ T8800] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1738: Failed to acquire dquot type 1 [ 157.542950][ T8802] lo speed is unknown, defaulting to 1000 [ 157.549627][ T8802] lo speed is unknown, defaulting to 1000 [ 157.555996][ T8808] loop1: detected capacity change from 0 to 512 [ 157.560675][ T8800] EXT4-fs (loop4): 1 truncate cleaned up [ 157.577852][ T8802] lo speed is unknown, defaulting to 1000 [ 157.588014][ T8802] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 157.597955][ T8802] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 157.612568][ T8808] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1742: Failed to acquire dquot type 1 [ 157.612891][ T8802] lo speed is unknown, defaulting to 1000 [ 157.633385][ T8802] lo speed is unknown, defaulting to 1000 [ 157.635831][ T8800] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.1738: Failed to acquire dquot type 1 [ 157.640052][ T8802] lo speed is unknown, defaulting to 1000 [ 157.658319][ T8802] lo speed is unknown, defaulting to 1000 [ 157.665146][ T8802] lo speed is unknown, defaulting to 1000 [ 157.673654][ T8808] EXT4-fs (loop1): 1 truncate cleaned up [ 157.682501][ T8815] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 157.820568][ T8824] loop3: detected capacity change from 0 to 512 [ 157.863349][ T8824] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 157.872887][ T8824] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 157.927199][ T8831] loop1: detected capacity change from 0 to 128 [ 157.936166][ T8824] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 157.945256][ T8824] System zones: 0-2, 18-18, 34-34 [ 157.952089][ T8824] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.1747: iget: bad i_size value: 360287970189639680 [ 157.966228][ T8824] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.1747: couldn't read orphan inode 15 (err -117) [ 157.990397][ T8833] FAULT_INJECTION: forcing a failure. [ 157.990397][ T8833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.003766][ T8833] CPU: 0 UID: 0 PID: 8833 Comm: syz.2.1748 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 158.003912][ T8833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.003925][ T8833] Call Trace: [ 158.003932][ T8833] [ 158.003940][ T8833] __dump_stack+0x1d/0x30 [ 158.003964][ T8833] dump_stack_lvl+0xe8/0x140 [ 158.004055][ T8833] dump_stack+0x15/0x1b [ 158.004139][ T8833] should_fail_ex+0x265/0x280 [ 158.004188][ T8833] should_fail+0xb/0x20 [ 158.004217][ T8833] should_fail_usercopy+0x1a/0x20 [ 158.004260][ T8833] fpu__restore_sig+0x12d/0xaa0 [ 158.004298][ T8833] ? should_fail_ex+0xdb/0x280 [ 158.004335][ T8833] __ia32_sys_rt_sigreturn+0x29f/0x350 [ 158.004381][ T8833] x64_sys_call+0x2e8a/0x2fb0 [ 158.004469][ T8833] do_syscall_64+0xd2/0x200 [ 158.004488][ T8833] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.004539][ T8833] ? clear_bhb_loop+0x40/0x90 [ 158.004560][ T8833] ? clear_bhb_loop+0x40/0x90 [ 158.004581][ T8833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.004601][ T8833] RIP: 0033:0x7f7de5a3e927 [ 158.004695][ T8833] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 158.004718][ T8833] RSP: 002b:00007f7de407e038 EFLAGS: 00000246 [ 158.004737][ T8833] RAX: 0000000000000010 RBX: 00007f7de5c66080 RCX: 00007f7de5a3e929 [ 158.004753][ T8833] RDX: 0000000000000003 RSI: 000000000000540a RDI: 0000000000000006 [ 158.004768][ T8833] RBP: 00007f7de407e090 R08: 0000000000000000 R09: 0000000000000000 [ 158.004783][ T8833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.004863][ T8833] R13: 0000000000000000 R14: 00007f7de5c66080 R15: 00007fff8b6b0a58 [ 158.004884][ T8833] [ 158.228596][ T29] kauditd_printk_skb: 636 callbacks suppressed [ 158.228610][ T29] audit: type=1326 audit(150.235:22464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8836 comm="syz.4.1751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc639bae929 code=0x7ffc0000 [ 158.273711][ T8838] __nla_validate_parse: 5 callbacks suppressed [ 158.273730][ T8838] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1750'. [ 158.300790][ T29] audit: type=1326 audit(150.272:22465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8836 comm="syz.4.1751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fc639bae929 code=0x7ffc0000 [ 158.324303][ T29] audit: type=1326 audit(150.272:22466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8836 comm="syz.4.1751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc639bae929 code=0x7ffc0000 [ 158.325018][ T8841] loop4: detected capacity change from 0 to 1024 [ 158.347556][ T29] audit: type=1326 audit(150.282:22467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8836 comm="syz.4.1751" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc639bae929 code=0x7ffc0000 [ 158.425299][ T8846] syzkaller1: entered promiscuous mode [ 158.431151][ T8846] syzkaller1: entered allmulticast mode [ 158.469062][ T29] audit: type=1400 audit(150.450:22468): avc: denied { remove_name } for pid=3304 comm="syz-executor" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.492160][ T29] audit: type=1400 audit(150.450:22469): avc: denied { rmdir } for pid=3304 comm="syz-executor" name="lost+found" dev="loop4" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 158.496570][ T3304] EXT4-fs error (device loop4): __ext4_iget:5379: inode #12: block 2: comm syz-executor: invalid block [ 158.529407][ T3304] EXT4-fs error (device loop4): __ext4_iget:5379: inode #12: block 2: comm syz-executor: invalid block [ 158.597449][ T8851] loop1: detected capacity change from 0 to 512 [ 158.621927][ T8851] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 158.623243][ T29] audit: type=1326 audit(150.590:22470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8852 comm="syz.3.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 158.632099][ T8851] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 158.660744][ T8855] FAULT_INJECTION: forcing a failure. [ 158.660744][ T8855] name failslab, interval 1, probability 0, space 0, times 0 [ 158.665495][ T8851] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1755: Failed to acquire dquot type 1 [ 158.678373][ T8855] CPU: 1 UID: 0 PID: 8855 Comm: syz.3.1757 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 158.678409][ T8855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.678427][ T8855] Call Trace: [ 158.678438][ T8855] [ 158.678449][ T8855] __dump_stack+0x1d/0x30 [ 158.678481][ T8855] dump_stack_lvl+0xe8/0x140 [ 158.678541][ T8855] dump_stack+0x15/0x1b [ 158.678565][ T8855] should_fail_ex+0x265/0x280 [ 158.678637][ T8855] ? audit_log_d_path+0x8d/0x150 [ 158.678680][ T8855] should_failslab+0x8c/0xb0 [ 158.678755][ T8855] __kmalloc_cache_noprof+0x4c/0x320 [ 158.678807][ T8855] audit_log_d_path+0x8d/0x150 [ 158.678857][ T8855] audit_log_d_path_exe+0x42/0x70 [ 158.678910][ T8855] audit_log_task+0x1e9/0x250 [ 158.678954][ T8855] audit_seccomp+0x61/0x100 [ 158.679029][ T8855] ? __seccomp_filter+0x68c/0x10d0 [ 158.679059][ T8855] __seccomp_filter+0x69d/0x10d0 [ 158.679161][ T8855] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 158.679207][ T8855] ? vfs_write+0x75e/0x8e0 [ 158.679317][ T8855] ? __rcu_read_unlock+0x4f/0x70 [ 158.679347][ T8855] ? __fget_files+0x184/0x1c0 [ 158.679396][ T8855] __secure_computing+0x82/0x150 [ 158.679425][ T8855] syscall_trace_enter+0xcf/0x1e0 [ 158.679475][ T8855] do_syscall_64+0xac/0x200 [ 158.679500][ T8855] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 158.679534][ T8855] ? clear_bhb_loop+0x40/0x90 [ 158.679564][ T8855] ? clear_bhb_loop+0x40/0x90 [ 158.679594][ T8855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.679639][ T8855] RIP: 0033:0x7f205d7de929 [ 158.679662][ T8855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.679686][ T8855] RSP: 002b:00007f205be47038 EFLAGS: 00000246 ORIG_RAX: 000000000000014e [ 158.679712][ T8855] RAX: ffffffffffffffda RBX: 00007f205da05fa0 RCX: 00007f205d7de929 [ 158.679730][ T8855] RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000200000000300 [ 158.679747][ T8855] RBP: 00007f205be47090 R08: 0000000000000000 R09: 0000000000000000 [ 158.679807][ T8855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.679824][ T8855] R13: 0000000000000000 R14: 00007f205da05fa0 R15: 00007ffc4f4b4df8 [ 158.679859][ T8855] [ 158.723187][ T29] audit: type=1326 audit(150.637:22471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8852 comm="syz.3.1757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f205d7dd290 code=0x7ffc0000 [ 158.728069][ T8851] EXT4-fs (loop1): 1 truncate cleaned up [ 158.943735][ T8860] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1758'. [ 158.986228][ T8860] bond0: (slave bond_slave_0): Releasing backup interface [ 158.999602][ T8868] batadv_slave_0: entered promiscuous mode [ 159.006967][ T8868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1762'. [ 159.016931][ T8868] FAULT_INJECTION: forcing a failure. [ 159.016931][ T8868] name failslab, interval 1, probability 0, space 0, times 0 [ 159.029741][ T8868] CPU: 1 UID: 0 PID: 8868 Comm: syz.2.1762 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 159.029775][ T8868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 159.029788][ T8868] Call Trace: [ 159.029799][ T8868] [ 159.029806][ T8868] __dump_stack+0x1d/0x30 [ 159.029847][ T8868] dump_stack_lvl+0xe8/0x140 [ 159.029872][ T8868] dump_stack+0x15/0x1b [ 159.029893][ T8868] should_fail_ex+0x265/0x280 [ 159.029962][ T8868] should_failslab+0x8c/0xb0 [ 159.030024][ T8868] __kmalloc_noprof+0xa5/0x3e0 [ 159.030055][ T8868] ? unregister_netdevice_many_notify+0x4cf/0x1690 [ 159.030099][ T8868] ? unlist_netdevice+0x2cc/0x320 [ 159.030179][ T8868] unregister_netdevice_many_notify+0x4cf/0x1690 [ 159.030219][ T8868] ? __schedule+0x6a8/0xb30 [ 159.030249][ T8868] ? __pfx_veth_dellink+0x10/0x10 [ 159.030334][ T8868] ? __pfx_veth_dellink+0x10/0x10 [ 159.030360][ T8868] rtnl_dellink+0x3cb/0x550 [ 159.030411][ T8868] ? security_capable+0x83/0x90 [ 159.030486][ T8868] ? ns_capable+0x7d/0xb0 [ 159.030539][ T8868] ? __pfx_rtnl_dellink+0x10/0x10 [ 159.030566][ T8868] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 159.030592][ T8868] ? avc_has_perm_noaudit+0x1b1/0x200 [ 159.030752][ T8868] netlink_rcv_skb+0x120/0x220 [ 159.030792][ T8868] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 159.030876][ T8868] rtnetlink_rcv+0x1c/0x30 [ 159.030900][ T8868] netlink_unicast+0x5a5/0x680 [ 159.030935][ T8868] netlink_sendmsg+0x58b/0x6b0 [ 159.030959][ T8868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 159.030978][ T8868] __sock_sendmsg+0x145/0x180 [ 159.031047][ T8868] ____sys_sendmsg+0x31e/0x4e0 [ 159.031155][ T8868] ___sys_sendmsg+0x17b/0x1d0 [ 159.031252][ T8868] __x64_sys_sendmsg+0xd4/0x160 [ 159.031296][ T8868] x64_sys_call+0x2999/0x2fb0 [ 159.031316][ T8868] do_syscall_64+0xd2/0x200 [ 159.031401][ T8868] ? irqentry_exit_to_user_mode+0x7e/0xa0 [ 159.031432][ T8868] ? clear_bhb_loop+0x40/0x90 [ 159.031527][ T8868] ? clear_bhb_loop+0x40/0x90 [ 159.031552][ T8868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.031572][ T8868] RIP: 0033:0x7f7de5a3e929 [ 159.031603][ T8868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.031626][ T8868] RSP: 002b:00007f7de409f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 159.031650][ T8868] RAX: ffffffffffffffda RBX: 00007f7de5c65fa0 RCX: 00007f7de5a3e929 [ 159.031662][ T8868] RDX: 0000000020008050 RSI: 00002000000003c0 RDI: 0000000000000003 [ 159.031675][ T8868] RBP: 00007f7de409f090 R08: 0000000000000000 R09: 0000000000000000 [ 159.031686][ T8868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.031697][ T8868] R13: 0000000000000000 R14: 00007f7de5c65fa0 R15: 00007fff8b6b0a58 [ 159.031743][ T8868] [ 159.032467][ T8868] batadv_slave_0 (unregistering): left promiscuous mode [ 159.334125][ T8868] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 159.389140][ T8877] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1764'. [ 159.500693][ T8864] lo speed is unknown, defaulting to 1000 [ 159.502924][ T8891] validate_nla: 4 callbacks suppressed [ 159.502946][ T8891] netlink: 'syz.2.1769': attribute type 10 has an invalid length. [ 159.520572][ T8891] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1769'. [ 159.540367][ T8892] 9pnet_fd: Insufficient options for proto=fd [ 159.651854][ T37] bridge_slave_1: left allmulticast mode [ 159.658310][ T37] bridge_slave_1: left promiscuous mode [ 159.664520][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.697183][ T8902] loop1: detected capacity change from 0 to 512 [ 159.704161][ T37] bridge_slave_0: left allmulticast mode [ 159.710409][ T37] bridge_slave_0: left promiscuous mode [ 159.716193][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.729871][ T8902] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1771: Failed to acquire dquot type 1 [ 159.751322][ T8902] EXT4-fs (loop1): 1 truncate cleaned up [ 159.898753][ T8907] usb usb8: usbfs: process 8907 (syz.3.1772) did not claim interface 0 before use [ 159.927225][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 159.945820][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 159.985520][ T37] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 160.040578][ T8915] loop3: detected capacity change from 0 to 8192 [ 160.127696][ T8919] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1776'. [ 160.141698][ T37] bond0 (unregistering): Released all slaves [ 160.229613][ T37] hsr_slave_0: left promiscuous mode [ 160.249476][ T37] hsr_slave_1: left promiscuous mode [ 160.263801][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.288526][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.624977][ T8864] chnl_net:caif_netlink_parms(): no params data found [ 161.590055][ T8943] lo speed is unknown, defaulting to 1000 [ 161.839693][ T8947] lo speed is unknown, defaulting to 1000 [ 162.210436][ T8975] lo speed is unknown, defaulting to 1000 [ 162.490853][ T37] IPVS: stop unused estimator thread 0... [ 162.505963][ T8864] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.513206][ T8864] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.531531][ T8982] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1786'. [ 162.540928][ T8980] loop1: detected capacity change from 0 to 512 [ 162.541361][ T8864] bridge_slave_0: entered allmulticast mode [ 162.553911][ T8864] bridge_slave_0: entered promiscuous mode [ 162.560779][ T8864] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.567969][ T8864] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.575200][ T8864] bridge_slave_1: entered allmulticast mode [ 162.581939][ T8864] bridge_slave_1: entered promiscuous mode [ 162.611840][ T8980] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1785: Failed to acquire dquot type 1 [ 162.630191][ T8864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 162.643376][ T8980] EXT4-fs (loop1): 1 truncate cleaned up [ 162.650384][ T8864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.670521][ T8980] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1785: Failed to acquire dquot type 1 [ 162.713725][ T8864] team0: Port device team_slave_0 added [ 162.735448][ T8864] team0: Port device team_slave_1 added [ 162.753522][ T8864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 162.760611][ T8864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.787107][ T8864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 162.803941][ T8864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 162.811198][ T8864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 162.837281][ T8864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 162.886910][ T8998] FAULT_INJECTION: forcing a failure. [ 162.886910][ T8998] name failslab, interval 1, probability 0, space 0, times 0 [ 162.899669][ T8998] CPU: 0 UID: 0 PID: 8998 Comm: syz.0.1789 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 162.899850][ T8998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.899867][ T8998] Call Trace: [ 162.899874][ T8998] [ 162.899883][ T8998] __dump_stack+0x1d/0x30 [ 162.899909][ T8998] dump_stack_lvl+0xe8/0x140 [ 162.900037][ T8998] dump_stack+0x15/0x1b [ 162.900058][ T8998] should_fail_ex+0x265/0x280 [ 162.900095][ T8998] should_failslab+0x8c/0xb0 [ 162.900184][ T8998] kmem_cache_alloc_noprof+0x50/0x310 [ 162.900215][ T8998] ? getname_flags+0x80/0x3b0 [ 162.900255][ T8998] ? fput+0x8f/0xc0 [ 162.900277][ T8998] getname_flags+0x80/0x3b0 [ 162.900297][ T8998] __x64_sys_mkdirat+0x40/0x60 [ 162.900332][ T8998] x64_sys_call+0x2be0/0x2fb0 [ 162.900382][ T8998] do_syscall_64+0xd2/0x200 [ 162.900404][ T8998] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 162.900434][ T8998] ? clear_bhb_loop+0x40/0x90 [ 162.900457][ T8998] ? clear_bhb_loop+0x40/0x90 [ 162.900531][ T8998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.900557][ T8998] RIP: 0033:0x7f0d2b96e929 [ 162.900575][ T8998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.900648][ T8998] RSP: 002b:00007f0d29fcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 162.900670][ T8998] RAX: ffffffffffffffda RBX: 00007f0d2bb95fa0 RCX: 00007f0d2b96e929 [ 162.900685][ T8998] RDX: 0000000000000000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 162.900700][ T8998] RBP: 00007f0d29fcf090 R08: 0000000000000000 R09: 0000000000000000 [ 162.900725][ T8998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.900740][ T8998] R13: 0000000000000000 R14: 00007f0d2bb95fa0 R15: 00007ffced206968 [ 162.900789][ T8998] [ 163.145685][ T9000] loop3: detected capacity change from 0 to 512 [ 163.163309][ T8864] hsr_slave_0: entered promiscuous mode [ 163.171304][ T8864] hsr_slave_1: entered promiscuous mode [ 163.187354][ T8864] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 163.206319][ T9000] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #3: comm syz.3.1790: pblk 24 bad header/extent: invalid extent entries - magic f30a, entries 3, max 4(4), depth 0(0) [ 163.215937][ T8864] Cannot create hsr debugfs directory [ 163.272209][ T9019] syzkaller1: entered promiscuous mode [ 163.277903][ T9019] syzkaller1: entered allmulticast mode [ 163.285918][ T9000] EXT4-fs error (device loop3): ext4_quota_enable:7127: comm syz.3.1790: Bad quota inode: 3, type: 0 [ 163.383944][ T9000] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 163.410480][ T9000] EXT4-fs (loop3): mount failed [ 163.503318][ T9040] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1796'. [ 163.587375][ T29] kauditd_printk_skb: 307 callbacks suppressed [ 163.587391][ T29] audit: type=1326 audit(155.249:22773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 163.617412][ T29] audit: type=1326 audit(155.249:22774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 163.641160][ T29] audit: type=1326 audit(155.249:22775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 163.665243][ T29] audit: type=1326 audit(155.323:22776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 163.688781][ T29] audit: type=1326 audit(155.323:22777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 163.712052][ T29] audit: type=1326 audit(155.323:22778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 163.742763][ T29] audit: type=1326 audit(155.389:22779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 163.766765][ T29] audit: type=1326 audit(155.389:22780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f205d77ab19 code=0x7ffc0000 [ 163.789908][ T29] audit: type=1326 audit(155.389:22781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f205d7de929 code=0x7ffc0000 [ 163.831759][ T29] audit: type=1326 audit(155.464:22782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9032 comm="syz.3.1795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f205d7d58e7 code=0x7ffc0000 [ 163.877313][ T9059] syzkaller1: entered promiscuous mode [ 163.883497][ T9059] syzkaller1: entered allmulticast mode [ 163.953081][ T8864] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 163.962588][ T8864] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 163.996840][ T8864] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 164.011291][ T8864] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 164.062072][ T8864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.081042][ T8864] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.093307][ T9091] loop2: detected capacity change from 0 to 512 [ 164.101410][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.108780][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.127937][ T9096] netlink: 'syz.0.1804': attribute type 10 has an invalid length. [ 164.135967][ T9096] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1804'. [ 164.136938][ T9091] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1803: Failed to acquire dquot type 1 [ 164.158120][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.165562][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.182494][ T9091] EXT4-fs (loop2): 1 truncate cleaned up [ 164.280316][ T8864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.292951][ T9108] loop2: detected capacity change from 0 to 512 [ 164.317605][ T9108] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.1806: iget: bad i_size value: 38620345925642 [ 164.366988][ T9108] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.1806: couldn't read orphan inode 15 (err -117) [ 164.435508][ T9115] netlink: 'syz.1.1807': attribute type 1 has an invalid length. [ 164.444208][ T9115] netlink: 'syz.1.1807': attribute type 4 has an invalid length. [ 164.452090][ T9115] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1807'. [ 164.638146][ T8864] veth0_vlan: entered promiscuous mode [ 164.646924][ T8864] veth1_vlan: entered promiscuous mode [ 164.656710][ T9108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1806'. [ 164.725955][ T8864] veth0_macvtap: entered promiscuous mode [ 164.744367][ T8864] veth1_macvtap: entered promiscuous mode [ 164.763821][ T9148] netlink: 'syz.3.1811': attribute type 1 has an invalid length. [ 164.772825][ T9148] netlink: 'syz.3.1811': attribute type 4 has an invalid length. [ 164.781146][ T9148] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1811'. [ 164.797850][ T8864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.856727][ T56] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm kworker/u8:4: bg 0: block 5: invalid block bitmap [ 164.869496][ T8864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.891495][ T8864] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.892740][ T56] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 600 with error 28 [ 164.901695][ T8864] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.901732][ T8864] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.914423][ T56] EXT4-fs (loop2): This should not happen!! Data will be lost [ 164.914423][ T56] [ 164.923482][ T8864] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.933100][ T56] EXT4-fs (loop2): Total free blocks count 0 [ 164.933121][ T56] EXT4-fs (loop2): Free/Dirty block details [ 164.933136][ T56] EXT4-fs (loop2): free_blocks=0 [ 164.970852][ T56] EXT4-fs (loop2): dirty_blocks=604 [ 164.976220][ T56] EXT4-fs (loop2): Block reservation details [ 164.982396][ T56] EXT4-fs (loop2): i_reserved_data_blocks=604 [ 165.088725][ T9157] loop3: detected capacity change from 0 to 512 [ 165.142193][ T9157] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1814: Failed to acquire dquot type 1 [ 165.160457][ T9160] netlink: 'syz.2.1812': attribute type 1 has an invalid length. [ 165.169796][ T9160] netlink: 'syz.2.1812': attribute type 4 has an invalid length. [ 165.178176][ T9160] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1812'. [ 165.196218][ T9175] loop5: detected capacity change from 0 to 128 [ 165.253959][ T9157] EXT4-fs (loop3): 1 truncate cleaned up [ 165.304226][ T9157] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1814: Failed to acquire dquot type 1 [ 165.361912][ T9185] loop3: detected capacity change from 0 to 512 [ 165.405388][ T9185] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1816: Failed to acquire dquot type 1 [ 165.456595][ T9185] EXT4-fs (loop3): 1 truncate cleaned up [ 165.568082][ T9206] loop3: detected capacity change from 0 to 512 [ 165.608002][ T9206] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1819: Failed to acquire dquot type 1 [ 165.629597][ T9209] lo speed is unknown, defaulting to 1000 [ 165.646062][ T9206] EXT4-fs (loop3): 1 truncate cleaned up [ 165.826512][ T9228] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 165.836109][ T9228] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 165.886670][ T9230] ip6tnl1: entered promiscuous mode [ 165.923106][ T9230] loop2: detected capacity change from 0 to 2048 [ 165.933116][ T9230] EXT4-fs: Ignoring removed nomblk_io_submit option [ 165.941840][ T9239] FAULT_INJECTION: forcing a failure. [ 165.941840][ T9239] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.956236][ T9239] CPU: 1 UID: 0 PID: 9239 Comm: syz.1.1829 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 165.956280][ T9239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.956292][ T9239] Call Trace: [ 165.956298][ T9239] [ 165.956305][ T9239] __dump_stack+0x1d/0x30 [ 165.956326][ T9239] dump_stack_lvl+0xe8/0x140 [ 165.956348][ T9239] dump_stack+0x15/0x1b [ 165.956367][ T9239] should_fail_ex+0x265/0x280 [ 165.956472][ T9239] should_fail+0xb/0x20 [ 165.956503][ T9239] should_fail_usercopy+0x1a/0x20 [ 165.956617][ T9239] _copy_to_user+0x20/0xa0 [ 165.956637][ T9239] simple_read_from_buffer+0xb5/0x130 [ 165.956762][ T9239] proc_fail_nth_read+0x100/0x140 [ 165.956797][ T9239] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 165.956887][ T9239] vfs_read+0x19d/0x6f0 [ 165.956918][ T9239] ? __rcu_read_unlock+0x4f/0x70 [ 165.956944][ T9239] ? __fget_files+0x184/0x1c0 [ 165.956971][ T9239] ksys_read+0xda/0x1a0 [ 165.957053][ T9239] __x64_sys_read+0x40/0x50 [ 165.957086][ T9239] x64_sys_call+0x2d77/0x2fb0 [ 165.957106][ T9239] do_syscall_64+0xd2/0x200 [ 165.957124][ T9239] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 165.957156][ T9239] ? clear_bhb_loop+0x40/0x90 [ 165.957182][ T9239] ? clear_bhb_loop+0x40/0x90 [ 165.957233][ T9239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.957259][ T9239] RIP: 0033:0x7f9cc948d33c [ 165.957274][ T9239] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 165.957292][ T9239] RSP: 002b:00007f9cc7aef030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 165.957392][ T9239] RAX: ffffffffffffffda RBX: 00007f9cc96b5fa0 RCX: 00007f9cc948d33c [ 165.957408][ T9239] RDX: 000000000000000f RSI: 00007f9cc7aef0a0 RDI: 0000000000000007 [ 165.957423][ T9239] RBP: 00007f9cc7aef090 R08: 0000000000000000 R09: 0000000000000000 [ 165.957440][ T9239] R10: 0000000040000041 R11: 0000000000000246 R12: 0000000000000001 [ 165.957451][ T9239] R13: 0000000000000000 R14: 00007f9cc96b5fa0 R15: 00007ffc4761a988 [ 165.957470][ T9239] [ 166.228118][ T9248] netlink: 'syz.0.1832': attribute type 10 has an invalid length. [ 166.236219][ T9248] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1832'. [ 166.247563][ T9249] loop3: detected capacity change from 0 to 512 [ 166.297743][ T9242] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1826'. [ 166.310869][ T9230] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.1826'. [ 166.337013][ T9242] EXT4-fs error (device loop2): empty_inline_dir:1786: inode #12: block 5: comm syz.2.1826: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=7952, size=60 fake=0 [ 166.361283][ T9242] EXT4-fs (loop2): Remounting filesystem read-only [ 166.367895][ T9242] EXT4-fs warning (device loop2): empty_inline_dir:1793: bad inline directory (dir #12) - inode 13, rec_len 7952, name_len 0inline size 60 [ 166.371882][ T9249] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1830: Failed to acquire dquot type 1 [ 166.394725][ T9249] EXT4-fs (loop3): 1 truncate cleaned up [ 166.568369][ T9257] FAULT_INJECTION: forcing a failure. [ 166.568369][ T9257] name failslab, interval 1, probability 0, space 0, times 0 [ 166.584653][ T9257] CPU: 0 UID: 0 PID: 9257 Comm: syz.1.1834 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 166.584702][ T9257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.584740][ T9257] Call Trace: [ 166.584747][ T9257] [ 166.584757][ T9257] __dump_stack+0x1d/0x30 [ 166.584784][ T9257] dump_stack_lvl+0xe8/0x140 [ 166.584808][ T9257] dump_stack+0x15/0x1b [ 166.584824][ T9257] should_fail_ex+0x265/0x280 [ 166.584870][ T9257] ? rtnl_newlink+0x5c/0x12d0 [ 166.584909][ T9257] should_failslab+0x8c/0xb0 [ 166.584938][ T9257] __kmalloc_cache_noprof+0x4c/0x320 [ 166.585023][ T9257] rtnl_newlink+0x5c/0x12d0 [ 166.585043][ T9257] ? trie_lookup_elem+0x3c8/0x430 [ 166.585069][ T9257] ? trie_lookup_elem+0x3c8/0x430 [ 166.585095][ T9257] ? x86_call_depth_emit_accounting+0x128/0x2e0 [ 166.585194][ T9257] ? __rcu_read_unlock+0x4f/0x70 [ 166.585223][ T9257] ? __perf_event_task_sched_in+0xa5b/0xac0 [ 166.585265][ T9257] ? perf_cgroup_switch+0x10c/0x480 [ 166.585352][ T9257] ? avc_has_perm_noaudit+0x176/0x200 [ 166.585385][ T9257] ? __rcu_read_unlock+0x4f/0x70 [ 166.585493][ T9257] ? avc_has_perm_noaudit+0x1b1/0x200 [ 166.585540][ T9257] ? selinux_capable+0x1f9/0x270 [ 166.585579][ T9257] ? security_capable+0x83/0x90 [ 166.585676][ T9257] ? ns_capable+0x7d/0xb0 [ 166.585701][ T9257] ? __pfx_rtnl_newlink+0x10/0x10 [ 166.585729][ T9257] rtnetlink_rcv_msg+0x5fe/0x6d0 [ 166.585757][ T9257] ? avc_has_perm_noaudit+0x1b1/0x200 [ 166.585797][ T9257] netlink_rcv_skb+0x120/0x220 [ 166.585869][ T9257] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 166.585908][ T9257] rtnetlink_rcv+0x1c/0x30 [ 166.585933][ T9257] netlink_unicast+0x5a5/0x680 [ 166.586043][ T9257] netlink_sendmsg+0x58b/0x6b0 [ 166.586090][ T9257] ? __pfx_netlink_sendmsg+0x10/0x10 [ 166.586252][ T9257] __sock_sendmsg+0x145/0x180 [ 166.586279][ T9257] ____sys_sendmsg+0x31e/0x4e0 [ 166.586365][ T9257] ___sys_sendmsg+0x17b/0x1d0 [ 166.586418][ T9257] __x64_sys_sendmsg+0xd4/0x160 [ 166.586503][ T9257] x64_sys_call+0x2999/0x2fb0 [ 166.586532][ T9257] do_syscall_64+0xd2/0x200 [ 166.586550][ T9257] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 166.586689][ T9257] ? clear_bhb_loop+0x40/0x90 [ 166.586725][ T9257] ? clear_bhb_loop+0x40/0x90 [ 166.586756][ T9257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.586785][ T9257] RIP: 0033:0x7f9cc948e929 [ 166.586805][ T9257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.586824][ T9257] RSP: 002b:00007f9cc7aef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.586908][ T9257] RAX: ffffffffffffffda RBX: 00007f9cc96b5fa0 RCX: 00007f9cc948e929 [ 166.586924][ T9257] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000008 [ 166.586936][ T9257] RBP: 00007f9cc7aef090 R08: 0000000000000000 R09: 0000000000000000 [ 166.586948][ T9257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.586979][ T9257] R13: 0000000000000000 R14: 00007f9cc96b5fa0 R15: 00007ffc4761a988 [ 166.587074][ T9257] [ 166.877229][ T9259] FAULT_INJECTION: forcing a failure. [ 166.877229][ T9259] name failslab, interval 1, probability 0, space 0, times 0 [ 166.921539][ T9259] CPU: 1 UID: 0 PID: 9259 Comm: syz.2.1835 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 166.921616][ T9259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.921632][ T9259] Call Trace: [ 166.921640][ T9259] [ 166.921648][ T9259] __dump_stack+0x1d/0x30 [ 166.921673][ T9259] dump_stack_lvl+0xe8/0x140 [ 166.921736][ T9259] dump_stack+0x15/0x1b [ 166.921824][ T9259] should_fail_ex+0x265/0x280 [ 166.921854][ T9259] should_failslab+0x8c/0xb0 [ 166.921875][ T9259] __kmalloc_noprof+0xa5/0x3e0 [ 166.921903][ T9259] ? iovec_from_user+0x84/0x210 [ 166.921927][ T9259] iovec_from_user+0x84/0x210 [ 166.921950][ T9259] __import_iovec+0xf3/0x540 [ 166.922022][ T9259] ? mntput_no_expire+0x6f/0x3c0 [ 166.922054][ T9259] import_iovec+0x61/0x80 [ 166.922074][ T9259] ___sys_sendmsg+0x146/0x1d0 [ 166.922205][ T9259] __sys_sendmmsg+0x178/0x300 [ 166.922253][ T9259] __x64_sys_sendmmsg+0x57/0x70 [ 166.922363][ T9259] x64_sys_call+0x2f2f/0x2fb0 [ 166.922411][ T9259] do_syscall_64+0xd2/0x200 [ 166.922430][ T9259] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 166.922529][ T9259] ? clear_bhb_loop+0x40/0x90 [ 166.922551][ T9259] ? clear_bhb_loop+0x40/0x90 [ 166.922573][ T9259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.922594][ T9259] RIP: 0033:0x7f7de5a3e929 [ 166.922648][ T9259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.922666][ T9259] RSP: 002b:00007f7de409f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 166.922686][ T9259] RAX: ffffffffffffffda RBX: 00007f7de5c65fa0 RCX: 00007f7de5a3e929 [ 166.922699][ T9259] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000003 [ 166.922712][ T9259] RBP: 00007f7de409f090 R08: 0000000000000000 R09: 0000000000000000 [ 166.922724][ T9259] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001 [ 166.922736][ T9259] R13: 0000000000000000 R14: 00007f7de5c65fa0 R15: 00007fff8b6b0a58 [ 166.922825][ T9259] [ 166.926651][ T9261] loop5: detected capacity change from 0 to 512 [ 167.059460][ T9272] loop2: detected capacity change from 0 to 512 [ 167.099631][ T9261] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1836: Failed to acquire dquot type 1 [ 167.176011][ T9261] EXT4-fs (loop5): 1 truncate cleaned up [ 167.211686][ T9272] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 167.230239][ T9272] EXT4-fs (loop2): 1 truncate cleaned up [ 167.262155][ T9271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1839'. [ 167.289979][ T9286] loop5: detected capacity change from 0 to 512 [ 167.352908][ T9284] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.358363][ T9286] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1841: Failed to acquire dquot type 1 [ 167.363051][ T9284] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.375398][ T9286] EXT4-fs (loop5): 1 truncate cleaned up [ 167.483964][ T9304] loop2: detected capacity change from 0 to 128 [ 167.525833][ T9312] loop5: detected capacity change from 0 to 512 [ 167.552689][ T9312] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1852: Failed to acquire dquot type 1 [ 167.576822][ T9312] EXT4-fs (loop5): 1 truncate cleaned up [ 167.653089][ T9321] loop3: detected capacity change from 0 to 8192 [ 167.665321][ T9325] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1856'. [ 167.752905][ T9335] syzkaller1: entered promiscuous mode [ 167.758801][ T9335] syzkaller1: entered allmulticast mode [ 167.790203][ T9340] loop3: detected capacity change from 0 to 512 [ 167.799836][ T9340] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 167.812436][ T9340] EXT4-fs (loop3): 1 truncate cleaned up [ 167.899279][ T9345] loop2: detected capacity change from 0 to 512 [ 167.918999][ T9352] loop5: detected capacity change from 0 to 512 [ 167.935566][ T9345] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1865: Failed to acquire dquot type 1 [ 167.949189][ T9352] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.1867: Failed to acquire dquot type 1 [ 167.976753][ T9345] EXT4-fs (loop2): 1 truncate cleaned up [ 167.983346][ T9359] loop1: detected capacity change from 0 to 512 [ 168.013417][ T9352] EXT4-fs (loop5): 1 truncate cleaned up [ 168.023801][ T9359] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1869: Failed to acquire dquot type 1 [ 168.037635][ T9359] EXT4-fs (loop1): 1 truncate cleaned up [ 168.061936][ T9365] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=272 sclass=netlink_route_socket pid=9365 comm=syz.2.1870 [ 168.078970][ T9365] FAULT_INJECTION: forcing a failure. [ 168.078970][ T9365] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.092291][ T9365] CPU: 0 UID: 0 PID: 9365 Comm: syz.2.1870 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 168.092333][ T9365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.092349][ T9365] Call Trace: [ 168.092358][ T9365] [ 168.092368][ T9365] __dump_stack+0x1d/0x30 [ 168.092394][ T9365] dump_stack_lvl+0xe8/0x140 [ 168.092449][ T9365] dump_stack+0x15/0x1b [ 168.092502][ T9365] should_fail_ex+0x265/0x280 [ 168.092563][ T9365] should_fail+0xb/0x20 [ 168.092593][ T9365] should_fail_usercopy+0x1a/0x20 [ 168.092627][ T9365] _copy_from_user+0x1c/0xb0 [ 168.092651][ T9365] kstrtouint_from_user+0x69/0xf0 [ 168.092710][ T9365] ? 0xffffffff81000000 [ 168.092726][ T9365] ? selinux_file_permission+0x1e4/0x320 [ 168.092783][ T9365] proc_fail_nth_write+0x50/0x160 [ 168.092836][ T9365] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 168.092878][ T9365] vfs_write+0x269/0x8e0 [ 168.092989][ T9365] ? __rcu_read_unlock+0x4f/0x70 [ 168.093017][ T9365] ? __fget_files+0x184/0x1c0 [ 168.093042][ T9365] ksys_write+0xda/0x1a0 [ 168.093081][ T9365] __x64_sys_write+0x40/0x50 [ 168.093181][ T9365] x64_sys_call+0x2cdd/0x2fb0 [ 168.093276][ T9365] do_syscall_64+0xd2/0x200 [ 168.093300][ T9365] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 168.093342][ T9365] ? clear_bhb_loop+0x40/0x90 [ 168.093368][ T9365] ? clear_bhb_loop+0x40/0x90 [ 168.093395][ T9365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.093430][ T9365] RIP: 0033:0x7f7de5a3d3df [ 168.093449][ T9365] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 168.093471][ T9365] RSP: 002b:00007f7de409f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 168.093494][ T9365] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7de5a3d3df [ 168.093573][ T9365] RDX: 0000000000000001 RSI: 00007f7de409f0a0 RDI: 0000000000000009 [ 168.093588][ T9365] RBP: 00007f7de409f090 R08: 0000000000000000 R09: 0000000000000000 [ 168.093603][ T9365] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 168.093617][ T9365] R13: 0000000000000000 R14: 00007f7de5c65fa0 R15: 00007fff8b6b0a58 [ 168.093642][ T9365] [ 168.374669][ T9367] loop3: detected capacity change from 0 to 8192 [ 168.440676][ T9375] loop1: detected capacity change from 0 to 128 [ 168.451556][ T9376] netlink: 'syz.2.1874': attribute type 1 has an invalid length. [ 168.460093][ T9376] netlink: 'syz.2.1874': attribute type 4 has an invalid length. [ 168.524880][ T9383] loop1: detected capacity change from 0 to 512 [ 168.541795][ T9381] syzkaller1: entered promiscuous mode [ 168.547489][ T9381] syzkaller1: entered allmulticast mode [ 168.560970][ T9383] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 168.584567][ T9385] FAULT_INJECTION: forcing a failure. [ 168.584567][ T9385] name failslab, interval 1, probability 0, space 0, times 0 [ 168.597766][ T9385] CPU: 1 UID: 0 PID: 9385 Comm: syz.5.1879 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 168.597802][ T9385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.597818][ T9385] Call Trace: [ 168.597825][ T9385] [ 168.597833][ T9385] __dump_stack+0x1d/0x30 [ 168.597858][ T9385] dump_stack_lvl+0xe8/0x140 [ 168.597883][ T9385] dump_stack+0x15/0x1b [ 168.597932][ T9385] should_fail_ex+0x265/0x280 [ 168.597971][ T9385] should_failslab+0x8c/0xb0 [ 168.597999][ T9385] __kmalloc_node_track_caller_noprof+0xa4/0x410 [ 168.598040][ T9385] ? sidtab_sid2str_get+0xa0/0x130 [ 168.598063][ T9385] ? skb_put+0xa9/0xf0 [ 168.598123][ T9385] kmemdup_noprof+0x2b/0x70 [ 168.598152][ T9385] sidtab_sid2str_get+0xa0/0x130 [ 168.598186][ T9385] security_sid_to_context_core+0x1eb/0x2e0 [ 168.598360][ T9385] security_sid_to_context+0x27/0x40 [ 168.598382][ T9385] avc_audit_post_callback+0x9d/0x520 [ 168.598412][ T9385] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 168.598447][ T9385] common_lsm_audit+0x1b8/0x230 [ 168.598475][ T9385] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 168.598543][ T9385] slow_avc_audit+0x104/0x140 [ 168.598579][ T9385] avc_has_perm+0x128/0x150 [ 168.598691][ T9385] selinux_socket_sendmsg+0x175/0x1b0 [ 168.598775][ T9385] security_socket_sendmsg+0x48/0x80 [ 168.598945][ T9385] __sock_sendmsg+0x30/0x180 [ 168.598974][ T9385] ____sys_sendmsg+0x31e/0x4e0 [ 168.599010][ T9385] ___sys_sendmsg+0x17b/0x1d0 [ 168.599079][ T9385] __x64_sys_sendmsg+0xd4/0x160 [ 168.599159][ T9385] x64_sys_call+0x2999/0x2fb0 [ 168.599185][ T9385] do_syscall_64+0xd2/0x200 [ 168.599203][ T9385] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 168.599269][ T9385] ? clear_bhb_loop+0x40/0x90 [ 168.599305][ T9385] ? clear_bhb_loop+0x40/0x90 [ 168.599329][ T9385] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.599350][ T9385] RIP: 0033:0x7fb60fdee929 [ 168.599365][ T9385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.599382][ T9385] RSP: 002b:00007fb60e457038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.599473][ T9385] RAX: ffffffffffffffda RBX: 00007fb610015fa0 RCX: 00007fb60fdee929 [ 168.599489][ T9385] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000005 [ 168.599505][ T9385] RBP: 00007fb60e457090 R08: 0000000000000000 R09: 0000000000000000 [ 168.599520][ T9385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.599542][ T9385] R13: 0000000000000000 R14: 00007fb610015fa0 R15: 00007ffd39b1c198 [ 168.599573][ T9385] [ 168.601140][ T9383] EXT4-fs (loop1): 1 truncate cleaned up [ 168.677537][ T9390] loop5: detected capacity change from 0 to 1024 [ 168.865635][ T9400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.891760][ T9400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.957909][ T9406] loop1: detected capacity change from 0 to 512 [ 168.997478][ T9406] __quota_error: 625 callbacks suppressed [ 168.997494][ T9406] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 169.014096][ T9406] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 169.024097][ T9406] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1884: Failed to acquire dquot type 1 [ 169.040394][ T9406] EXT4-fs (loop1): 1 truncate cleaned up [ 169.063882][ T29] audit: type=1326 audit(160.365:23384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.087202][ T29] audit: type=1326 audit(160.365:23385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.110217][ T29] audit: type=1326 audit(160.365:23386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.133307][ T29] audit: type=1326 audit(160.365:23387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.156768][ T29] audit: type=1326 audit(160.365:23388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.180062][ T29] audit: type=1326 audit(160.365:23389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.203249][ T29] audit: type=1326 audit(160.365:23390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.226447][ T29] audit: type=1326 audit(160.365:23391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9416 comm="syz.2.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7de5a3e929 code=0x7ffc0000 [ 169.304881][ T9428] netlink: 'syz.0.1892': attribute type 1 has an invalid length. [ 169.312869][ T9428] netlink: 'syz.0.1892': attribute type 4 has an invalid length. [ 169.324973][ T9426] usb usb8: usbfs: process 9426 (syz.1.1891) did not claim interface 0 before use [ 169.562521][ T9448] netlink: 'syz.3.1898': attribute type 13 has an invalid length. [ 169.677327][ T9458] usb usb8: usbfs: process 9458 (syz.3.1903) did not claim interface 0 before use [ 169.722990][ T9467] netlink: 'syz.3.1905': attribute type 1 has an invalid length. [ 169.730921][ T9467] netlink: 'syz.3.1905': attribute type 4 has an invalid length. [ 169.738827][ T9467] __nla_validate_parse: 8 callbacks suppressed [ 169.738925][ T9467] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1905'. [ 169.803468][ T9477] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1909'. [ 169.817169][ T9473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.827609][ T9473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.933412][ T9484] loop3: detected capacity change from 0 to 512 [ 169.945864][ T9484] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1912: Failed to acquire dquot type 1 [ 169.958832][ T9484] EXT4-fs (loop3): 1 truncate cleaned up [ 170.000657][ T9488] loop2: detected capacity change from 0 to 1024 [ 170.050169][ T9496] FAULT_INJECTION: forcing a failure. [ 170.050169][ T9496] name failslab, interval 1, probability 0, space 0, times 0 [ 170.062985][ T9496] CPU: 1 UID: 0 PID: 9496 Comm: syz.3.1916 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 170.063072][ T9496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.063086][ T9496] Call Trace: [ 170.063092][ T9496] [ 170.063100][ T9496] __dump_stack+0x1d/0x30 [ 170.063120][ T9496] dump_stack_lvl+0xe8/0x140 [ 170.063150][ T9496] dump_stack+0x15/0x1b [ 170.063171][ T9496] should_fail_ex+0x265/0x280 [ 170.063286][ T9496] ? audit_log_d_path+0x8d/0x150 [ 170.063398][ T9496] should_failslab+0x8c/0xb0 [ 170.063430][ T9496] __kmalloc_cache_noprof+0x4c/0x320 [ 170.063508][ T9496] audit_log_d_path+0x8d/0x150 [ 170.063541][ T9496] audit_log_d_path_exe+0x42/0x70 [ 170.063571][ T9496] audit_log_task+0x1e9/0x250 [ 170.063602][ T9496] audit_seccomp+0x61/0x100 [ 170.063649][ T9496] ? __seccomp_filter+0x68c/0x10d0 [ 170.063685][ T9496] __seccomp_filter+0x69d/0x10d0 [ 170.063716][ T9496] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 170.063749][ T9496] ? vfs_write+0x75e/0x8e0 [ 170.063823][ T9496] __secure_computing+0x82/0x150 [ 170.063844][ T9496] syscall_trace_enter+0xcf/0x1e0 [ 170.063867][ T9496] do_syscall_64+0xac/0x200 [ 170.063890][ T9496] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 170.063963][ T9496] ? clear_bhb_loop+0x40/0x90 [ 170.063990][ T9496] ? clear_bhb_loop+0x40/0x90 [ 170.064027][ T9496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.064057][ T9496] RIP: 0033:0x7f205d7de929 [ 170.064075][ T9496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.064125][ T9496] RSP: 002b:00007f205be47038 EFLAGS: 00000246 ORIG_RAX: 000000000000000e [ 170.064152][ T9496] RAX: ffffffffffffffda RBX: 00007f205da05fa0 RCX: 00007f205d7de929 [ 170.064168][ T9496] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000 [ 170.064183][ T9496] RBP: 00007f205be47090 R08: 0000000000000000 R09: 0000000000000000 [ 170.064195][ T9496] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 170.064206][ T9496] R13: 0000000000000000 R14: 00007f205da05fa0 R15: 00007ffc4f4b4df8 [ 170.064255][ T9496] [ 170.340403][ T9500] usb usb8: usbfs: process 9500 (syz.3.1917) did not claim interface 0 before use [ 170.430742][ T9506] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1920'. [ 170.535535][ T9519] loop3: detected capacity change from 0 to 512 [ 170.555783][ T9519] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1925: Failed to acquire dquot type 1 [ 170.569001][ T9519] EXT4-fs (loop3): 1 truncate cleaned up [ 170.576860][ T9519] EXT4-fs mount: 93 callbacks suppressed [ 170.576912][ T9519] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.615376][ T3308] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.618839][ T9526] loop1: detected capacity change from 0 to 512 [ 170.638924][ T9526] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 170.670372][ T9526] EXT4-fs (loop1): 1 truncate cleaned up [ 170.678683][ T9526] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.694291][ T9529] usb usb8: usbfs: process 9529 (syz.3.1928) did not claim interface 0 before use [ 170.708117][ T9526] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1927'. [ 170.813290][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.830153][ T9541] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1932'. [ 170.911559][ T3313] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.928407][ T9549] loop1: detected capacity change from 0 to 512 [ 170.958083][ T9549] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.013115][ T9549] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.1936: iget: bad i_size value: 2533274857506816 [ 171.125669][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.157599][ T9564] random: crng reseeded on system resumption [ 171.173529][ T9564] Restarting kernel threads ... [ 171.182182][ T9564] Done restarting kernel threads. [ 171.360337][ T9571] loop1: detected capacity change from 0 to 8192 [ 171.430835][ T9575] loop5: detected capacity change from 0 to 128 [ 171.476196][ T9577] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1946'. [ 171.505458][ T9579] syzkaller1: entered promiscuous mode [ 171.511178][ T9579] syzkaller1: entered allmulticast mode [ 171.562903][ T9585] loop1: detected capacity change from 0 to 512 [ 171.578685][ T2995] ================================================================== [ 171.586880][ T2995] BUG: KCSAN: data-race in dentry_unlink_inode / step_into [ 171.594132][ T2995] [ 171.596587][ T2995] write to 0xffff88811c075e70 of 8 bytes by task 3297 on cpu 1: [ 171.604426][ T2995] dentry_unlink_inode+0x65/0x260 [ 171.609484][ T2995] d_delete+0x164/0x180 [ 171.613677][ T2995] d_delete_notify+0x32/0x100 [ 171.618475][ T2995] vfs_unlink+0x30b/0x420 [ 171.622839][ T2995] do_unlinkat+0x28e/0x4c0 [ 171.625019][ T9585] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1949: Failed to acquire dquot type 1 [ 171.627469][ T2995] __x64_sys_unlink+0x2e/0x40 [ 171.627509][ T2995] x64_sys_call+0x22a6/0x2fb0 [ 171.627530][ T2995] do_syscall_64+0xd2/0x200 [ 171.627546][ T2995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.627566][ T2995] [ 171.627571][ T2995] read to 0xffff88811c075e70 of 8 bytes by task 2995 on cpu 0: [ 171.639557][ T9585] EXT4-fs (loop1): 1 truncate cleaned up [ 171.643488][ T2995] step_into+0x122/0x820 [ 171.649311][ T9585] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 171.652668][ T2995] walk_component+0x162/0x220 [ 171.652697][ T2995] path_lookupat+0xfe/0x2a0 [ 171.701394][ T2995] filename_lookup+0x147/0x340 [ 171.706172][ T2995] do_readlinkat+0x7d/0x320 [ 171.710690][ T2995] __x64_sys_readlink+0x47/0x60 [ 171.715557][ T2995] x64_sys_call+0x2cf3/0x2fb0 [ 171.720244][ T2995] do_syscall_64+0xd2/0x200 [ 171.724753][ T2995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.730656][ T2995] [ 171.732990][ T2995] value changed: 0xffff88811ae731e8 -> 0x0000000000000000 [ 171.740101][ T2995] [ 171.742455][ T2995] Reported by Kernel Concurrency Sanitizer on: [ 171.748734][ T2995] CPU: 0 UID: 0 PID: 2995 Comm: udevd Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(voluntary) [ 171.760720][ T2995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 171.771132][ T2995] ================================================================== [ 171.784594][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.