last executing test programs: 1.448489989s ago: executing program 4 (id=447): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='kmem_cache_free\x00', r1, 0x0, 0x6}, 0x18) ptrace$ARCH_GET_UNTAG_MASK(0x1e, 0x0, 0x0, 0x4001) 1.407161069s ago: executing program 4 (id=450): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x8, &(0x7f0000000040), 0x9, 0x52e, &(0x7f0000000500)="$eJzs3U9sI1cZAPBvJsnau02bLfQAqNClFBa0WjvxtlHVC+VUIVQJ6JHDNiROFMWOo9gpTdhD9sgdiZU4wYkzByQOSD1xR+IANy7lgFRgBWqKkDDy2E6cP07c3cTejX8/aeQ388b+3tvRvGd93swLYGzdiIjdiLgSEe9GxEzneNLZ4s321jrv44f3Fvce3ltMotl85x9JVt86Fj3vaXmm85n5iPj+WxE/TI4E/WNEfXtnbaFSKW92DhUb1Y1ifXvn9mp1YaW8Ul4vlebn5mdfv/Na6dz6+lL11x9djYjf/faLH/5h9xs/bjVrulPX24/z1O761H6clsmI+M5FBBuBiU5/rjzKmx/pTZynNCI+ExEvZ/f/TExkV/Oww5fpm0NsHQBwEZrNmWjO9O4DAJddmuXAkrTQyQVMR5oWCu0c3gtxLa3U6o1by7Wt9aV2rux6TKXLq5XybCdXeD2mkuXVyfJcVu7uV8qlI/t3IuL5iPhp7mq2X1isVZZG+cUHAMbYM0fm/3/n2vM/AHDJ5Q+KuVG2AwAYnvyoGwAADJ35HwDGj/kfAMaP+R8Axo/5HwDGj/kfAMbKd99+u7U19zrPv156b3trrfbe7aVyfa1Q3VosLNY2NwortdpK9sye6lmfV6nVNuZeja33i41yvVGsb+/crda21ht3s+d63y1PDaVXAMBpnn/pgz8nEbH7xtVsi57n/Z85V7940a0DLlI66gYAIzNxSt1/htgOYPiOr/YFjAv5eBhf/2s2m9Gzdm9E3N8v9TwMtO9/EXqwX/rke3Hkkw6k1g2FJ8/Nzz9G/h94qsn/w/g6Lf/fn+/ycBnI/8P4ajYTa/4DwJiR4wdO/NW+R+/v/7PNnp0HF9QgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeApMZ1uSFjprgU9HmhYKEc9GxPWYSpZXK+XZiHguIv6Um8q19uciwrpBAPA0S/+WdNb/ujnzyvTR2iu5T3LZa0T86Ofv/Oz9hUZjcy7iSvLP/eONB53jpVG0HwA4S3ee7s7jXR8/vLfY3YbZno++1V5ctBV3r7O1ayZjMnvNZ7mGa/9KOvttre8rE+cQf/d+RHzupP4nWW7kemfl06PxW7GfHWr89FD8NKtrv7b+LT57Dm2BcfNBa/x586T7L40b2evJ938+G6EeX3f82zs2/qX7499En/HvxqAxXv39t48dbM606+5HfGEyYq/74T3jTzd+0if+KwPG/8uLX3q5X13zFxE346T+J4diFRvVjWJ9e+f2anVhpbxSXi+V5ufmZ1+/81qpmOWoi91M9XF/f+PWc/3it/p/rU/8/Bn9/+qA/f/lf9/9wZdPif/1r5x8/V84JX5rTvzagPEXrv0m36+uFX+pT//Puv63Boz/4V93lgY8FQAYgvr2ztpCpVLefPxC/tRz0vMIMUAhidi94BAHhdyvfvLW2SfnhtaeRyxEv6qJJ6WFl6aQezKaMUBh1CMTcNEObvpRtwQAAAAAAAAAAAAAAOhnoL8HuvppTj5eGHEXAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuMT+HwAA//99VtW2") r0 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x1, 0x7800, 0x0, 0x3) 1.087386554s ago: executing program 2 (id=463): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0, 0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000340)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x10000002}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r1}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20) 1.046218344s ago: executing program 2 (id=464): r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_bp={0x0, 0x13}, 0x400, 0xffffffff, 0x6, 0x7, 0x2, 0x1, 0xfff9, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) 960.294416ms ago: executing program 2 (id=468): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 924.276826ms ago: executing program 2 (id=471): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='kfree\x00', r0, 0x0, 0x3}, 0x18) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_MOVE(0x1e, r1, 0xffffffffffffffff, r1, 0x1) 888.553637ms ago: executing program 2 (id=474): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) syz_clone3(&(0x7f00000043c0)={0x4000080, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, &(0x7f0000004380)=[0xffffffffffffffff], 0x1}, 0x58) 844.825297ms ago: executing program 3 (id=476): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x8, &(0x7f0000001340)=@framed={{0xbe, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}]}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 790.767888ms ago: executing program 3 (id=478): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r1}, 0x10) fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x2}) 765.138129ms ago: executing program 4 (id=480): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x48) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=', @ANYRESHEX]) 755.345639ms ago: executing program 3 (id=481): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x3125899, 0x0) 747.919529ms ago: executing program 2 (id=482): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x42}, 0x2}}, 0x10, 0x0}, 0x10) 697.29353ms ago: executing program 3 (id=484): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xf00) 678.62279ms ago: executing program 4 (id=485): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18) poll(0x0, 0x0, 0x0) 652.42294ms ago: executing program 4 (id=486): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) faccessat(r1, &(0x7f0000000000)='./file0\x00', 0x5) 616.632421ms ago: executing program 4 (id=487): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./bus\x00', 0x14542, &(0x7f0000000240)=ANY=[], 0x1, 0x1222, &(0x7f0000001580)="$eJzs3E9rHGUcB/Bf18TE1PxRa7U96INePA1NDnpRJEgKkgWldoVWEKZmosuOuyGzBLaIsSevvg7x6E0Q30AuvgZvuXjsQRzpbNLUmlbEJuufz+ew84Pn+e7zDLMMPMM8u//6V5/2NqtsMx9G68yZaG1FpNtpNqIVEVHf+XhhPRrXrq+vtttrV1K6vHp1+dWU0sKL33/w2Tcv/TA8+/63C9/NxN7Sh/s/r/y0d37vwv6vVz/pVqlbpf5gmPJ0YzAY5jfKIm10q16W0rtlkVdF6varYvt37ZvlYGtrlPL+xvzc1nZRVSnvj1KvGKXhIA23Ryn/OO/2U5ZlaX4ueKDpP+/S+fp2XdcRdT0dj0dd1/UTMRdn48mYj4X4IiKeiqfjmTgXz8b5eC6ejwtNr9OYPgAAAAAAAAAAAAAAAAAAAPx/PGz//2Is2f8PAAAAAAAAAAAAAAAAAAAAp+C9a9fXV9vttSspzUaUX+50djrj47j91mHHS7EYv0Sz+39sXF9+u712KTWW4la5e5Df3ek81sRWN6MbZRSx3PydwEF+qmk7zC+P8+koH7s7nZmYuze/Eotx7vjxV/6Qv3OcjVdeviefxWL8+FEMooyNZuyj/OfLKb31Tvu+/MWmHwAAAPwXZOmuY9fvWfag9nH+7vr6uOcDb0TE0fOB+9bXU3FxarLnTkQ1utnLy7LYrkY3W4dFL589LMp/cfHapEZvndA3t+KRT3U6/lZ85uBn9E+43IpHWjz0tpFO5ebEiTu66JOeCQAAAAAAAAAAAH/FCb9FOBXHvFn25mROFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jB44FAAAAAIT5W6fRsQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQwUAAP//2C/Elw==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) pwritev2(r1, &(0x7f0000000180)=[{&(0x7f0000000200)="05", 0x5b2000000000000}], 0x1, 0x7, 0x0, 0x15) 355.327395ms ago: executing program 0 (id=493): r0 = syz_io_uring_setup(0x3c03, &(0x7f00000005c0)={0x0, 0x2283, 0x80, 0x1, 0x160}, &(0x7f0000000780)=0x0, &(0x7f0000000540)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000340)=0x7, 0x0, 0x4) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000280)) io_uring_enter(r0, 0x1d69, 0x4b5d, 0x0, 0x0, 0x0) 300.079846ms ago: executing program 0 (id=494): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000340)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x18) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) syz_io_uring_setup(0x3c0c, &(0x7f0000000400)={0x0, 0xc890, 0x4002}, 0x0, 0x0) 234.964687ms ago: executing program 0 (id=497): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000800)={{r0}, &(0x7f0000000780), &(0x7f00000007c0)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) 218.332447ms ago: executing program 1 (id=498): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080)={r2, 0x2}, 0xc) 197.470007ms ago: executing program 0 (id=499): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000180)='kfree\x00', r1}, 0xd) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="540100001a001307000000000000001cac141400"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ffffffff0000000000000000000000000000000032000000ac141417000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c"], 0x154}}, 0x8040) 185.349738ms ago: executing program 3 (id=500): perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x2, @perf_config_ext={0xf60, 0x40ffffffff}, 0x1100, 0x5, 0x3a65, 0x5, 0x0, 0x5, 0xfffb, 0x0, 0x0, 0x0, 0x2000000000005}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0xbc3, &(0x7f00000009c0)={0x0, 0x1064, 0x0, 0x4, 0x1ab}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) 162.491998ms ago: executing program 1 (id=501): unshare(0x28040680) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00') fchdir(r0) unshare(0x2c020400) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) 123.607268ms ago: executing program 0 (id=502): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000006c0f00000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 123.290398ms ago: executing program 1 (id=503): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000000)={0xffffffffffffffff}) close_range(r1, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) 82.611629ms ago: executing program 1 (id=504): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000040)={&(0x7f0000000580)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x52}, 0x0) 77.015789ms ago: executing program 0 (id=505): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3f, 0x1, 0x0, 0x0, 0x0, 0x100000000, 0x590, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xa5d4}, 0x4c58, 0x0, 0x0, 0x1, 0x8, 0x2, 0xb, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000046c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x8000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x3, 0x0, 0x0, 0x0, 0xc0000001}, {0x3, 0x0, 0x101, 0x0, 0x0, 0xffffffff}, 0x9, 0xf, 0x2000000}}]}}]}, 0x58}}, 0x0) 29.711229ms ago: executing program 1 (id=506): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="00000000000057b6b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) shmget$private(0x0, 0x1000, 0x0, &(0x7f0000003000/0x1000)=nil) 27.54532ms ago: executing program 3 (id=516): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000180)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usbip_server_init(0x2) 0s ago: executing program 1 (id=507): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={0x0, 0xa}, &(0x7f0000000640)=0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. [ 26.488334][ T29] audit: type=1400 audit(1748743862.305:62): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.489490][ T3304] cgroup: Unknown subsys name 'net' [ 26.511062][ T29] audit: type=1400 audit(1748743862.305:63): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.538491][ T29] audit: type=1400 audit(1748743862.345:64): avc: denied { unmount } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.714844][ T3304] cgroup: Unknown subsys name 'cpuset' [ 26.721184][ T3304] cgroup: Unknown subsys name 'rlimit' [ 26.853858][ T29] audit: type=1400 audit(1748743862.665:65): avc: denied { setattr } for pid=3304 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.878362][ T29] audit: type=1400 audit(1748743862.675:66): avc: denied { create } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.898909][ T29] audit: type=1400 audit(1748743862.675:67): avc: denied { write } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.919393][ T29] audit: type=1400 audit(1748743862.675:68): avc: denied { read } for pid=3304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 26.939912][ T29] audit: type=1400 audit(1748743862.675:69): avc: denied { mounton } for pid=3304 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.964742][ T29] audit: type=1400 audit(1748743862.675:70): avc: denied { mount } for pid=3304 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.973792][ T3307] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 26.996833][ T29] audit: type=1400 audit(1748743862.815:71): avc: denied { relabelto } for pid=3307 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 27.072820][ T3304] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.208047][ T3322] chnl_net:caif_netlink_parms(): no params data found [ 28.240393][ T3317] chnl_net:caif_netlink_parms(): no params data found [ 28.315844][ T3322] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.322932][ T3322] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.330171][ T3322] bridge_slave_0: entered allmulticast mode [ 28.336704][ T3322] bridge_slave_0: entered promiscuous mode [ 28.351501][ T3322] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.358604][ T3322] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.365792][ T3322] bridge_slave_1: entered allmulticast mode [ 28.372506][ T3322] bridge_slave_1: entered promiscuous mode [ 28.398244][ T3317] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.405570][ T3317] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.412704][ T3317] bridge_slave_0: entered allmulticast mode [ 28.419363][ T3317] bridge_slave_0: entered promiscuous mode [ 28.435159][ T3320] chnl_net:caif_netlink_parms(): no params data found [ 28.445969][ T3314] chnl_net:caif_netlink_parms(): no params data found [ 28.455353][ T3317] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.462432][ T3317] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.470155][ T3317] bridge_slave_1: entered allmulticast mode [ 28.476638][ T3317] bridge_slave_1: entered promiscuous mode [ 28.512707][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.542187][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.551325][ T3315] chnl_net:caif_netlink_parms(): no params data found [ 28.568624][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.595793][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.610058][ T3320] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.617175][ T3320] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.625444][ T3320] bridge_slave_0: entered allmulticast mode [ 28.631870][ T3320] bridge_slave_0: entered promiscuous mode [ 28.655688][ T3320] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.662833][ T3320] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.670185][ T3320] bridge_slave_1: entered allmulticast mode [ 28.676961][ T3320] bridge_slave_1: entered promiscuous mode [ 28.683699][ T3322] team0: Port device team_slave_0 added [ 28.690439][ T3322] team0: Port device team_slave_1 added [ 28.700899][ T3314] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.708109][ T3314] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.715297][ T3314] bridge_slave_0: entered allmulticast mode [ 28.721580][ T3314] bridge_slave_0: entered promiscuous mode [ 28.728584][ T3317] team0: Port device team_slave_0 added [ 28.752019][ T3314] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.759233][ T3314] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.766473][ T3314] bridge_slave_1: entered allmulticast mode [ 28.772801][ T3314] bridge_slave_1: entered promiscuous mode [ 28.780108][ T3317] team0: Port device team_slave_1 added [ 28.792090][ T3320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.819037][ T3320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 28.835379][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.842433][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.868386][ T3322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.885574][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 28.892560][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.918558][ T3317] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 28.939812][ T3322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 28.946828][ T3322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 28.972894][ T3322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 28.985019][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 28.994423][ T3317] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.001432][ T3317] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.027420][ T3317] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.038956][ T3320] team0: Port device team_slave_0 added [ 29.045540][ T3320] team0: Port device team_slave_1 added [ 29.058346][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.065470][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.072594][ T3315] bridge_slave_0: entered allmulticast mode [ 29.079149][ T3315] bridge_slave_0: entered promiscuous mode [ 29.086625][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.095927][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.102991][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.110212][ T3315] bridge_slave_1: entered allmulticast mode [ 29.116668][ T3315] bridge_slave_1: entered promiscuous mode [ 29.168546][ T3314] team0: Port device team_slave_0 added [ 29.175540][ T3314] team0: Port device team_slave_1 added [ 29.182391][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 29.191840][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.198834][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.224797][ T3320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.236839][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 29.248052][ T3322] hsr_slave_0: entered promiscuous mode [ 29.254342][ T3322] hsr_slave_1: entered promiscuous mode [ 29.269961][ T3320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.277031][ T3320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.303047][ T3320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.340538][ T3317] hsr_slave_0: entered promiscuous mode [ 29.346573][ T3317] hsr_slave_1: entered promiscuous mode [ 29.352495][ T3317] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.360090][ T3317] Cannot create hsr debugfs directory [ 29.375345][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.382315][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.408347][ T3314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.421748][ T3315] team0: Port device team_slave_0 added [ 29.428411][ T3315] team0: Port device team_slave_1 added [ 29.449233][ T3314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.456239][ T3314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.482194][ T3314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.504797][ T3320] hsr_slave_0: entered promiscuous mode [ 29.510747][ T3320] hsr_slave_1: entered promiscuous mode [ 29.516642][ T3320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.524304][ T3320] Cannot create hsr debugfs directory [ 29.549131][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 29.556171][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.582232][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 29.612347][ T3314] hsr_slave_0: entered promiscuous mode [ 29.618645][ T3314] hsr_slave_1: entered promiscuous mode [ 29.624663][ T3314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.632285][ T3314] Cannot create hsr debugfs directory [ 29.643290][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 29.650303][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 29.676353][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 29.744714][ T3315] hsr_slave_0: entered promiscuous mode [ 29.750828][ T3315] hsr_slave_1: entered promiscuous mode [ 29.756796][ T3315] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 29.764367][ T3315] Cannot create hsr debugfs directory [ 29.890845][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 29.902101][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 29.910926][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 29.925312][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 29.948650][ T3320] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 29.960971][ T3320] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 29.969787][ T3320] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 29.981190][ T3320] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 30.006319][ T3314] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 30.022333][ T3314] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 30.032929][ T3314] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 30.042021][ T3314] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 30.077925][ T3317] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 30.088238][ T3317] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 30.097239][ T3317] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 30.115924][ T3317] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 30.148883][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.163076][ T3315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 30.173911][ T3315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 30.187223][ T3315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 30.196897][ T3315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 30.211390][ T3320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.225034][ T3322] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.241522][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.248725][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.263722][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.270922][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.292176][ T3320] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.307009][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.319847][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.327041][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.336213][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.343282][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.390482][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.401945][ T3314] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.415817][ T3317] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.438225][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.445436][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.454786][ T51] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.461959][ T51] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.470830][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.477901][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.503282][ T51] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.510414][ T51] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.534237][ T3322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.592575][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.628751][ T3314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.650050][ T3320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.667517][ T3315] 8021q: adding VLAN 0 to HW filter on device team0 [ 30.686339][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.693461][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.738591][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.745723][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.773791][ T3317] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.799420][ T3322] veth0_vlan: entered promiscuous mode [ 30.843670][ T3322] veth1_vlan: entered promiscuous mode [ 30.881352][ T3322] veth0_macvtap: entered promiscuous mode [ 30.895571][ T3322] veth1_macvtap: entered promiscuous mode [ 30.922420][ T3320] veth0_vlan: entered promiscuous mode [ 30.938658][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 30.960563][ T3320] veth1_vlan: entered promiscuous mode [ 30.969691][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 30.982668][ T3322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 30.991160][ T3322] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.000051][ T3322] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.008877][ T3322] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.017615][ T3322] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.035704][ T3317] veth0_vlan: entered promiscuous mode [ 31.046132][ T3314] veth0_vlan: entered promiscuous mode [ 31.061010][ T3317] veth1_vlan: entered promiscuous mode [ 31.071955][ T3314] veth1_vlan: entered promiscuous mode [ 31.104554][ T3320] veth0_macvtap: entered promiscuous mode [ 31.124024][ T3314] veth0_macvtap: entered promiscuous mode [ 31.133575][ T3317] veth0_macvtap: entered promiscuous mode [ 31.141733][ T3314] veth1_macvtap: entered promiscuous mode [ 31.157368][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 31.168550][ T3320] veth1_macvtap: entered promiscuous mode [ 31.186489][ T3317] veth1_macvtap: entered promiscuous mode [ 31.205116][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.216954][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.226516][ T3315] veth0_vlan: entered promiscuous mode [ 31.240985][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.254019][ T3314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.262888][ T3320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.276824][ T3317] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.287243][ T3315] veth1_vlan: entered promiscuous mode [ 31.293498][ T3320] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.302473][ T3320] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.311305][ T3320] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.320172][ T3320] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.331671][ T3314] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.340494][ T3314] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.349275][ T3314] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.358134][ T3314] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.394220][ T3317] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.402970][ T3317] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.411892][ T3317] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.420640][ T3317] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.446352][ T3315] veth0_macvtap: entered promiscuous mode [ 31.468472][ T3315] veth1_macvtap: entered promiscuous mode [ 31.491679][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 31.517251][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 31.517268][ T29] audit: type=1400 audit(1748743867.335:96): avc: denied { prog_run } for pid=3459 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 31.546004][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 31.556205][ T3460] process 'syz.2.3' launched '/dev/fd/5' with NULL argv: empty string added [ 31.565685][ T29] audit: type=1400 audit(1748743867.375:97): avc: denied { execute } for pid=3459 comm="syz.2.3" dev="tmpfs" ino=1025 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 31.588561][ T29] audit: type=1400 audit(1748743867.405:98): avc: denied { execute_no_trans } for pid=3459 comm="syz.2.3" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1025 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 31.624533][ T3463] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET) [ 31.645256][ T3315] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.654008][ T3315] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.662843][ T3315] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.671664][ T3315] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 31.684470][ T29] audit: type=1400 audit(1748743867.445:99): avc: denied { create } for pid=3461 comm="syz.4.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 31.703785][ T29] audit: type=1400 audit(1748743867.475:100): avc: denied { ioctl } for pid=3461 comm="syz.4.5" path="socket:[3783]" dev="sockfs" ino=3783 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 31.754980][ T29] audit: type=1400 audit(1748743867.565:101): avc: denied { name_bind } for pid=3466 comm="syz.2.6" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 31.776436][ T29] audit: type=1400 audit(1748743867.565:102): avc: denied { node_bind } for pid=3466 comm="syz.2.6" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 31.814911][ T29] audit: type=1400 audit(1748743867.635:103): avc: denied { open } for pid=3469 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 31.833883][ T29] audit: type=1400 audit(1748743867.635:104): avc: denied { kernel } for pid=3469 comm="syz.3.7" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 31.974706][ T29] audit: type=1400 audit(1748743867.685:105): avc: denied { map_create } for pid=3471 comm="syz.2.8" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 32.014199][ T3481] netlink: 'syz.1.11': attribute type 10 has an invalid length. [ 32.016330][ T3486] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 32.067164][ T3486] Zero length message leads to an empty skb [ 32.086523][ T3481] team0: Device veth1_macvtap failed to register rx_handler [ 32.170521][ T3481] syz.1.11 (3481) used greatest stack depth: 10704 bytes left [ 32.184388][ T3495] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17'. [ 32.473099][ T3523] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 32.473099][ T3523] program syz.3.30 not setting count and/or reply_len properly [ 32.509219][ T3531] netlink: 104 bytes leftover after parsing attributes in process `syz.1.34'. [ 32.601497][ T3538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.36'. [ 32.731136][ T3545] loop2: detected capacity change from 0 to 4096 [ 32.811114][ T3555] netlink: 'syz.3.42': attribute type 1 has an invalid length. [ 32.826893][ T3557] loop0: detected capacity change from 0 to 512 [ 32.940681][ T3545] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.955686][ T3557] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 32.973135][ T3557] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 32.983841][ T3545] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #15: comm syz.2.38: corrupted inode contents [ 32.998315][ T3545] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #15: comm syz.2.38: mark_inode_dirty error [ 33.023721][ T3563] Driver unsupported XDP return value 0 on prog (id 27) dev N/A, expect packet loss! [ 33.043175][ T3551] syz.0.41 (3551) used greatest stack depth: 10384 bytes left [ 33.053368][ T3545] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #15: comm syz.2.38: corrupted inode contents [ 33.105041][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.121288][ T3569] loop1: detected capacity change from 0 to 1024 [ 33.129859][ T3545] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #15: comm syz.2.38: mark_inode_dirty error [ 33.141242][ T3569] ======================================================= [ 33.141242][ T3569] WARNING: The mand mount option has been deprecated and [ 33.141242][ T3569] and is ignored by this kernel. Remove the mand [ 33.141242][ T3569] option from the mount to silence this warning. [ 33.141242][ T3569] ======================================================= [ 33.177972][ T3545] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #15: comm syz.2.38: corrupted inode contents [ 33.191091][ T3545] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #15: comm syz.2.38: mark_inode_dirty error [ 33.231987][ T3545] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #15: comm syz.2.38: corrupted inode contents [ 33.248257][ T3569] EXT4-fs: Ignoring removed i_version option [ 33.257588][ T3569] EXT4-fs: Ignoring removed mblk_io_submit option [ 33.265051][ T3569] EXT4-fs: Ignoring removed nobh option [ 33.270756][ T3569] EXT4-fs: Ignoring removed bh option [ 33.282174][ T3545] EXT4-fs error (device loop2): ext4_truncate:4597: inode #15: comm syz.2.38: mark_inode_dirty error [ 33.306966][ T3569] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 33.346792][ T3545] EXT4-fs error (device loop2) in ext4_setattr:5986: Corrupt filesystem [ 33.382552][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.409343][ T3565] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #15: comm syz.2.38: corrupted inode contents [ 33.559273][ T3320] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 33.624007][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 33.662656][ T3600] sctp: [Deprecated]: syz.1.59 (pid 3600) Use of struct sctp_assoc_value in delayed_ack socket option. [ 33.662656][ T3600] Use struct sctp_sack_info instead [ 33.683606][ T3602] loop4: detected capacity change from 0 to 512 [ 33.706214][ T3602] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 33.741817][ T3610] loop2: detected capacity change from 0 to 128 [ 33.755731][ T3602] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 33.781757][ T3602] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.60: corrupted inode contents [ 33.797224][ T3602] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.60: mark_inode_dirty error [ 33.810132][ T3602] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.60: corrupted inode contents [ 33.822279][ T3612] netlink: 132 bytes leftover after parsing attributes in process `syz.3.63'. [ 33.845990][ T3602] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.60: corrupted inode contents [ 33.851312][ T3616] syzkaller1: entered promiscuous mode [ 33.863339][ T3616] syzkaller1: entered allmulticast mode [ 33.865120][ T3602] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.60: mark_inode_dirty error [ 33.881642][ T3602] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.60: corrupted inode contents [ 33.896016][ T3602] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.60: mark_inode_dirty error [ 33.909727][ T3602] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.60: corrupted inode contents [ 33.922967][ T3602] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.60: mark_inode_dirty error [ 33.927636][ T3620] capability: warning: `syz.1.67' uses 32-bit capabilities (legacy support in use) [ 33.959004][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.104601][ T3638] binfmt_misc: register: failed to install interpreter file ./file0 [ 34.133258][ T3642] netlink: 36 bytes leftover after parsing attributes in process `syz.4.78'. [ 34.151191][ T3644] netlink: 'syz.3.79': attribute type 4 has an invalid length. [ 34.158978][ T3644] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.79'. [ 34.257657][ T3657] syz.4.85 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 34.389703][ T3671] loop3: detected capacity change from 0 to 2048 [ 34.589576][ T3689] loop0: detected capacity change from 0 to 2048 [ 34.619271][ T3689] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 34.700516][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 34.769971][ T3710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.105'. [ 34.769998][ T3710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.105'. [ 34.876467][ T3718] loop1: detected capacity change from 0 to 256 [ 35.045415][ T3733] GUP no longer grows the stack in syz.4.119 (3733): 200000004000-200000008000 (200000002000) [ 35.045469][ T3733] CPU: 1 UID: 0 PID: 3733 Comm: syz.4.119 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(voluntary) [ 35.045501][ T3733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 35.045521][ T3733] Call Trace: [ 35.045530][ T3733] [ 35.045561][ T3733] __dump_stack+0x1d/0x30 [ 35.045583][ T3733] dump_stack_lvl+0xe8/0x140 [ 35.045607][ T3733] dump_stack+0x15/0x1b [ 35.045689][ T3733] __get_user_pages+0x1a37/0x2050 [ 35.045767][ T3733] ? __rcu_read_unlock+0x4f/0x70 [ 35.045799][ T3733] get_user_pages_remote+0x1dc/0x7a0 [ 35.045876][ T3733] __access_remote_vm+0x156/0x560 [ 35.045909][ T3733] access_remote_vm+0x32/0x40 [ 35.045937][ T3733] proc_pid_cmdline_read+0x30f/0x6a0 [ 35.045997][ T3733] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 35.046057][ T3733] vfs_readv+0x3f8/0x690 [ 35.046091][ T3733] __x64_sys_preadv+0xfd/0x1c0 [ 35.046147][ T3733] x64_sys_call+0x1503/0x2fb0 [ 35.046173][ T3733] do_syscall_64+0xd2/0x200 [ 35.046199][ T3733] ? arch_exit_to_user_mode_prepare+0x27/0x60 [ 35.046228][ T3733] ? clear_bhb_loop+0x40/0x90 [ 35.046290][ T3733] ? clear_bhb_loop+0x40/0x90 [ 35.046322][ T3733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 35.046350][ T3733] RIP: 0033:0x7fc1297ee969 [ 35.046374][ T3733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 35.046395][ T3733] RSP: 002b:00007fc127e57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 35.046424][ T3733] RAX: ffffffffffffffda RBX: 00007fc129a15fa0 RCX: 00007fc1297ee969 [ 35.046453][ T3733] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000003 [ 35.046469][ T3733] RBP: 00007fc129870ab1 R08: 0000000000000200 R09: 0000000000000000 [ 35.046486][ T3733] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 35.046513][ T3733] R13: 0000000000000000 R14: 00007fc129a15fa0 R15: 00007ffc777dbf08 [ 35.046538][ T3733] [ 35.196172][ T3741] pim6reg: entered allmulticast mode [ 35.302485][ T3746] pim6reg: left allmulticast mode [ 35.503513][ T3765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.132'. [ 35.540148][ T3765] IPVS: Error joining to the multicast group [ 35.734521][ T3786] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 32 [ 35.981230][ T3821] netlink: 4 bytes leftover after parsing attributes in process `syz.0.157'. [ 36.018879][ T3828] raw_sendmsg: syz.2.160 forgot to set AF_INET. Fix it! [ 36.466203][ T3875] tipc: Started in network mode [ 36.471192][ T3875] tipc: Node identity 7, cluster identity 4711 [ 36.477408][ T3875] tipc: Node number set to 7 [ 36.573700][ T29] kauditd_printk_skb: 237 callbacks suppressed [ 36.573718][ T29] audit: type=1400 audit(36.543:343): avc: denied { read } for pid=3884 comm="syz.0.188" dev="nsfs" ino=4026532395 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 36.600297][ T29] audit: type=1400 audit(36.543:344): avc: denied { open } for pid=3884 comm="syz.0.188" path="net:[4026532395]" dev="nsfs" ino=4026532395 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 36.691628][ T29] audit: type=1400 audit(36.603:345): avc: denied { open } for pid=3885 comm="syz.3.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 36.710072][ T29] audit: type=1400 audit(36.603:346): avc: denied { kernel } for pid=3885 comm="syz.3.189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 36.728676][ T29] audit: type=1400 audit(36.603:347): avc: denied { ioctl } for pid=3884 comm="syz.0.188" path="socket:[5717]" dev="sockfs" ino=5717 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 36.753401][ T29] audit: type=1400 audit(36.643:348): avc: denied { tracepoint } for pid=3890 comm="syz.4.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 36.793249][ T29] audit: type=1326 audit(36.763:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3896 comm="syz.0.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892d1ee969 code=0x7ffc0000 [ 36.815998][ T29] audit: type=1326 audit(36.763:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3896 comm="syz.0.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892d1ee969 code=0x7ffc0000 [ 36.838642][ T29] audit: type=1326 audit(36.763:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3896 comm="syz.0.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f892d1ee969 code=0x7ffc0000 [ 36.862142][ T29] audit: type=1326 audit(36.763:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3896 comm="syz.0.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892d1ee969 code=0x7ffc0000 [ 36.892068][ T3902] SELinux: Context Ü is not valid (left unmapped). [ 37.264707][ T3938] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 37.482043][ T3969] SELinux: syz.1.213 (3969) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace. [ 37.661083][ T3983] bond1: entered promiscuous mode [ 37.666484][ T3983] bond1: entered allmulticast mode [ 37.695689][ T3983] 8021q: adding VLAN 0 to HW filter on device bond1 [ 37.706266][ T3983] bond1 (unregistering): Released all slaves [ 37.721794][ T3996] ip6gretap0: entered promiscuous mode [ 37.728023][ T3996] ip6gretap0: entered allmulticast mode [ 38.290408][ T4090] loop4: detected capacity change from 0 to 1024 [ 38.338223][ T4090] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 38.372699][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 38.444775][ T4103] vhci_hcd: invalid port number 23 [ 38.450111][ T4103] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 38.615483][ T4125] batadv_slave_1: entered promiscuous mode [ 38.638153][ T4123] batadv_slave_1: left promiscuous mode [ 38.932430][ T4146] loop2: detected capacity change from 0 to 8192 [ 38.960368][ T4154] syz.1.260 (4154) used greatest stack depth: 9768 bytes left [ 38.974783][ T3305] loop2: p1 p3 p4 [ 38.981466][ T3305] loop2: p1 size 8390912 extends beyond EOD, truncated [ 38.995703][ T3305] loop2: p3 size 589824 extends beyond EOD, truncated [ 39.017997][ T4146] loop2: p1 p3 p4 [ 39.021812][ T4146] loop2: p1 size 8390912 extends beyond EOD, truncated [ 39.046661][ T4146] loop2: p3 size 589824 extends beyond EOD, truncated [ 39.208869][ T3488] udevd[3488]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 39.212166][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 39.220670][ T3308] udevd[3308]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 39.258753][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 39.275878][ T3488] udevd[3488]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 39.287075][ T3553] udevd[3553]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 39.306816][ T4180] loop0: detected capacity change from 0 to 1024 [ 39.342905][ T4180] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (47942!=20869) [ 39.371410][ T4180] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 39.387731][ T4180] EXT4-fs (loop0): invalid journal inode [ 39.393473][ T4180] EXT4-fs (loop0): can't get journal size [ 39.405075][ T4180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 39.427216][ T4180] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 64: comm syz.0.272: path /55/file0: bad entry in directory: rec_len is too small for name_len - offset=0, inode=11, rec_len=12, size=1024 fake=0 [ 39.469566][ T4180] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 73: comm syz.0.272: path /55/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=83886080, rec_len=0, size=1024 fake=0 [ 39.521297][ T3322] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 39.569842][ T4206] syzkaller1: entered promiscuous mode [ 39.575427][ T4206] syzkaller1: entered allmulticast mode [ 39.724596][ T4219] syz.0.291 (4219) used greatest stack depth: 9560 bytes left [ 39.971838][ T4261] loop3: detected capacity change from 0 to 1024 [ 39.983279][ T4261] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (47942!=20869) [ 40.001982][ T4261] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 40.012642][ T4261] EXT4-fs (loop3): invalid journal inode [ 40.021029][ T4261] EXT4-fs (loop3): can't get journal size [ 40.029101][ T4261] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 40.046298][ T4261] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 64: comm syz.3.300: path /72/file0: bad entry in directory: rec_len is too small for name_len - offset=0, inode=11, rec_len=12, size=1024 fake=0 [ 40.068713][ T4261] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 73: comm syz.3.300: path /72/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=83886080, rec_len=0, size=1024 fake=0 [ 40.106843][ T3317] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 40.522125][ T4338] batadv_slave_1: entered promiscuous mode [ 40.532667][ T4334] batadv_slave_1: left promiscuous mode [ 40.706348][ T4372] batadv_slave_1: entered promiscuous mode [ 40.726417][ T4366] batadv_slave_1: left promiscuous mode [ 40.754218][ T4361] loop4: detected capacity change from 0 to 8192 [ 40.782517][ T3305] loop4: p1 p3 p4 [ 40.786738][ T3305] loop4: p1 size 8390912 extends beyond EOD, truncated [ 40.800966][ T4379] syzkaller1: entered promiscuous mode [ 40.805699][ T3305] loop4: p3 size 589824 extends beyond EOD, truncated [ 40.806562][ T4379] syzkaller1: entered allmulticast mode [ 40.837532][ T4361] loop4: p1 p3 p4 [ 40.841347][ T4361] loop4: p1 size 8390912 extends beyond EOD, truncated [ 40.870936][ T4361] loop4: p3 size 589824 extends beyond EOD, truncated [ 40.976035][ T3305] udevd[3305]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 40.988753][ T3488] udevd[3488]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 41.000107][ T3553] udevd[3553]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 41.038883][ T3553] udevd[3553]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 41.045210][ T4399] mmap: syz.3.315 (4399) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 41.170577][ T4414] loop3: detected capacity change from 0 to 512 [ 41.206940][ T4414] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 41.303333][ T4414] EXT4-fs (loop3): mount failed [ 41.822265][ T29] kauditd_printk_skb: 200 callbacks suppressed [ 41.822281][ T29] audit: type=1400 audit(41.796:552): avc: denied { create } for pid=4492 comm="syz.1.335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 41.919367][ T29] audit: type=1400 audit(41.826:553): avc: denied { write } for pid=4492 comm="syz.1.335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 41.959651][ T4499] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 41.975490][ T4497] IPVS: stopping master sync thread 4499 ... [ 42.064502][ T29] audit: type=1400 audit(42.036:554): avc: denied { create } for pid=4505 comm="syz.1.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 42.111528][ T29] audit: type=1400 audit(42.066:555): avc: denied { write } for pid=4505 comm="syz.1.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 42.131397][ T29] audit: type=1400 audit(42.076:556): avc: denied { read write } for pid=4509 comm="syz.0.343" name="ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.153866][ T29] audit: type=1400 audit(42.076:557): avc: denied { open } for pid=4509 comm="syz.0.343" path="/dev/ppp" dev="devtmpfs" ino=140 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.175691][ T4508] __nla_validate_parse: 3 callbacks suppressed [ 42.175712][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.176241][ T29] audit: type=1400 audit(42.086:558): avc: denied { ioctl } for pid=4509 comm="syz.0.343" path="/dev/ppp" dev="devtmpfs" ino=140 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 42.182307][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.193156][ T29] audit: type=1400 audit(42.166:559): avc: denied { mount } for pid=4511 comm="syz.1.344" name="/" dev="ramfs" ino=7390 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 42.245468][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.278874][ T4518] loop1: detected capacity change from 0 to 512 [ 42.291312][ T4520] SELinux: policydb version -845211227 does not match my version range 15-34 [ 42.300877][ T29] audit: type=1400 audit(42.266:560): avc: denied { load_policy } for pid=4519 comm="syz.4.347" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 42.310025][ T4520] SELinux: failed to load policy [ 42.325775][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.334643][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.364858][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.364797][ T4518] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 42.401609][ T29] audit: type=1400 audit(42.376:561): avc: denied { add_name } for pid=4517 comm="syz.1.346" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.442945][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 42.452676][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.461578][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.471192][ T4508] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 42.731215][ T4554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'. [ 42.868606][ T4573] loop3: detected capacity change from 0 to 128 [ 42.880015][ T4573] EXT4-fs: Ignoring removed nobh option [ 42.889991][ T4573] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 43.026688][ T3317] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 43.153909][ T4595] loop4: detected capacity change from 0 to 8192 [ 43.221589][ T1107] IPVS: starting estimator thread 0... [ 43.314952][ T4612] IPVS: using max 2112 ests per chain, 105600 per kthread [ 43.398175][ T4629] loop1: detected capacity change from 0 to 512 [ 43.432042][ T4629] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.396: Parent and EA inode have the same ino 15 [ 43.468206][ T4629] EXT4-fs (loop1): Remounting filesystem read-only [ 43.475453][ T4629] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 43.488486][ T4629] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -30) [ 43.498935][ T4629] EXT4-fs (loop1): 1 orphan inode deleted [ 43.505240][ T4629] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 43.519004][ T4629] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 43.802694][ T4672] vhci_hcd: invalid port number 15 [ 43.807961][ T4672] vhci_hcd: invalid port number 15 [ 43.922128][ T4686] xt_hashlimit: max too large, truncated to 1048576 [ 43.955256][ T3305] printk: udevd: 2 output lines suppressed due to ratelimiting [ 43.978804][ T4688] program syz.2.422 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 44.056566][ T4696] loop2: detected capacity change from 0 to 1024 [ 44.098889][ T4696] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.131416][ T4696] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 49 with max blocks 16 with error 28 [ 44.143995][ T4696] EXT4-fs (loop2): This should not happen!! Data will be lost [ 44.143995][ T4696] [ 44.144021][ T4696] EXT4-fs (loop2): Total free blocks count 0 [ 44.144107][ T4696] EXT4-fs (loop2): Free/Dirty block details [ 44.144119][ T4696] EXT4-fs (loop2): free_blocks=0 [ 44.144132][ T4696] EXT4-fs (loop2): dirty_blocks=0 [ 44.144145][ T4696] EXT4-fs (loop2): Block reservation details [ 44.144156][ T4696] EXT4-fs (loop2): i_reserved_data_blocks=0 [ 44.180073][ T4710] infiniband syz!: set active [ 44.180095][ T4710] infiniband syz!: added team_slave_0 [ 44.201234][ T4710] RDS/IB: syz!: added [ 44.201258][ T4710] smc: adding ib device syz! with port count 1 [ 44.201335][ T4710] smc: ib device syz! port 1 has pnetid [ 44.340460][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 44.468936][ T4737] loop3: detected capacity change from 0 to 2048 [ 44.535553][ T4737] loop3: p1 < > p4 [ 44.547932][ T4737] loop3: p4 size 8388608 extends beyond EOD, truncated [ 44.572196][ T4757] netlink: 'syz.2.453': attribute type 4 has an invalid length. [ 44.654303][ T4763] tmpfs: Bad value for 'mpol' [ 44.723732][ T4767] loop1: detected capacity change from 0 to 512 [ 44.745484][ T4767] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 44.758709][ T4767] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 44.767827][ T4767] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 44.800102][ T4767] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 44.815690][ T4767] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 44.829336][ T4777] sch_tbf: burst 3092 is lower than device lo mtu (65550) ! [ 44.836829][ T4767] System zones: 0-2, 18-18, 34-35 [ 44.842658][ T4767] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 44.870582][ T4767] EXT4-fs warning (device loop1): ext4_lookup:1799: Inconsistent encryption contexts: 12/14 [ 44.887273][ T4751] loop4: detected capacity change from 0 to 512 [ 44.899487][ T4767] EXT4-fs warning (device loop1): ext4_lookup:1799: Inconsistent encryption contexts: 12/14 [ 44.917997][ T4751] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 44.936699][ T3315] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 45.168913][ T3314] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 45.218703][ T4817] 9pnet: Could not find request transport: 0xffffffffffffffff [ 45.281110][ T4825] ip6gretap0: left promiscuous mode [ 45.286472][ T4825] ip6gretap0: left allmulticast mode [ 45.359971][ T4825] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.367375][ T4825] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.386731][ T4832] loop4: detected capacity change from 0 to 8192 [ 45.401567][ T4832] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 45.470367][ T4825] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 45.481438][ T4825] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 45.528160][ T4825] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.537130][ T4825] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.546308][ T4825] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.555518][ T4825] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 45.887115][ T4872] sch_tbf: burst 3092 is lower than device lo mtu (65550) ! [ 45.928971][ T4841] ================================================================== [ 45.937099][ T4841] BUG: KCSAN: data-race in fat12_ent_put / fat_mirror_bhs [ 45.944235][ T4841] [ 45.946565][ T4841] write to 0xffff88810ba680d9 of 1 bytes by task 4832 on cpu 1: [ 45.954199][ T4841] fat12_ent_put+0x74/0x170 [ 45.958717][ T4841] fat_alloc_clusters+0x4d1/0xa80 [ 45.963753][ T4841] fat_get_block+0x258/0x5e0 [ 45.968357][ T4841] __block_write_begin_int+0x3fd/0xf90 [ 45.973823][ T4841] cont_write_begin+0x5fc/0x970 [ 45.978685][ T4841] fat_write_begin+0x4f/0xe0 [ 45.983294][ T4841] generic_perform_write+0x181/0x490 [ 45.988595][ T4841] __generic_file_write_iter+0x9e/0x120 [ 45.994153][ T4841] generic_file_write_iter+0x8d/0x2f0 [ 45.999542][ T4841] vfs_write+0x49d/0x8e0 [ 46.003792][ T4841] ksys_write+0xda/0x1a0 [ 46.008042][ T4841] __x64_sys_write+0x40/0x50 [ 46.012656][ T4841] x64_sys_call+0x2cdd/0x2fb0 [ 46.017351][ T4841] do_syscall_64+0xd2/0x200 [ 46.021868][ T4841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.027771][ T4841] [ 46.030104][ T4841] read to 0xffff88810ba68000 of 512 bytes by task 4841 on cpu 0: [ 46.037830][ T4841] fat_mirror_bhs+0x1df/0x320 [ 46.042519][ T4841] fat_alloc_clusters+0x98b/0xa80 [ 46.047556][ T4841] fat_get_block+0x258/0x5e0 [ 46.052160][ T4841] __block_write_begin_int+0x3fd/0xf90 [ 46.057625][ T4841] cont_write_begin+0x5fc/0x970 [ 46.062489][ T4841] fat_write_begin+0x4f/0xe0 [ 46.067185][ T4841] generic_perform_write+0x181/0x490 [ 46.072508][ T4841] __generic_file_write_iter+0x9e/0x120 [ 46.078068][ T4841] generic_file_write_iter+0x8d/0x2f0 [ 46.083449][ T4841] do_iter_readv_writev+0x3ee/0x4b0 [ 46.088659][ T4841] vfs_writev+0x2df/0x8b0 [ 46.093004][ T4841] __se_sys_pwritev2+0xfc/0x1c0 [ 46.097881][ T4841] __x64_sys_pwritev2+0x67/0x80 [ 46.102765][ T4841] x64_sys_call+0x1cea/0x2fb0 [ 46.107451][ T4841] do_syscall_64+0xd2/0x200 [ 46.111972][ T4841] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 46.117877][ T4841] [ 46.120199][ T4841] Reported by Kernel Concurrency Sanitizer on: [ 46.126359][ T4841] CPU: 0 UID: 0 PID: 4841 Comm: syz.4.487 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(voluntary) [ 46.138345][ T4841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 46.148404][ T4841] ================================================================== [ 46.201777][ T4876] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 46.208349][ T4876] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 46.215999][ T4876] vhci_hcd vhci_hcd.0: Device attached [ 46.231980][ T4879] vhci_hcd: connection closed [ 46.236564][ T12] vhci_hcd: stop threads [ 46.245607][ T12] vhci_hcd: release socket [ 46.250027][ T12] vhci_hcd: disconnect device