last executing test programs: 2.118801435s ago: executing program 0 (id=8999): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x20008040}, 0x1) recvmsg(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.425247683s ago: executing program 3 (id=9029): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) 1.394101033s ago: executing program 3 (id=9031): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000540)) getresgid(&(0x7f0000000140), &(0x7f0000000000), &(0x7f0000000240)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r2}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x2000) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1d7) sendfile(r4, r4, 0x0, 0xfffe80) 1.254612853s ago: executing program 4 (id=9037): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x45b4, &(0x7f00000035c0)={0x0, 0x0, 0x10100, 0x800}, &(0x7f0000000100), 0x0) io_uring_enter(r1, 0x291c, 0x0, 0x0, 0x0, 0x0) 1.244321333s ago: executing program 0 (id=9038): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x38, r2, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x4}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x40}]}, 0x38}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3e, &(0x7f00000000c0)=0x8, 0xff94) sendmmsg$inet(r4, &(0x7f0000001ac0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, 0x0}}], 0x1, 0x20000040) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10) chmod(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x80) r5 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = dup(r5) exit(0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x27) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7f) getdents64(r6, 0x0, 0x0) 1.217495873s ago: executing program 4 (id=9039): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, r0}, 0x18) r1 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff) r2 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r1, 0xffffffffffffffff, r2, 0x1) 1.175056983s ago: executing program 4 (id=9041): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f00000000c0), 0x0, 0x27, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0xa9, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000400)=r1) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) mlock2(&(0x7f0000338000/0x3000)=nil, 0x3000, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r5, 0x0, 0x8ec0, 0x0) dup3(r3, r4, 0x0) fcntl$setpipe(r5, 0x407, 0x100000) dup2(r4, r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x1f0, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x250) 1.068059233s ago: executing program 3 (id=9043): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x8}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa9d62f0e35ec9b64, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 984.005012ms ago: executing program 3 (id=9048): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x20008040}, 0x1) recvmsg(r1, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 753.167372ms ago: executing program 1 (id=9057): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) 728.521072ms ago: executing program 1 (id=9058): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000fb"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) 555.258071ms ago: executing program 2 (id=9060): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000180)='kfree\x00', r1, 0x0, 0x8}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa9d62f0e35ec9b64, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 547.191781ms ago: executing program 1 (id=9061): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_io_uring_setup(0x45b4, &(0x7f00000035c0)={0x0, 0x0, 0x10100, 0x800}, &(0x7f0000000100), 0x0) io_uring_enter(r1, 0x291c, 0x0, 0x0, 0x0, 0x0) 527.379431ms ago: executing program 2 (id=9062): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c16, &(0x7f0000000040)={[{@nobh}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xff, 0x240, &(0x7f00000002c0)="$eJzs3T1oO2UcB/DvXRL/tg1SdRHEFxARLZS6CS51UShIKSKCChURF6UVaotb6+TioLNKJ5ciblZH6VJcFMGpaoe6CFocLA46RJJrpbYRX1Jz4n0+cLm75J77Pcfd97kQOBKgsaaTzCdpJZlJ0klSnN/gzmqaPl3dnthfTnq9x34oBttV65WzdlNJtpI8kGSvLPJCO9nYferop4NH7nl9vXP3u7tPToz1IE8dHx0+evLO4msfLNy/8dkX3y0WmU/3d8d19Yoh77WL5KZ/o9h/RNGuuwf8FUuvvP9lP/c3J7lrkP9OylQn74216/Y6ue/tP2r75vef3zrOvgJXr9fr9O+BWz2gccok3RTlbJJquSxnZ6vv8F+1JssXV9dennl+dX3lubpHKuCqdJPDhz+69uHUhfx/26ryD/xPVT9KHT6+tPN1f+GkVXeHgLG4rZr17/8zz2zeG/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmH5pJ/aC75h+aSf2iu8/kHAJqld63uJ5CButQ9/gAAAAAAAAAAAAAAAAAAAJdtT+wvn03jqvnJW8nxQ0naw+q3Bv9HnFw/eJ38sehv9puiajaSp+8YcQcjeq/mp69v+Kbe+p/eXm/9zZVk69Ukc+325euvOL3+/rkb/+TzzrMjFvibigvrDz4x3voX/bJTb/2Fg+Tj/vgzN2z8KXPLYD58/On2z9+I9V/6ecQdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDa/BgAA//8YZW08") r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[], 0x50) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000ff0000000800000005"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r4, &(0x7f0000000300), &(0x7f0000000280)=@udp}, 0x20) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = dup(r3) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300)="7800000018002507b9409b14ffff00000204be04020b06050e0209", 0x1b, 0x40080, 0x0, 0x0) write$P9_RLERRORu(r7, &(0x7f0000000300)=ANY=[@ANYBLOB="5300000007000046009d40edce82cd28"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB="2ceb3807d1c7837b488ce4673c36dacae1fa57c68c58bb3d37d564fef096c041685c69fa345a7f1991a376b55df04d4d4209a4e25bf4371e0224"]) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r8}, 0x10) socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="020e0000150000000000000000000000030005000000000002004e24ac1e00010000000000000000030006003c000000020000fc34000000000000000000000001001800000000000800120000000200fcffffff0000000006003300000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000040003", @ANYRES16=r1], 0xa8}}, 0x40) r9 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45) ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000000)) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) syz_io_uring_setup(0x6e75, &(0x7f0000000880)={0x0, 0x281f, 0x20000, 0x0, 0x2a5}, &(0x7f0000000900), &(0x7f0000000940)) unshare(0x20400) socket(0x2000000000000021, 0x2, 0x10000000000002) pwrite64(r10, &(0x7f0000000000)='2', 0x1, 0x4fed0) r11 = openat$cgroup_ro(r10, &(0x7f0000000580)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000600), 0x1, 0x1) r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000740), 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x6, 0x27, &(0x7f0000000980)=ANY=[@ANYRES8=r6, @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000560000001839000001000000000000000000000085100000f9ffffff180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a0000008500000006000000f0f2acd318120000", @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000005000000000001000000850000004100000018000000ff0300000000000001040000186a00000d0000000000000006fc00009500000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x6, 0x44, &(0x7f0000000500)=""/68, 0x40f00, 0x34, '\x00', 0x0, 0x25, r9, 0x8, &(0x7f00000001c0)={0x9, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[r11, r10, r0, r12, r9, r9], 0x0, 0x10, 0x4, @void, @value}, 0x94) 522.313191ms ago: executing program 1 (id=9063): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETS2(r0, 0x402c542b, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x5, &(0x7f00000002c0)=[{0x3, 0x6, 0xf, 0x3943}, {0x7, 0x3, 0xb, 0x8}, {0x3, 0x9, 0x3, 0x35a}, {0xf, 0x7, 0xd, 0xee5c}, {0x0, 0x7, 0x7, 0x3}]}) 486.519421ms ago: executing program 1 (id=9064): creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', 0x0, 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) 469.837071ms ago: executing program 1 (id=9065): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x0, &(0x7f00000021c0)={[{@dioread_nolock}, {@minixdf}, {@nolazytime}, {}]}, 0x1, 0x783, &(0x7f0000002200)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000540)) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000680)={{{@in=@empty, @in6=@private2}}, {{@in=@initdev}, 0x0, @in=@empty}}, &(0x7f0000000580)=0xe8) getresgid(&(0x7f0000000140), &(0x7f0000000000), &(0x7f0000000240)=0x0) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000340)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX=r1, @ANYBLOB="00006b746769643d0092", @ANYRES16, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff51, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000880)={&(0x7f00000029c0)=ANY=[], 0x174}, 0x1, 0x0, 0x0, 0x20000840}, 0x4010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r3}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x2000) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1d7) sendfile(r5, r5, 0x0, 0xfffe80) 448.302921ms ago: executing program 2 (id=9066): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x8}, 0x18) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) syz_io_uring_setup(0x4a8, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3e, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0x800000000003}, 0x100100, 0x5dd8, 0x3, 0x0, 0x0, 0x8, 0xfffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) socket$kcm(0x11, 0xa, 0x300) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa9d62f0e35ec9b64, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@version_u}]}}) 379.711071ms ago: executing program 0 (id=9067): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f0000000040)=[{}], 0x1, 0x0) semop(r0, &(0x7f00000000c0)=[{0x0, 0xc63e}], 0x1) semctl$IPC_RMID(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000002900000005"], 0x48) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c010000100033060000000000000000fc000000000000000000000000000000ffffffff00000000000000000000000000004000000080040000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414000000000000000000000000000000000032000000fe80000000000000000000000000001a2703000000000000000000000000000000000000000000000000000000000000ff0f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f000000000000000000000029bd7000000000000a00040000000000000000001c00200000004e2200000000ac1414bb00000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040002005e2100000000640101010000", @ANYBLOB='\a'], 0x17c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x660}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) close(0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) getdents64(0xffffffffffffffff, &(0x7f0000000280)=""/185, 0xb9) 239.460221ms ago: executing program 4 (id=9068): bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={0xffffffffffffffff, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r2 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 227.482021ms ago: executing program 0 (id=9069): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x4ca31, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10) 222.47534ms ago: executing program 4 (id=9070): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x8}, 0x18) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) syz_io_uring_setup(0x4a8, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r1}, 0x10) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000a40)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@version_u}]}}) 171.045601ms ago: executing program 2 (id=9071): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r1 = getpgid(0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"}) syz_pidfd_open(r1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB="a666872be3317eab87449a5f76ce88f516bd57c9cd059b6f2ede4f0f4d6880df6209344114698955d50418cea5c425411f450c67a7db6b0ac806d5b10b24cc3e3e8e99e1ab6544", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = open(&(0x7f0000000040)='./file0\x00', 0x80000, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='f2fs_get_victim\x00', r5}, 0x18) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000003c0)={'syztnl0\x00', &(0x7f00000004c0)={'ip6gre0\x00', 0x0, 0x29, 0x6, 0x8, 0x6, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7, 0x7, 0x2, 0x604b86e8}}) setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000580)={r6, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) socket$kcm(0x29, 0x7, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) r8 = io_uring_setup(0x7202, &(0x7f0000000000)={0x0, 0x54ff, 0x80, 0x1, 0x4}) io_uring_register$IORING_REGISTER_PBUF_RING(r8, 0x16, &(0x7f0000000740)={&(0x7f0000001000)={[{0x0, 0x0, 0x10}, {0x0}, {0x0, 0x0, 0xfffe}, {0x0, 0x0, 0x2}]}, 0x4}, 0x1) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) write$binfmt_misc(r9, &(0x7f0000000100), 0x6) 150.35562ms ago: executing program 0 (id=9072): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) acct(0x0) 148.77797ms ago: executing program 4 (id=9073): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x94) creat(&(0x7f0000000040)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa9d62f0e35ec9b64, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 131.79122ms ago: executing program 2 (id=9074): capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb, 0x3}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x4, 0x0, @fd, 0x10, 0x20000000, 0x20004, 0xc, 0x0, {0x1}}) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x109002) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa0, 0xa0, 0x4, [@decl_tag={0x10, 0x0, 0x0, 0x11, 0x5, 0x2}, @restrict={0xc, 0x0, 0x0, 0xb, 0x5}, @fwd={0x2}, @struct={0x4, 0x8, 0x0, 0x4, 0x0, 0x40, [{0x7, 0x4, 0x101}, {0x10, 0x4, 0x7}, {0x5, 0x5, 0x2}, {0x10, 0x5, 0x5}, {0x4, 0x5, 0x2}, {0x2, 0x2, 0x2}, {0x7, 0x5, 0x5}, {0x7, 0x5, 0x4}]}, @func={0x7, 0x0, 0x0, 0xc, 0x1}]}, {0x0, [0x2e, 0x30]}}, &(0x7f0000000500)=""/169, 0xbc, 0xa9, 0x0, 0x2, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x3, '\x00', 0x0, r1, 0x1, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5393, &(0x7f0000000000)) 99.43616ms ago: executing program 3 (id=9075): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETS2(r0, 0x402c542b, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x8, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x5, &(0x7f00000002c0)=[{0x3, 0x6, 0xf, 0x3943}, {0x7, 0x3, 0xb, 0x8}, {0x3, 0x9, 0x3, 0x35a}, {0xf, 0x7, 0xd, 0xee5c}, {0x0, 0x7, 0x7, 0x3}]}) 81.54377ms ago: executing program 0 (id=9076): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$KDFONTOP_GET(r0, 0x4b72, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)={0x38, r2, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x4}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x40}]}, 0x38}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0x3e, &(0x7f00000000c0)=0x8, 0xff94) sendmmsg$inet(r4, &(0x7f0000001ac0)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10, 0x0}}], 0x1, 0x20000040) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r3}, 0x10) chmod(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x80) r5 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = dup(r5) exit(0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x27) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7f) getdents64(r6, 0x0, 0x0) 40.66361ms ago: executing program 2 (id=9077): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x1fe, 0x8}]}) 0s ago: executing program 3 (id=9078): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {0x0}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, 0x0}}], 0x4, 0x4048841) kernel console output (not intermixed with test programs): da-4727-8c75-0525a5b65a09. [ 689.999608][T23618] syz.4.7379[23618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 689.999794][T23618] syz.4.7379[23618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 690.027874][T23618] syz.4.7379[23618] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 690.068538][T23618] 9pnet_fd: Insufficient options for proto=fd [ 690.266428][T23625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 690.274993][T23625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 690.464399][T23631] lo speed is unknown, defaulting to 1000 [ 690.506138][T23633] netlink: 'syz.4.7384': attribute type 3 has an invalid length. [ 690.683523][T23631] sit0 speed is unknown, defaulting to 1000 [ 691.481814][T23662] syz.2.7394[23662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 691.481897][T23662] syz.2.7394[23662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 691.498711][T23662] syz.2.7394[23662] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 691.522571][T23662] 9pnet_fd: Insufficient options for proto=fd [ 691.623321][T23666] 9pnet: p9_errstr2errno: server reported unknown error @΂(  8'i%IIRj>]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI [ 700.814346][T24046] dump_stack_lvl+0xf2/0x150 [ 700.818983][T24046] dump_stack+0x15/0x1a [ 700.823192][T24046] should_fail_ex+0x223/0x230 [ 700.823614][T24052] 9pnet: p9_errstr2errno: server reported unknown error @΂(  8'i%IIRj>]ݞ_Nz~(U땳vSI 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 700.958637][T24046] RSP: 002b:00007f0ced4b1038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 700.967141][T24046] RAX: ffffffffffffffda RBX: 00007f0cef035fa0 RCX: 00007f0ceee45d29 [ 700.975119][T24046] RDX: 0000000020000400 RSI: 000000000000000b RDI: 0000000000000006 [ 700.983170][T24046] RBP: 00007f0ced4b1090 R08: 0000000000000000 R09: 0000000000000000 [ 700.991184][T24046] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 700.999191][T24046] R13: 0000000000000000 R14: 00007f0cef035fa0 R15: 00007fffb0b0d428 [ 701.007205][T24046] [ 701.050785][T24060] FAULT_INJECTION: forcing a failure. [ 701.050785][T24060] name failslab, interval 1, probability 0, space 0, times 0 [ 701.063584][T24060] CPU: 0 UID: 0 PID: 24060 Comm: syz.0.7540 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 701.074380][T24060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 701.084457][T24060] Call Trace: [ 701.087755][T24060] [ 701.090707][T24060] dump_stack_lvl+0xf2/0x150 [ 701.095472][T24060] dump_stack+0x15/0x1a [ 701.099700][T24060] should_fail_ex+0x223/0x230 [ 701.104563][T24060] should_failslab+0x8f/0xb0 [ 701.109206][T24060] kmem_cache_alloc_noprof+0x52/0x320 [ 701.114630][T24060] ? __mpol_dup+0x43/0x1b0 [ 701.119207][T24060] __mpol_dup+0x43/0x1b0 [ 701.123554][T24060] __se_sys_set_mempolicy_home_node+0x26a/0x540 [ 701.129833][T24060] __x64_sys_set_mempolicy_home_node+0x55/0x70 [ 701.136029][T24060] x64_sys_call+0x2d10/0x2dc0 [ 701.140787][T24060] do_syscall_64+0xc9/0x1c0 [ 701.145309][T24060] ? clear_bhb_loop+0x55/0xb0 [ 701.150042][T24060] ? clear_bhb_loop+0x55/0xb0 [ 701.154790][T24060] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.160770][T24060] RIP: 0033:0x7fd66bea5d29 [ 701.165204][T24060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 701.184911][T24060] RSP: 002b:00007fd66a517038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2 [ 701.193370][T24060] RAX: ffffffffffffffda RBX: 00007fd66c095fa0 RCX: 00007fd66bea5d29 [ 701.201381][T24060] RDX: 0000000000000000 RSI: 000000000000a000 RDI: 0000000020349000 [ 701.209434][T24060] RBP: 00007fd66a517090 R08: 0000000000000000 R09: 0000000000000000 [ 701.217436][T24060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 701.225429][T24060] R13: 0000000000000000 R14: 00007fd66c095fa0 R15: 00007ffd8eb36d08 [ 701.233429][T24060] [ 701.276946][ T3311] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 701.395727][T24108] loop4: detected capacity change from 0 to 128 [ 701.403012][T24108] EXT4-fs: Ignoring removed nobh option [ 701.427204][T24108] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 701.427414][T24108] ext4 filesystem being mounted at /1470/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 701.433515][T24108] 9pnet: p9_errstr2errno: server reported unknown error @΂(  8'i%IIRj>]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI [ 749.153403][T26654] dump_stack_lvl+0xf2/0x150 [ 749.158056][T26654] dump_stack+0x15/0x1a [ 749.162255][T26654] should_fail_ex+0x223/0x230 [ 749.167037][T26654] should_fail+0xb/0x10 [ 749.171208][T26654] should_fail_usercopy+0x1a/0x20 [ 749.176269][T26654] _copy_to_user+0x20/0xa0 [ 749.180717][T26654] simple_read_from_buffer+0xa0/0x110 [ 749.186168][T26654] proc_fail_nth_read+0xf9/0x140 [ 749.191226][T26654] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 749.196827][T26654] vfs_read+0x1a2/0x700 [ 749.201204][T26654] ? __rcu_read_unlock+0x4e/0x70 [ 749.206270][T26654] ? __fget_files+0x17c/0x1c0 [ 749.211001][T26654] ksys_read+0xe8/0x1b0 [ 749.215203][T26654] __x64_sys_read+0x42/0x50 [ 749.219756][T26654] x64_sys_call+0x2874/0x2dc0 [ 749.224467][T26654] do_syscall_64+0xc9/0x1c0 [ 749.229006][T26654] ? clear_bhb_loop+0x55/0xb0 [ 749.233884][T26654] ? clear_bhb_loop+0x55/0xb0 [ 749.238701][T26654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.244701][T26654] RIP: 0033:0x7f0ceee4473c [ 749.249134][T26654] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 749.268787][T26654] RSP: 002b:00007f0ced4b1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 749.277284][T26654] RAX: ffffffffffffffda RBX: 00007f0cef035fa0 RCX: 00007f0ceee4473c [ 749.285291][T26654] RDX: 000000000000000f RSI: 00007f0ced4b10a0 RDI: 0000000000000008 [ 749.293306][T26654] RBP: 00007f0ced4b1090 R08: 0000000000000000 R09: 0000000000000000 [ 749.301375][T26654] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 749.309389][T26654] R13: 0000000000000000 R14: 00007f0cef035fa0 R15: 00007fffb0b0d428 [ 749.317401][T26654] [ 749.423441][T26666] 9pnet_fd: Insufficient options for proto=fd [ 749.513528][T26678] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8567'. [ 749.624370][T26695] 9pnet_fd: Insufficient options for proto=fd [ 749.825190][T26727] 9pnet_fd: Insufficient options for proto=fd [ 749.922936][T26743] netlink: 'syz.4.8595': attribute type 3 has an invalid length. [ 749.995334][T26755] 9pnet_fd: Insufficient options for proto=fd [ 750.192738][T26771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 750.201417][T26771] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 750.522349][T26783] netlink: 'syz.4.8612': attribute type 3 has an invalid length. [ 750.601899][T26789] 9pnet: p9_errstr2errno: server reported unknown error @΂(  8'i%IIRj>]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI [ 760.777412][T27185] dump_stack_lvl+0xf2/0x150 [ 760.782035][T27185] dump_stack+0x15/0x1a [ 760.786250][T27185] should_fail_ex+0x223/0x230 [ 760.790940][T27185] should_fail+0xb/0x10 [ 760.795153][T27185] should_fail_usercopy+0x1a/0x20 [ 760.800222][T27185] strncpy_from_user+0x25/0x210 [ 760.805121][T27185] ? kmem_cache_alloc_noprof+0x18e/0x320 [ 760.810766][T27185] ? getname_flags+0x81/0x3b0 [ 760.815457][T27185] getname_flags+0xb0/0x3b0 [ 760.819971][T27185] getname+0x17/0x20 [ 760.823875][T27185] do_sys_openat2+0x67/0x120 [ 760.828636][T27185] __x64_sys_openat+0xf3/0x120 [ 760.833414][T27185] x64_sys_call+0x2b30/0x2dc0 [ 760.838177][T27185] do_syscall_64+0xc9/0x1c0 [ 760.842696][T27185] ? clear_bhb_loop+0x55/0xb0 [ 760.847385][T27185] ? clear_bhb_loop+0x55/0xb0 [ 760.852095][T27185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.858041][T27185] RIP: 0033:0x7fd66bea4690 [ 760.862497][T27185] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 760.882128][T27185] RSP: 002b:00007fd66a4d4f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 760.890614][T27185] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd66bea4690 [ 760.898592][T27185] RDX: 0000000000000002 RSI: 00007fd66a4d4fa0 RDI: 00000000ffffff9c [ 760.906687][T27185] RBP: 00007fd66a4d4fa0 R08: 0000000000000000 R09: 0000000000000000 [ 760.914676][T27185] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 760.922706][T27185] R13: 0000000000000001 R14: 00007fd66c096160 R15: 00007ffd8eb36d08 [ 760.930776][T27185] [ 761.679937][T27198] loop4: detected capacity change from 0 to 2048 [ 761.689916][T27196] netlink: 'syz.2.8763': attribute type 3 has an invalid length. [ 761.727193][T27200] netlink: 3 bytes leftover after parsing attributes in process `syz.2.8766'. [ 761.740635][T27200] batadv1: entered promiscuous mode [ 761.745977][T27200] batadv1: entered allmulticast mode [ 761.752669][T27198] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 761.786328][T27198] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 761.824240][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 761.944775][T27200] rdma_rxe: rxe_newlink: failed to add sit0 [ 761.965764][T27200] lo speed is unknown, defaulting to 1000 [ 761.975317][T27200] sit0 speed is unknown, defaulting to 1000 [ 762.223127][T27206] 9pnet_fd: Insufficient options for proto=fd [ 762.334206][T27216] 9pnet_fd: Insufficient options for proto=fd [ 762.380594][T27220] loop4: detected capacity change from 0 to 2048 [ 762.439053][T27220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 762.452176][T27220] ext4 filesystem being mounted at /1700/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 762.600601][T27233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 762.609341][T27233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 762.972965][T27241] 9pnet_fd: Insufficient options for proto=fd [ 763.201972][T27249] 9pnet_fd: Insufficient options for proto=fd [ 763.365058][T17834] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm kworker/u8:9: bg 0: block 345: padding at end of block bitmap is not set [ 763.384311][T17834] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117 [ 763.397093][T17834] EXT4-fs (loop4): This should not happen!! Data will be lost [ 763.397093][T17834] [ 763.559159][T17824] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 1371 with error 28 [ 763.572118][T17824] EXT4-fs (loop4): This should not happen!! Data will be lost [ 763.572118][T17824] [ 763.581826][T17824] EXT4-fs (loop4): Total free blocks count 0 [ 763.587919][T17824] EXT4-fs (loop4): Free/Dirty block details [ 763.593958][T17824] EXT4-fs (loop4): free_blocks=0 [ 763.598924][T17824] EXT4-fs (loop4): dirty_blocks=1376 [ 763.604469][T17824] EXT4-fs (loop4): Block reservation details [ 763.708004][T27254] 9pnet_fd: Insufficient options for proto=fd [ 763.729263][ T29] kauditd_printk_skb: 465 callbacks suppressed [ 763.729337][ T29] audit: type=1326 audit(2000000014.600:399587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.759363][ T29] audit: type=1326 audit(2000000014.600:399588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.783126][ T29] audit: type=1326 audit(2000000014.600:399589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.806858][ T29] audit: type=1326 audit(2000000014.600:399590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.830517][ T29] audit: type=1326 audit(2000000014.600:399591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.854258][ T29] audit: type=1326 audit(2000000014.600:399592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.854317][ T29] audit: type=1326 audit(2000000014.600:399593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.901559][ T29] audit: type=1326 audit(2000000014.600:399594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.925117][ T29] audit: type=1326 audit(2000000014.600:399595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 763.948838][ T29] audit: type=1326 audit(2000000014.600:399596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27253 comm="syz.2.8787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 764.106446][T27276] lo speed is unknown, defaulting to 1000 [ 764.113218][T27276] sit0 speed is unknown, defaulting to 1000 [ 764.218353][T27279] netlink: 'syz.2.8794': attribute type 1 has an invalid length. [ 764.292121][T27280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 764.300818][T27280] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 764.965615][T27291] loop4: detected capacity change from 0 to 2048 [ 765.014396][T27291] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 765.014473][T27291] ext4 filesystem being mounted at /1702/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 765.479358][T27293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 765.491781][T27293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 765.940544][T27307] netlink: 3 bytes leftover after parsing attributes in process `syz.2.8803'. [ 765.965245][T27307] batadv1: entered promiscuous mode [ 765.970508][T27307] batadv1: entered allmulticast mode [ 766.097666][T27311] netlink: 'syz.0.8805': attribute type 3 has an invalid length. [ 766.227639][T27312] rdma_rxe: rxe_newlink: failed to add sit0 [ 766.249976][T27312] lo speed is unknown, defaulting to 1000 [ 766.263972][T27312] sit0 speed is unknown, defaulting to 1000 [ 766.296062][T27314] 9pnet: Could not find request transport: fd0x0000000000000004 [ 766.426747][T27303] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.8799: bg 0: block 345: padding at end of block bitmap is not set [ 766.453204][T27303] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 117 [ 766.465748][T27303] EXT4-fs (loop4): This should not happen!! Data will be lost [ 766.465748][T27303] [ 766.599581][T17833] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 2048 with error 117 [ 766.612373][T17833] EXT4-fs (loop4): This should not happen!! Data will be lost [ 766.612373][T17833] [ 766.660381][T17833] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 2081 with max blocks 2024 with error 28 [ 766.673338][T17833] EXT4-fs (loop4): This should not happen!! Data will be lost [ 766.673338][T17833] [ 766.683056][T17833] EXT4-fs (loop4): Total free blocks count 0 [ 766.689155][T17833] EXT4-fs (loop4): Free/Dirty block details [ 766.695086][T17833] EXT4-fs (loop4): free_blocks=0 [ 766.852358][T27350] 9pnet_fd: Insufficient options for proto=fd [ 767.758259][T27361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 767.766855][T27361] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 767.873048][T27369] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8821'. [ 767.885762][T27369] netlink: 'syz.2.8821': attribute type 13 has an invalid length. [ 767.934266][T27369] netlink: 133492 bytes leftover after parsing attributes in process `syz.2.8821'. [ 767.958832][T27374] xt_hashlimit: max too large, truncated to 1048576 [ 768.267960][T27383] lo speed is unknown, defaulting to 1000 [ 768.276432][T27383] sit0 speed is unknown, defaulting to 1000 [ 768.498275][T27390] lo speed is unknown, defaulting to 1000 [ 768.513075][T27390] sit0 speed is unknown, defaulting to 1000 [ 768.628225][T27386] netlink: 'syz.2.8828': attribute type 1 has an invalid length. [ 768.799776][T27393] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 768.806475][ T29] kauditd_printk_skb: 104 callbacks suppressed [ 768.806488][ T29] audit: type=1400 audit(2000000019.690:399701): avc: denied { bind } for pid=27392 comm="syz.3.8832" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 768.861128][T27393] netlink: 'syz.3.8832': attribute type 3 has an invalid length. [ 768.976355][T27391] netlink: 'syz.1.8830': attribute type 1 has an invalid length. [ 768.987778][ T29] audit: type=1326 audit(2000000019.880:399702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.011711][ T29] audit: type=1326 audit(2000000019.880:399703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.035617][ T29] audit: type=1326 audit(2000000019.880:399704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.100423][ T29] audit: type=1326 audit(2000000019.960:399705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.124234][ T29] audit: type=1326 audit(2000000019.960:399706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.148119][ T29] audit: type=1326 audit(2000000019.970:399707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.171871][ T29] audit: type=1326 audit(2000000019.970:399708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.195579][ T29] audit: type=1326 audit(2000000019.970:399709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.219367][ T29] audit: type=1326 audit(2000000019.970:399710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27397 comm="syz.2.8834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 769.258709][T27406] 9pnet_fd: Insufficient options for proto=fd [ 769.304063][T27407] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8837'. [ 769.330617][T27407] bridge0: port 3(syz_tun) entered disabled state [ 769.354591][T27415] netlink: 'syz.0.8837': attribute type 13 has an invalid length. [ 769.380221][T27407] netlink: 133492 bytes leftover after parsing attributes in process `syz.0.8837'. [ 769.568178][T27440] lo speed is unknown, defaulting to 1000 [ 769.575525][T27440] sit0 speed is unknown, defaulting to 1000 [ 769.793533][T27446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 769.802190][T27446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 770.162062][T27457] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8855'. [ 770.216392][T27460] netlink: 'syz.4.8855': attribute type 13 has an invalid length. [ 770.270588][T27457] netlink: 133492 bytes leftover after parsing attributes in process `syz.4.8855'. [ 770.293520][T27462] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8857'. [ 770.306979][T27448] netlink: 'syz.2.8852': attribute type 1 has an invalid length. [ 770.397758][T27464] loop4: detected capacity change from 0 to 2048 [ 770.427845][T27464] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 770.445587][T27464] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 770.460785][T27476] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8862'. [ 770.516536][ T3311] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 770.527690][T27480] netlink: 3 bytes leftover after parsing attributes in process `syz.2.8864'. [ 770.541170][T27480] batadv1: entered promiscuous mode [ 770.546515][T27480] batadv1: entered allmulticast mode [ 770.557041][T27482] 9pnet_fd: Insufficient options for proto=fd [ 770.597113][T27488] loop4: detected capacity change from 0 to 128 [ 770.608552][T27488] EXT4-fs: Ignoring removed nobh option [ 770.616110][T27488] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 770.629519][T27488] ext4 filesystem being mounted at /1711/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 770.738930][T27488] 9pnet: Could not find request transport: fd0x0000000000000005 [ 770.753117][T27493] rdma_rxe: rxe_newlink: failed to add sit0 [ 770.776183][T27493] lo speed is unknown, defaulting to 1000 [ 770.783778][T27493] sit0 speed is unknown, defaulting to 1000 [ 770.811450][T27497] 9pnet_fd: Insufficient options for proto=fd [ 770.869499][T27501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8869'. [ 770.879571][ T3311] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 770.889771][T27501] netlink: 'syz.0.8869': attribute type 13 has an invalid length. [ 771.162111][T27518] lo speed is unknown, defaulting to 1000 [ 771.169984][T27518] sit0 speed is unknown, defaulting to 1000 [ 771.193961][T27523] 9pnet_fd: Insufficient options for proto=fd [ 771.203369][T27524] netlink: 'syz.3.8881': attribute type 3 has an invalid length. [ 771.337136][T27535] 9pnet: p9_errstr2errno: server reported unknown error @΂(  [ 771.351880][T27538] syz.3.8888[27538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 771.352002][T27538] syz.3.8888[27538] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 771.388550][T27539] batadv0: entered promiscuous mode [ 771.405345][T27539] batadv0: entered allmulticast mode [ 771.485882][T27556] rdma_rxe: rxe_newlink: failed to add sit0 [ 771.549571][T27556] lo speed is unknown, defaulting to 1000 [ 771.563261][T27556] sit0 speed is unknown, defaulting to 1000 [ 772.407895][T27602] xt_hashlimit: max too large, truncated to 1048576 [ 772.434632][T27602] Cannot find set identified by id 0 to match [ 772.442346][T27605] loop4: detected capacity change from 0 to 512 [ 772.523867][T27607] xt_hashlimit: max too large, truncated to 1048576 [ 772.531257][T27607] Cannot find set identified by id 0 to match [ 772.639680][T27617] netlink: 'syz.2.8913': attribute type 32 has an invalid length. [ 772.797948][T27623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 772.806518][T27623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 773.071327][T27646] __nla_validate_parse: 3 callbacks suppressed [ 773.071348][T27646] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8925'. [ 773.121009][T27646] netlink: 133492 bytes leftover after parsing attributes in process `syz.3.8925'. [ 773.235149][T27656] netlink: 'syz.1.8929': attribute type 3 has an invalid length. [ 773.266560][T27659] 9pnet_fd: Insufficient options for proto=fd [ 773.440408][T27675] 9pnet: Could not find request transport: fd0x0000000000000004 [ 773.528915][T27671] FAULT_INJECTION: forcing a failure. [ 773.528915][T27671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 773.542106][T27671] CPU: 1 UID: 0 PID: 27671 Comm: syz.3.8938 Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 773.552900][T27671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 773.562984][T27671] Call Trace: [ 773.566270][T27671] [ 773.569308][T27671] dump_stack_lvl+0xf2/0x150 [ 773.573935][T27671] dump_stack+0x15/0x1a [ 773.578133][T27671] should_fail_ex+0x223/0x230 [ 773.582899][T27671] should_fail+0xb/0x10 [ 773.587162][T27671] should_fail_usercopy+0x1a/0x20 [ 773.592217][T27671] _copy_from_user+0x1e/0xb0 [ 773.596900][T27671] copy_msghdr_from_user+0x54/0x2a0 [ 773.602133][T27671] ? __fget_files+0x17c/0x1c0 [ 773.606848][T27671] __sys_sendmsg+0x13e/0x230 [ 773.611545][T27671] __x64_sys_sendmsg+0x46/0x50 [ 773.616336][T27671] x64_sys_call+0x2734/0x2dc0 [ 773.621143][T27671] do_syscall_64+0xc9/0x1c0 [ 773.625669][T27671] ? clear_bhb_loop+0x55/0xb0 [ 773.630396][T27671] ? clear_bhb_loop+0x55/0xb0 [ 773.635112][T27671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.641040][T27671] RIP: 0033:0x7f297afa5d29 [ 773.645480][T27671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 773.665114][T27671] RSP: 002b:00007f2979617038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 773.673628][T27671] RAX: ffffffffffffffda RBX: 00007f297b195fa0 RCX: 00007f297afa5d29 [ 773.681653][T27671] RDX: 0000000000004840 RSI: 00000000200000c0 RDI: 0000000000000003 [ 773.689669][T27671] RBP: 00007f2979617090 R08: 0000000000000000 R09: 0000000000000000 [ 773.697671][T27671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 773.705673][T27671] R13: 0000000000000000 R14: 00007f297b195fa0 R15: 00007ffe72ceac78 [ 773.713723][T27671] [ 773.774009][T27685] netlink: 133492 bytes leftover after parsing attributes in process `syz.2.8943'. [ 773.821559][ T29] kauditd_printk_skb: 447 callbacks suppressed [ 773.821577][ T29] audit: type=1326 audit(2000000024.710:400158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27689 comm="syz.2.8944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 773.888232][ T29] audit: type=1326 audit(2000000024.750:400159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27689 comm="syz.2.8944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 773.912018][ T29] audit: type=1326 audit(2000000024.750:400160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27689 comm="syz.2.8944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 773.935877][ T29] audit: type=1326 audit(2000000024.750:400161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27689 comm="syz.2.8944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 773.959707][ T29] audit: type=1326 audit(2000000024.750:400162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27689 comm="syz.2.8944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 774.020208][T27692] netlink: 'syz.2.8945': attribute type 3 has an invalid length. [ 774.063031][T27695] 9pnet_fd: Insufficient options for proto=fd [ 774.069349][ T29] audit: type=1326 audit(2000000024.910:400163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27691 comm="syz.2.8945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 774.093067][ T29] audit: type=1326 audit(2000000024.910:400164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27691 comm="syz.2.8945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 774.116872][ T29] audit: type=1326 audit(2000000024.910:400165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27691 comm="syz.2.8945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0ceee44690 code=0x7ffc0000 [ 774.140555][ T29] audit: type=1326 audit(2000000024.910:400166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27691 comm="syz.2.8945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 774.164246][ T29] audit: type=1326 audit(2000000024.910:400167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27691 comm="syz.2.8945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f0ceee45d29 code=0x7ffc0000 [ 774.239950][T27700] xt_hashlimit: max too large, truncated to 1048576 [ 774.365835][T27714] 9pnet: p9_errstr2errno: server reported unknown error @΂(  8'i%IIRj>]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI]ݞ_Nz~(U땳vSI 0x0000000000000000 [ 779.530703][ T2990] [ 779.530711][ T2990] Reported by Kernel Concurrency Sanitizer on: [ 779.530720][ T2990] CPU: 0 UID: 0 PID: 2990 Comm: klogd Not tainted 6.13.0-rc7-syzkaller-00043-g619f0b6fad52 #0 [ 779.530746][ T2990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 779.530759][ T2990] ==================================================================