last executing test programs: 5.363884043s ago: executing program 2 (id=2476): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000008440000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30"], 0xc8}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) perf_event_open(&(0x7f00000002c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x9141, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 4.611662476s ago: executing program 2 (id=2498): syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200), 0xfe, 0x254, &(0x7f0000000840)="$eJzs3U9oHFUcB/Df7B/jJotEvQjiHxARDYR4E7zEi0JAQhARVIiIeJJEiAnesp68eNCzLTn1EkpvTXssvYReWgo9pW0O6aXQhh4aemgPW2Znt2yTDW2zyU7JfD4wO/P2vZnfDMz37V5mN4DCGo2IyYgoR8RYRFQjIuke8H62jLabK7X12Yhm85t7SWtc1s509huJiEZEfBZR6fQtrf2w9WDjq4/+Wax+eGrt+9qgrq/b9tbm1zsnp/8+O/Xp0pVrd6aTmIx6u6/7Og5T0uO9ShLxxlEUe0kklbzPgOcx8+eZ62nu34yID1r5r0apHdl/F165WI1PTuy37393r749yHMFDl+zWU0/AxtNoHBKEVGPpDQeEdl2qTQ+nn2Hv1EeLv02v/DH2K/zi3O/5D1TAYelHrH55fmhcyO78n+7nOUfOL7S/H87s3oz3d4p5302wEC8k63S/I/9tPxxyD8UjvxDcck/FJf8wzFwwOzKPxSX/ENxyT8cY9XORqNnt/xDcck/FJf8Q3F15x8AKJbmUN5PIAN5yXv+AQAAAAAAAAAAAAAAAAAA9lqprc92lkHVvPR/xPYXEVHpVb/c+j/iiFdbr8P3k3TYE0m2W19+fK/PA/TpdM5PX792K9/6l989muP+9XSztt+45bmIRjp4olLZe/8l7fvv4F5/Rn/15z4LvKBkV/vz7wZbf7dHq/nWn9qIuJDOPxO95p9SvNVa955/6t0/sXxAvz/s8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMzOMAAAD//7MNbSk=") open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x8001, 0x0, 0x0, 0x2, 0x18, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7c2542ded71038259ca171ce1a311ef54ec32ff7f00009cc093fce47d42140c3c47411bcd3dc177e9b49600", "f28359738e229a4c000dd70200"}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) 4.552046102s ago: executing program 2 (id=2499): openat$cgroup(0xffffffffffffffff, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time_for_children\x00') r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40040) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00') pread64(r1, &(0x7f0000000540)=""/232, 0xe8, 0x1000000359) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r3, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_settings={0x4, 0x0, @te1=0x0}}) getdents64(r1, &(0x7f0000000700)=""/106, 0x6a) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000040)={0x12}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000080)={0x0, 0x6, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5fb7700"}) r4 = syz_open_pts(r2, 0x0) dup3(r4, r2, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000040)=@security={'security\x00', 0xe, 0x4, 0x4f0, 0xffffffff, 0xf8, 0x8000000, 0x0, 0xffffffff, 0xffffffff, 0x420, 0x40a, 0x420, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @local, [], [], 'macvlan1\x00', 'dvmrp1\x00'}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@hl={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@mcast2, @local, [], [], 'veth1_vlan\x00', 'wlan0\x00'}, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@hl={{0x28}}, @common=@unspec=@cpu={{0x28}}]}, @common=@unspec=@AUDIT={0x28}}, {{@uncond, 0x0, 0x1e0, 0x208, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@local, @loopback, @rand_addr=' \x01\x00', @dev, @mcast2, @private0, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, @private2, @remote, @private0, @private2, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @empty, @mcast2]}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x550) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) syz_open_dev$tty1(0xc, 0x4, 0x1) timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)=[{0x0, 0xfffffffffffffe8c}, {0x0}, {0x0}, {0x0}], 0x4, 0x0, 0xfe77, 0x10}, 0x8000) readv(r0, 0x0, 0x0) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$nl_generic(0x10, 0x3, 0x10) 4.312232302s ago: executing program 0 (id=2508): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r1, &(0x7f0000000400)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) io_uring_setup(0x669, &(0x7f00000002c0)={0x0, 0xfffffffc, 0x0, 0x3}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x62, &(0x7f00000000c0)=[{0x7f, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180156af0000003b810000850000006d00"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000004c0)='inet_sk_error_report\x00', r2}, 0x10) add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)) syz_open_dev$tty20(0xc, 0x4, 0x1) 4.296013904s ago: executing program 0 (id=2509): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r3, 0x0) 4.231783799s ago: executing program 0 (id=2511): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_buf(r2, 0x29, 0x1b, &(0x7f0000000000)=""/144, &(0x7f0000000180)=0x90) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x112dd10, 0x0) r3 = open(&(0x7f0000000a40)='./bus\x00', 0x141a42, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x100801700) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) r8 = socket(0x22, 0x2, 0x2) getsockopt$inet_sctp_SCTP_ASSOCINFO(r8, 0x84, 0x1, 0x0, &(0x7f0000000180)) 4.212089401s ago: executing program 0 (id=2513): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) 4.150325896s ago: executing program 2 (id=2514): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="38010000100003000000000000000000fe80000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000002318bfdd8e5784", @ANYRES32=0x0, @ANYRES8=r0, @ANYBLOB="000000600000000000000000000000000000000033000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480001006d643500"/237], 0x138}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001a40)=ANY=[@ANYRESDEC, @ANYRESHEX=r2, @ANYRES32, @ANYRES8=r0, @ANYRES8=0x0, @ANYRESDEC=r3, @ANYBLOB="8ae13f337804cd791950ddb39ba7b767ed218fffd5b81e73d9e6f9d96d4d2020f3a0c4fa52ef1696f4909048049060eab678f8f30d3fc497e5cd9a3448b4441d6a243fb6f010c6bc723a131f74beed2dc3d49ec6222d9990bc3a0249c33659f65a01cbfc79e251848f54f4f68434866e521afdfcd7e5a518b463c75ed6819f8621818c46ac40f2813983ebde2fe03763e429131d6aae7adda6d12c54c122c8a1c12e16e079f6d7203b17058cba35b8877b0ffc7b75dd163355ec1a0c795088012fa179001575728191a6b070df4b4524c80fe6da174cde422cd20884286a312dc9b40fb6461b39cef648843a1d6c64ca93d328c2212606887c68a803efb13ea4d5e7eaa887e0a9e9479122555862a856c376ecaab3132536ea9d039a86a21cf0c738f84b73572b17fddafdfe0797f93bc0dc270d9b11fe632352ef8485608094923f0ca98d17e1aa2ea98bbf44325b028d3a3743d8b018a9fdee4acf12a0b8b78ce41a6572b9d19136b7079ed34ef39c2c6ace6d470420a47fa84a2aa37299cb52da9b93670dc232f33e1d1d1efc33b5053f2c451449dd7096530df2205a0a0d87f3d78d34280aaafb02680cab4f95c3f70be738d728a1c4a874a791c275148f0cefeceb626db1c6a0f657bd8399442f50598400c599ecd3c2390236c915fb2ddeac63b11a6c09c7aff566b6c13255d888b388e74e0f36c2c6bf8a5cafdc78637fb6cea7cf2bdca3b19df2be8da00d8738fbeb709444c48aa3397c35445132319a094489a665cd561e7a3a448a2206a7fd507ca2833294ab6ee3bfc18083a2d6db37a4e6f3ce009d11389d7ee6c8b7afb6d5d936d740efb5ca8486d88fbf7ae6e3cd6eaf48a62932f9dba2e677c907a5d81ce3f01d912cab772f9074ecf36fe73df164215c5d9a14350ff04ebb045c50444acda8d32ba4a8ff8d7266d262199dd945f51d55db064faaa97281b10d88cde126b9fabaceb9c7e4fd4b2b420446f0c5c308611a29ac30199d6a2bc549e466a909ecc4d10786662968552e3f221f65b0dda03040b81b2556ad1831160079e057f1cacd5f954ab099dc4928d989d317069f9401dd252f72d9cc4b45916764f4727b314384e65e3190cba96c0e15a23d29b1fb01e507c6553154aa5b808975fa4080e35cd585a8fa2826fe63aebc50cf5b0d06c2bdbc008af4f31ddc2ee54d36aa04fac50df9577d05b93b8d2f246c8c97a17d611681293747ecd9de3a38163d5cd07721c36edc14cffd76288893baceded068564749a92a85752d980ce62f2fc364ff00325ac0be66249476af3c98ef9051f35bc0b5d6d3528b4db7982e65a7d71189cdcd6e84043ef57985226ac414b1fb8c2cb48c5fef7eec9b1f7936a0735a94304f653bce2bd863c80e9e5f153640459d53d1933979a44786732a72d825a4dc22b47a1d28b27864a0388c200e00d32f7efff66a3f45b201e8f4776e4dcb22eed86b2a7eead8e6815d0ebaa5f671e45f6693b136adff28e7892d055245f297aeb1c19bd2da888f348a74717cb754a7a332fec8df4c58ef8fddc0950494d883e3f554d2f37fc74a7e4fccb9a748cdec78accaf0e99d081af777c92e3daca488831112a5db0ccc71c4221e306c69b147a0591d8790c4fb8e0a42004a8f3ab71f5a72eb89dcf5170d4437ae1baebd0b67684bf2ce32f7d2f704a37b3e66ec4fc46a87cb9cb06ba157d863dc771314497446c1d273f6a07edfe0dbf04e2a109c3194eba9bde137d71e0f618812e81dde64bfb58dad004f033bc9b28312fab059800eed717f763c390716ad59d6440fb26a9afa788f806dd25bebe6524514eeef268d2939ceaf322342fe2c2bf8bd5e128e2b4ff395d7af037650ad23589e0ba07ad023389b389cd7677d15c95024b8f5d037def279b6f73035a766a175ea5d0f4672719293128fe53439b7b649691c9b7817e5d27a0265599396c3e0341e9bbb481ebc31b04f1b2ed4c46386dfd07ad5558484f7196c303d211b1fa3a8a667aa322bfc2fa2308bed218d6df1bd9a5e96c5251d2fa88a67e90b2b21659469e5670f612d58ec25affd8b3391d2a0aaf283f042cb9e4dc5e7b38d31b69d148e517119ec678440500b6f7c5509648408f9ee6d99eb33f3660bbc4c4ca76d6e4218e14363c0e7e76ebfb628d04061bfabe940aa746aae2756498ec454ce46873cece7c3f467c7e61485abc8d57108bc0a299febb2b9dec52e9eb010de1da6619930b9a7be7ab52e630388673e5f4b826dd54ce51824f5ccd5b1401eeef1403c28495dd2f2eb5910a2697095d6e0f2c183ea303ec47267fcd25742e71c2d2f2597343f8a5083105165da4cdaf1a57e852a8f801aafb26e675d4e44165df269d824c3128307451fc9f4f4c071ab8f902060fa0e4d6429c50eef887a7cff4d02f65173e17abb7aef232751b1685af8db0ddd36d1e0bc2b1e428a2dcaf503fcbf104c4f7b060254717959925877b050e70a7e3f98127209ee15054c9a79bf5654f3bec01849e085750fe97e190183fbc21c2b4d7f498e568e1adf40b6bbcb4b7ec7abfbaeaa313f065e92f7a166283146599c85602d85c6dbbe8692648ba3c5bf32cca75a34d75c77bffc05bdc07166308e7f7895795c4b27b57e663f5119c1724633c6565bd389a36b080fb957cc47c8854cdbb4f7cc6b7bda7d74c55c7b282607af7311bd68fe40162ef69a40134826ec83a9c36ad94318e80068509d8814fd1d91ca0a503de74da60434b6c12c27428d9119934962fabfd6c0242a68d84c057a7d6f4181bff6bcd89dd5bcb334b5976c12edecf9608df4f18980e5482c3a2cf9a8987ff09deddc6e5eb8018f5989db908b22a5ff8af96edda997b3749654f88d712871c30fa1ac1fa0f36d27e7b013ef5255863e670f2dff77d2894423e9902b01935de077e642b3caddcbe94d9deb29ba2eebf075d08dcc464585d31dc546d4aa0d9e4c9509072cc9f60fba950849c82bbb14f4200b50decbb9520967ded572a761bbf83944339674358e0f917a801e307471cac681b0f9b596d30e2612cf0471339ea85f94518f5f293d9acd84e530304f5fc37746c36eb4df07785ebaa9c01d3d5181e58f727beb88d08efcd3976af2deaf227433b323584453a5b36c636bd7eeec8635bc0a623f31ba0048ca0e8865adae05f326f38f30dfbcd9e163da2ea051773d7c71df59ccd55bd6edaac0568929b32ea20b553abda2ce5f81c262ff539da6ad45a9c262d16a095f04277459888076d6ecd4b09ca71b706d75e9a6656334d041b856335550293be43cfef66d62d373190c9629cce095d2cfe50cae37793535ed44e749e65e9fbc352304d0c41442201156841f0d786370ce11e9fc08894405f57a951b395ce4bbd60529fa01c026ab494fc75e13d62bf0595a10422c19de1ea309cce043f156fdfc3f6c6b6c89d261246f3a52d822c4b5e05f8db7b2d78b843620ee05c074719f78df8f492938b3b7adcd0d44f0e12bdae9506f19ca31483a83ab189ebc32119c1fed7bf2af468be5b9f1b09688d6048d35296ed1befc766b1604333d2186ca20d02107505ed863bc51809459e0c21d72e3eaebc75221937af116f0b2596e7364fa87c44ff319e7e609a7057f8387fcd2e1ac09a1f1c8c90135cda9ac4d7164cfa4220d56b9534f2d30cfad48bcd63571671f68f89f06e1c31007e8048785e2242b58c09d395a1e35bfe7b3c4f37e1213538a1c9242ec86062fb303a3c000e68b577e25d84e5e10826c04a894920ce629debf9555fc941d062230917b29f0a2143df7453afc5b05ce947397992788762a1ac285411579281ef62e77671bcf317f4ae9a956e36dec80a54170ccd17ac67b0656b401f08bf3acf0f101a3b925703a6c64d18d493ea31200055c125353061fc231bc7f64e3e534454d433ff6b1139e5bba0e9f020e5b3ae25cc8a2f2018e437e8acbc86e9c29e5a1e0f30f456992ab6fb68156ba30d1b5ee24ca130a9ec2191767ea3026e2056d1bc5b267beb542fc1bacbb92079f76cff45cc039dc2d2d3db008fd3cf60bca8ca9a2af071491310b5f11dfbf81c8b910661c5c22c12a5342a6eebabff0d600cb7a69a916955d8872177afe751bc2635cf203639f4bdb70530141258b3b832e523bc338fde5bb47ca65dcb603b8cf073612b9595e5cbec371fa4aa57db33290f3137bbd7df8c645ac4d1f924955589939757a4d84e07f40ff9033e5b2e02772e1fa3a5daa29b5359c813051b5c116363dfbb850157ae515ca957ca6fda6285d471ccde59f03aa50025f2e9d2809364509a37f9f1b61ba66f4fee871c0768d93925ad062881664a006220dd3f5002153d7b3af25e3f170437cfcded04c88026a546107c286451c3ae106925a9a77b2c8be5ecc5c3b3ec3427826897d798e7d0b8cd3289ae2c0a74dfe5fb8585c145ac81c0d3efb8fca310414f64bd932e11442ab2756ceb591358e4ec96b3daed9d7bc097380e92d9e91306a1e211cf03ee5c4982a9cb0b110afaa15760e97dfde8bb05f21e80bf4d41b2dafe9ced556099a93183dfbbde1e33ee3eec9bae7ded8d1684fdac63fb0fc0ad999366ab2d436dc5ec8ed781e0d85c60a987eb60c3410f0aadfe6a3cfefb60fde135c16864d4adf1d596d8c3379051cf953c1dbb6a358acf6f2bab3660d287ad46bc4e46fb3a231543b381be7bbeb933ab1dea83f542e630e38d4cb9d3302dcdfa75dd70fc380f4cd43c8b552df0962abb0e1cd6c1a8b2b156b5abe1916da4b3cfc13c311be7e5de60d0ba10b52ed52619e3234288088eab7ede99bca8ce34eeacc882a81c7f83e406afc004e41f95ddd74cb78a19362b2ca31cff16ad953534ea5b6b49b6490de45d8cf26e7a7e2e08e4b16d9b32390b4b5b8f5ead68dde3eed5b1d744a8eeaa9175a01d1f0208605278dc1c98d561fc3aaf9359a1d7f0b378189dc847ad8b5d89de2b884ddd50e847cf11335e0ce97993951cc511769e9f51a0bd9a34147b73f42e5a21ea1b4abfeda44ef131a3e1d52153012c6eb8f37c88ef39e67586ad6e89f096d77315ed36e26228b562ec50b3c6bcab6859fc73a2b92cae5c45a1f7ca14509723176c6e9377961d8af8dd1dab731c9fc18caccc41f2c402c87ca1342e97232383f5d1dc02a4e9b2bb0ec1bf4c3678a8dabbd6d0d53475f87a4f59f0e1b7c12be4c24e1f084550dda5c1f82e84c15f41921e43fb13dd9da529cc52996cd072c399278aff58e355538104f1317589da3a42b61256a2558b4d4945342a19b4189e18fcc97342c3c4c1476d05fe9b3c52599fd60ba528b1a1dd89afb6f6b626ed150044faeb599864bf51a3253b072e21163a1b27b673eef9b1230261eb35b3263ee7c022818940b911a718320d2689e64cead1375cfd9aec413c56923d8b06a532bd0a7cfce1ab758ae8546303c3e3879d0ad282e69ac075d8c3e2b65a26a055842d493248e45c31081f1f86b0f26802cac42212dd6c84ad6785efcd7b0f7109e562f92cfe9bd72ee1be32b22bf38db2de59f4d86979596127f9b638f4c49ff9fa57467a90147052507c6f924031c5351de5c7f27bdd02cb2e5e91fa076b690dea96b00eda15cedbaa7beb65054ab3861ea52a852fb318a481849cece70fd65a945b07e4e78ccc38ae9fd14db2c59892b25ac1bb0e51ff8c476953dc99d2a1dc126e73e5a1730ffe696792e5e2136933ec3badda302033e3cff907fc332f54ab1374a49945bf5890574c553b6d26814274dc509e16605f0290564006dcaeac3a035bece9a7af6666f8ea11b88e783aaa0", @ANYRESHEX=r0, @ANYRES16=r0, @ANYRES64=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x7c) io_setup(0x3, &(0x7f0000000180)) eventfd(0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000000)) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) readv(r5, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) sendto(0xffffffffffffffff, &(0x7f0000001900)="b67f17f479be0ec94c69d04dac004bd47322981ab11937aaee8cd39197c4bbd25e28bb650dfec9b1c76a7f1b871088ef693219afe7cb2787bad0a2c8e7121c265611d30d78e13b09396b4e6b362710b0e1361b6104de50cdcf13c4bd18b5030503a0ba2cbd193fd80124c4c48444f900b4d9baba8eb6d5a26126941e7d508f542837fc0ffe445ef415be03326e558114dfbc9bc40bfad0d12b3c66d31fedda8c53928b6e0e3a1fd18a546a0c8cb4a920f95593c60d6b3a82d20cfe83a622d83ca12dd24eb3d45fb048f310e12204168fad133d98f422d7f70e5dbda8409407fb03aa2f034f131c8fe4e2b1f9dde1760e2348926b6367454cc6f75c167b537d9adb57a15002c9ed287274cf3bc9d679767323e2", 0x113, 0x4080, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x49, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4, 0x1}, 0x80) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x9755, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x10000000}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x69, 0x4, 0x5, 0x0, r6}, 0x48) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f0000000080), &(0x7f00000000c0)=r6}, 0x20) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = socket(0x1e, 0x4, 0x0) recvmmsg(r8, &(0x7f0000006000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000007c0)=""/242, 0xf2}], 0x1, &(0x7f00000004c0)=""/75, 0x4b}}], 0x1, 0x0, 0x0) sendmsg$tipc(r8, &(0x7f0000000000)={&(0x7f0000000200)=@id={0x1e, 0x3, 0x3, {0x4e20}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r10 = fcntl$dupfd(r9, 0x0, r9) write$sndseq(r10, &(0x7f0000000180)=[{0x0, 0x1, 0x0, 0x0, @tick, {}, {0xfe}, @raw32}, {0x0, 0x2, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) ioctl$SG_GET_REQUEST_TABLE(r10, 0x2275, &(0x7f00000018c0)) 3.920291326s ago: executing program 0 (id=2525): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x13) kcmp$KCMP_EPOLL_TFD(r0, r0, 0x7, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c000000680001000000000000000000020000000000000006000700020000000c000880080012000000000008000600f200000008000500", @ANYRES32=r4], 0x3c}}, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x5608, 0x2) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.253390258s ago: executing program 4 (id=2543): syz_open_pts(0xffffffffffffffff, 0x200002) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0xb6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4c0000001000010400"/19, @ANYRES32=0x0, @ANYBLOB="000000000000000008001f00030000000800200006000000140012800900010076657468"], 0x4c}}, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff}, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000540)={0x0, @in={{0x2, 0x4e22, @empty}}, 0xfffffffd, 0xfff, 0x2, 0x8, 0x10}, &(0x7f0000000600)=0x98) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x1, &(0x7f0000000380)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r6, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r6, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xae, 0x0, &(0x7f00000000c0)) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000091a892f5424bb729b4e4a3171000010000000008000000000000000a14000003000000000000000005000007140000001100010000000000000000001520000a4a9f78fa1624f1526c96a19a6fddb887efd3b9a8b0e4cf32d44f575c92e73b82857a699e"], 0x3c}}, 0x0) ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f0000000000)={0x0, 0x53cc1305, 0x1, 0x796e, 0x40, "66342f0de28cd4caf484057ee36905f8b3f6ea", 0x6404b7f8}) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000140)) 1.416332639s ago: executing program 3 (id=2555): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000440), r0) r2 = socket$kcm(0x10, 0x2, 0x4) r3 = socket$kcm(0x2, 0x6, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c00028005001d00000000000500010004000000050015"], 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$inet(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="89000000130081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c1f01400b080c00bdad01409bbc7a46e3988285dcdf12176679df069163ce955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000017d0e01baca0a0816fdfd6c0ddd197748000000"], 0x14}}, 0x0) 1.379159123s ago: executing program 4 (id=2556): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffd, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001640)=@newtaction={0xe68, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x9}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x9}, {}, {}, {}, {}, {}, {0x2000000}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x7fffffff}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) 1.077415198s ago: executing program 4 (id=2557): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 1.026381873s ago: executing program 3 (id=2558): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r3, 0x0) 1.011312954s ago: executing program 2 (id=2524): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_buf(r2, 0x29, 0x1b, &(0x7f0000000000)=""/144, &(0x7f0000000180)=0x90) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x112dd10, 0x0) r3 = open(&(0x7f0000000a40)='./bus\x00', 0x141a42, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x100801700) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) r8 = socket(0x22, 0x2, 0x2) getsockopt$inet_sctp_SCTP_ASSOCINFO(r8, 0x84, 0x1, 0x0, &(0x7f0000000180)) 997.971865ms ago: executing program 3 (id=2559): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00') syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000a80)=ANY=[@ANYBLOB="180000000000002000000000ff000000850000000f000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r3}, 0x10) mmap(&(0x7f000045e000/0x3000)=nil, 0x3000, 0x27fffff, 0x4002011, 0xffffffffffffffff, 0x0) fallocate(r2, 0x0, 0x0, 0x1001f0) fallocate(r2, 0x3, 0x1000, 0x10000) pread64(r1, &(0x7f0000004180)=""/4096, 0x1000, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6700}], 0x1, 0x33000, 0x0, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCADDRT(r5, 0x890b, 0x0) nanosleep(0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f00000003c0)="49b3d6cb0689415c20514398e61a7e3484c63e222235d1dcb3d73f40f7b429a93872cdaf8ee3fe01123941d8ddee5d0b01eef908d22e5806f1d5ec9a4ad652ccf2b4cd5a330c525e40af05ab5fae0495c82676a49d60ff3aa1667edae957a2b9151710603434abcb56f507871f2c06c75670bcf01984a1244d09714e"}, 0x20) pwritev2(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0x1}], 0x1, 0x800001, 0x0, 0x0) 960.096318ms ago: executing program 2 (id=2560): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) capset(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00'}, 0x10) r2 = socket(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000000)="1c00000018002507b9409b14ffff00000204be04020506050e02040943", 0x1d, 0x0, 0x0, 0x0) mmap(&(0x7f000045e000/0x3000)=nil, 0x3000, 0x27fffff, 0x4002011, r2, 0x0) fallocate(0xffffffffffffffff, 0x3, 0x1000, 0x10000) pread64(r1, &(0x7f0000004180)=""/4096, 0x1000, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000880)=@nat={'nat\x00', 0x19, 0x2, 0x348, [0x20000280, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x2, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000000000000000000021000000000000000000000000000000000000000000000000ffffffff0000000000000000100000000000000000000000000000000000000000000000000000000400000000000000ffffffff0000000000000000000000000000000000000000000000000040000000000000000000000000000000000000ffffffff020000000300000000000000ffff0000000000000000000000000000000062726983676530000000000000000000736974300000000000000000000000007465616d300000000000000000000000aaaaaaaaaaaa000000000000aaaaaaaaaabb0000000000000000d8010000d801000010020000636f6d6d656e7400000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000ffffffff000000001b0000000000000000007465616d5f736c6176655f310000000069726c616e300000000000000000000069726c616e3000e575dd73000000000073797a6b616c6c6572300000000000000180c2000000000000000000f646793b7b3900000000000000007000000070000000a8000000736e61740000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa000000edffffff00000000"]}, 0x3bf) ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6700}], 0x1, 0x33000, 0x0, 0x0) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCADDRT(r5, 0x890b, 0x0) nanosleep(0x0, 0x0) pwritev2(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0x1}], 0x1, 0x800001, 0x0, 0x0) 942.21394ms ago: executing program 4 (id=2561): openat$selinux_enforce(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r4, &(0x7f00000001c0), &(0x7f0000000040)=@tcp, 0x3}, 0x20) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)={0x14, r6, 0x5de21d485e277b3, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) 703.74005ms ago: executing program 3 (id=2565): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) capset(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00') syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==") r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000a80)=ANY=[@ANYBLOB="180000000000002000000000ff000000850000000f000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r3}, 0x10) r4 = socket(0x10, 0x3, 0x0) sendto$inet6(r4, &(0x7f0000000000)="1c00000018002507b9409b14ffff00000204be04020506050e02040943", 0x1d, 0x0, 0x0, 0x0) fallocate(r2, 0x0, 0x0, 0x1001f0) fallocate(r2, 0x3, 0x1000, 0x10000) pread64(r1, &(0x7f0000004180)=""/4096, 0x1000, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, 0x0, 0x3c0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r2, 0x6628) pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6700}], 0x1, 0x33000, 0x0, 0x0) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCADDRT(r6, 0x890b, 0x0) nanosleep(0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r1, &(0x7f00000003c0)="49b3d6cb0689415c20514398e61a7e3484c63e222235d1dcb3d73f40f7b429a93872cdaf8ee3fe01123941d8ddee5d0b01eef908d22e5806f1d5ec9a4ad652ccf2b4cd5a330c525e40af05ab5fae0495c82676a49d60ff3aa1667edae957a2b9151710603434abcb56f507871f2c06c75670bcf01984a1244d09714e582c298e371e3e31b6064a219f20b5fbe3676cb965a81dbeefb3d13708e91ad97c4ca793b439f44f2866ff7a9b421111a428f80436641c0bb5942e700242ca97abc821238ba439b72135d281d2e3c0f015f08fd4f8bbeaa22df17a98bbdbacfc41ac9b0c4789345ed2e1230b096dd4beafa7ec9031bc5885ce0f5b8a"}, 0x20) pwritev2(r0, &(0x7f00000000c0)=[{&(0x7f0000000200)="df", 0x1}], 0x1, 0x800001, 0x0, 0x0) 637.447786ms ago: executing program 1 (id=2566): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000001180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) write$cgroup_int(r2, 0x0, 0x0) openat$cgroup_devices(r1, &(0x7f0000000400)='devices.deny\x00', 0x2, 0x0) fsetxattr(r1, &(0x7f0000000080)=@known='user.incfs.id\x00', &(0x7f0000000240)='kfree\x00', 0x6, 0x3) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1008000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x30, r3, 0x4, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000058}, 0x81) 564.490042ms ago: executing program 1 (id=2567): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000ffffffff000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) 564.002782ms ago: executing program 1 (id=2568): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r3, 0x0) 528.143225ms ago: executing program 3 (id=2569): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000006800b9f900000000000200000a00000000000000080001000200000004000b"], 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r4}, 0x48) 498.624068ms ago: executing program 1 (id=2570): prlimit64(0x0, 0xf, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) timer_create(0x3, 0x0, &(0x7f0000000200)) r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r1, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8982, &(0x7f0000000000)={0x8, 'veth1_to_bond\x00', {'wlan0\x00'}, 0x1a}) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) dup3(r3, r2, 0x0) r4 = socket(0x26, 0x800000003, 0x5004685e) r5 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0xd, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000080000000000000000000000180900002020702500000000002020207b1af8ff00000000bda004000000000007000000f8ffffffb702000008000000b7030000000004002500f8ff0600000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) ioctl$sock_SIOCGIFBR(r4, 0x8940, &(0x7f0000000100)=@generic={0x3, 0x1, 0x9}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00'}) socket(0x10, 0x80002, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0xd7, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) r8 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r8, 0x10d, 0xdf, 0x0, &(0x7f00000000c0)) mmap$usbfs(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x0, 0x13, r6, 0x0) r9 = socket(0x400000000010, 0x3, 0x0) write(r9, &(0x7f0000000040)="1c00000019002551075c0165ff0ffc02802000030004000500e1000c", 0x1c) mremap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) mincore(&(0x7f0000fff000/0x1000)=nil, 0x1000, &(0x7f0000000040)=""/70) 449.837582ms ago: executing program 3 (id=2571): syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r2, @ANYBLOB="0000000000000000b70200001400a685b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="fb", 0x1}], 0x1}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000000)=""/60, 0x3c}], 0x1}, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13) write$binfmt_misc(r0, &(0x7f0000000240)=ANY=[], 0xfffffecc) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) dup(0xffffffffffffffff) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000b00000000000c0000000000000000000000080001"], 0x20}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000010000104000004000000", @ANYRES32=0x0], 0x44}}, 0x40000) 448.609902ms ago: executing program 1 (id=2572): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000067dfb4a518110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000006800b9f900000000000200000a00000000000000080001000200000004000b"], 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r4}, 0x48) 240.43425ms ago: executing program 1 (id=2573): sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="08002cbd7000fcdb0000050002000000000014000700fce858b37bd44ed8ec0000000000000006000a004e2200000500030033000000000000007caffde9d5f51f59695b8ac0baaca76729a5a64d0b2a3de02b19a989db0ff65525b09e04ec560c468b92ca79d168e8bf5732b561858946a34f53ee1812e3d5c780171fbfb170d27e29fa1e106d2f07c8a98688aa5f3826c4120da9e0988b115af323e5ad8cb5f1ae4fca65f768c9f5e6cef7d976a6ed9df852bb70443a8ed0361b2775a15d2168b4b44f2fa29b941fe628538be7ee81a74854e36e9e783b1713b6a2b57c679836ad3aec50f3d5831ec21b262c87"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$unix(0x1, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3575], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000b40)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) io_setup(0x3fe, &(0x7f0000000100)=0x0) io_getevents(r3, 0x1, 0x1, &(0x7f0000004600)=[{}], 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = openat$incfs(0xffffffffffffffff, &(0x7f00000001c0)='.pending_reads\x00', 0x802, 0x188) perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r6, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/28, 0x1c}], 0x1}}], 0x90}, 0x0) recvmsg$can_bcm(r5, &(0x7f00000004c0)={&(0x7f0000000280)=@l2tp6={0xa, 0x0, 0x0, @local}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000300)=""/81, 0x51}, {&(0x7f00000003c0)=""/93, 0x5d}], 0x2, &(0x7f0000000440)=""/121, 0x79}, 0x20000003) bind$unix(r4, &(0x7f0000003000)=@file={0x1}, 0x6e) r7 = fcntl$dupfd(r4, 0x0, r1) listen(r7, 0xa0f) perf_event_open(&(0x7f0000000000)={0x1, 0xffffffffffffffc0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xfffffffc, 0x0, @perf_bp={&(0x7f0000000080), 0x8}, 0x10848a, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x68, r8, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x6, 0x53}}}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x9}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0xbe}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xf}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x5}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xb}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x9}]}, 0x68}, 0x1, 0x0, 0x0, 0xc040}, 0x10) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000680)='0', 0x1}], 0x1, &(0x7f0000000180)=ANY=[@ANYBLOB="20000000000000008400000002000000840041000000000000000000", @ANYRES32=r0, @ANYBLOB='0'], 0x50}, 0x0) 168.619516ms ago: executing program 0 (id=2526): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="38010000100003000000000000000000fe80000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000002318bfdd8e5784", @ANYRES32=0x0, @ANYRES8=r0, @ANYBLOB="000000600000000000000000000000000000000033000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480001006d643500"/237], 0x138}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000001a40)=ANY=[@ANYRESDEC, @ANYRESHEX=r2, @ANYRES32, @ANYRES8=r0, @ANYRES8=0x0, @ANYRESDEC=r3, @ANYBLOB="8ae13f337804cd791950ddb39ba7b767ed218fffd5b81e73d9e6f9d96d4d2020f3a0c4fa52ef1696f4909048049060eab678f8f30d3fc497e5cd9a3448b4441d6a243fb6f010c6bc723a131f74beed2dc3d49ec6222d9990bc3a0249c33659f65a01cbfc79e251848f54f4f68434866e521afdfcd7e5a518b463c75ed6819f8621818c46ac40f2813983ebde2fe03763e429131d6aae7adda6d12c54c122c8a1c12e16e079f6d7203b17058cba35b8877b0ffc7b75dd163355ec1a0c795088012fa179001575728191a6b070df4b4524c80fe6da174cde422cd20884286a312dc9b40fb6461b39cef648843a1d6c64ca93d328c2212606887c68a803efb13ea4d5e7eaa887e0a9e9479122555862a856c376ecaab3132536ea9d039a86a21cf0c738f84b73572b17fddafdfe0797f93bc0dc270d9b11fe632352ef8485608094923f0ca98d17e1aa2ea98bbf44325b028d3a3743d8b018a9fdee4acf12a0b8b78ce41a6572b9d19136b7079ed34ef39c2c6ace6d470420a47fa84a2aa37299cb52da9b93670dc232f33e1d1d1efc33b5053f2c451449dd7096530df2205a0a0d87f3d78d34280aaafb02680cab4f95c3f70be738d728a1c4a874a791c275148f0cefeceb626db1c6a0f657bd8399442f50598400c599ecd3c2390236c915fb2ddeac63b11a6c09c7aff566b6c13255d888b388e74e0f36c2c6bf8a5cafdc78637fb6cea7cf2bdca3b19df2be8da00d8738fbeb709444c48aa3397c35445132319a094489a665cd561e7a3a448a2206a7fd507ca2833294ab6ee3bfc18083a2d6db37a4e6f3ce009d11389d7ee6c8b7afb6d5d936d740efb5ca8486d88fbf7ae6e3cd6eaf48a62932f9dba2e677c907a5d81ce3f01d912cab772f9074ecf36fe73df164215c5d9a14350ff04ebb045c50444acda8d32ba4a8ff8d7266d262199dd945f51d55db064faaa97281b10d88cde126b9fabaceb9c7e4fd4b2b420446f0c5c308611a29ac30199d6a2bc549e466a909ecc4d10786662968552e3f221f65b0dda03040b81b2556ad1831160079e057f1cacd5f954ab099dc4928d989d317069f9401dd252f72d9cc4b45916764f4727b314384e65e3190cba96c0e15a23d29b1fb01e507c6553154aa5b808975fa4080e35cd585a8fa2826fe63aebc50cf5b0d06c2bdbc008af4f31ddc2ee54d36aa04fac50df9577d05b93b8d2f246c8c97a17d611681293747ecd9de3a38163d5cd07721c36edc14cffd76288893baceded068564749a92a85752d980ce62f2fc364ff00325ac0be66249476af3c98ef9051f35bc0b5d6d3528b4db7982e65a7d71189cdcd6e84043ef57985226ac414b1fb8c2cb48c5fef7eec9b1f7936a0735a94304f653bce2bd863c80e9e5f153640459d53d1933979a44786732a72d825a4dc22b47a1d28b27864a0388c200e00d32f7efff66a3f45b201e8f4776e4dcb22eed86b2a7eead8e6815d0ebaa5f671e45f6693b136adff28e7892d055245f297aeb1c19bd2da888f348a74717cb754a7a332fec8df4c58ef8fddc0950494d883e3f554d2f37fc74a7e4fccb9a748cdec78accaf0e99d081af777c92e3daca488831112a5db0ccc71c4221e306c69b147a0591d8790c4fb8e0a42004a8f3ab71f5a72eb89dcf5170d4437ae1baebd0b67684bf2ce32f7d2f704a37b3e66ec4fc46a87cb9cb06ba157d863dc771314497446c1d273f6a07edfe0dbf04e2a109c3194eba9bde137d71e0f618812e81dde64bfb58dad004f033bc9b28312fab059800eed717f763c390716ad59d6440fb26a9afa788f806dd25bebe6524514eeef268d2939ceaf322342fe2c2bf8bd5e128e2b4ff395d7af037650ad23589e0ba07ad023389b389cd7677d15c95024b8f5d037def279b6f73035a766a175ea5d0f4672719293128fe53439b7b649691c9b7817e5d27a0265599396c3e0341e9bbb481ebc31b04f1b2ed4c46386dfd07ad5558484f7196c303d211b1fa3a8a667aa322bfc2fa2308bed218d6df1bd9a5e96c5251d2fa88a67e90b2b21659469e5670f612d58ec25affd8b3391d2a0aaf283f042cb9e4dc5e7b38d31b69d148e517119ec678440500b6f7c5509648408f9ee6d99eb33f3660bbc4c4ca76d6e4218e14363c0e7e76ebfb628d04061bfabe940aa746aae2756498ec454ce46873cece7c3f467c7e61485abc8d57108bc0a299febb2b9dec52e9eb010de1da6619930b9a7be7ab52e630388673e5f4b826dd54ce51824f5ccd5b1401eeef1403c28495dd2f2eb5910a2697095d6e0f2c183ea303ec47267fcd25742e71c2d2f2597343f8a5083105165da4cdaf1a57e852a8f801aafb26e675d4e44165df269d824c3128307451fc9f4f4c071ab8f902060fa0e4d6429c50eef887a7cff4d02f65173e17abb7aef232751b1685af8db0ddd36d1e0bc2b1e428a2dcaf503fcbf104c4f7b060254717959925877b050e70a7e3f98127209ee15054c9a79bf5654f3bec01849e085750fe97e190183fbc21c2b4d7f498e568e1adf40b6bbcb4b7ec7abfbaeaa313f065e92f7a166283146599c85602d85c6dbbe8692648ba3c5bf32cca75a34d75c77bffc05bdc07166308e7f7895795c4b27b57e663f5119c1724633c6565bd389a36b080fb957cc47c8854cdbb4f7cc6b7bda7d74c55c7b282607af7311bd68fe40162ef69a40134826ec83a9c36ad94318e80068509d8814fd1d91ca0a503de74da60434b6c12c27428d9119934962fabfd6c0242a68d84c057a7d6f4181bff6bcd89dd5bcb334b5976c12edecf9608df4f18980e5482c3a2cf9a8987ff09deddc6e5eb8018f5989db908b22a5ff8af96edda997b3749654f88d712871c30fa1ac1fa0f36d27e7b013ef5255863e670f2dff77d2894423e9902b01935de077e642b3caddcbe94d9deb29ba2eebf075d08dcc464585d31dc546d4aa0d9e4c9509072cc9f60fba950849c82bbb14f4200b50decbb9520967ded572a761bbf83944339674358e0f917a801e307471cac681b0f9b596d30e2612cf0471339ea85f94518f5f293d9acd84e530304f5fc37746c36eb4df07785ebaa9c01d3d5181e58f727beb88d08efcd3976af2deaf227433b323584453a5b36c636bd7eeec8635bc0a623f31ba0048ca0e8865adae05f326f38f30dfbcd9e163da2ea051773d7c71df59ccd55bd6edaac0568929b32ea20b553abda2ce5f81c262ff539da6ad45a9c262d16a095f04277459888076d6ecd4b09ca71b706d75e9a6656334d041b856335550293be43cfef66d62d373190c9629cce095d2cfe50cae37793535ed44e749e65e9fbc352304d0c41442201156841f0d786370ce11e9fc08894405f57a951b395ce4bbd60529fa01c026ab494fc75e13d62bf0595a10422c19de1ea309cce043f156fdfc3f6c6b6c89d261246f3a52d822c4b5e05f8db7b2d78b843620ee05c074719f78df8f492938b3b7adcd0d44f0e12bdae9506f19ca31483a83ab189ebc32119c1fed7bf2af468be5b9f1b09688d6048d35296ed1befc766b1604333d2186ca20d02107505ed863bc51809459e0c21d72e3eaebc75221937af116f0b2596e7364fa87c44ff319e7e609a7057f8387fcd2e1ac09a1f1c8c90135cda9ac4d7164cfa4220d56b9534f2d30cfad48bcd63571671f68f89f06e1c31007e8048785e2242b58c09d395a1e35bfe7b3c4f37e1213538a1c9242ec86062fb303a3c000e68b577e25d84e5e10826c04a894920ce629debf9555fc941d062230917b29f0a2143df7453afc5b05ce947397992788762a1ac285411579281ef62e77671bcf317f4ae9a956e36dec80a54170ccd17ac67b0656b401f08bf3acf0f101a3b925703a6c64d18d493ea31200055c125353061fc231bc7f64e3e534454d433ff6b1139e5bba0e9f020e5b3ae25cc8a2f2018e437e8acbc86e9c29e5a1e0f30f456992ab6fb68156ba30d1b5ee24ca130a9ec2191767ea3026e2056d1bc5b267beb542fc1bacbb92079f76cff45cc039dc2d2d3db008fd3cf60bca8ca9a2af071491310b5f11dfbf81c8b910661c5c22c12a5342a6eebabff0d600cb7a69a916955d8872177afe751bc2635cf203639f4bdb70530141258b3b832e523bc338fde5bb47ca65dcb603b8cf073612b9595e5cbec371fa4aa57db33290f3137bbd7df8c645ac4d1f924955589939757a4d84e07f40ff9033e5b2e02772e1fa3a5daa29b5359c813051b5c116363dfbb850157ae515ca957ca6fda6285d471ccde59f03aa50025f2e9d2809364509a37f9f1b61ba66f4fee871c0768d93925ad062881664a006220dd3f5002153d7b3af25e3f170437cfcded04c88026a546107c286451c3ae106925a9a77b2c8be5ecc5c3b3ec3427826897d798e7d0b8cd3289ae2c0a74dfe5fb8585c145ac81c0d3efb8fca310414f64bd932e11442ab2756ceb591358e4ec96b3daed9d7bc097380e92d9e91306a1e211cf03ee5c4982a9cb0b110afaa15760e97dfde8bb05f21e80bf4d41b2dafe9ced556099a93183dfbbde1e33ee3eec9bae7ded8d1684fdac63fb0fc0ad999366ab2d436dc5ec8ed781e0d85c60a987eb60c3410f0aadfe6a3cfefb60fde135c16864d4adf1d596d8c3379051cf953c1dbb6a358acf6f2bab3660d287ad46bc4e46fb3a231543b381be7bbeb933ab1dea83f542e630e38d4cb9d3302dcdfa75dd70fc380f4cd43c8b552df0962abb0e1cd6c1a8b2b156b5abe1916da4b3cfc13c311be7e5de60d0ba10b52ed52619e3234288088eab7ede99bca8ce34eeacc882a81c7f83e406afc004e41f95ddd74cb78a19362b2ca31cff16ad953534ea5b6b49b6490de45d8cf26e7a7e2e08e4b16d9b32390b4b5b8f5ead68dde3eed5b1d744a8eeaa9175a01d1f0208605278dc1c98d561fc3aaf9359a1d7f0b378189dc847ad8b5d89de2b884ddd50e847cf11335e0ce97993951cc511769e9f51a0bd9a34147b73f42e5a21ea1b4abfeda44ef131a3e1d52153012c6eb8f37c88ef39e67586ad6e89f096d77315ed36e26228b562ec50b3c6bcab6859fc73a2b92cae5c45a1f7ca14509723176c6e9377961d8af8dd1dab731c9fc18caccc41f2c402c87ca1342e97232383f5d1dc02a4e9b2bb0ec1bf4c3678a8dabbd6d0d53475f87a4f59f0e1b7c12be4c24e1f084550dda5c1f82e84c15f41921e43fb13dd9da529cc52996cd072c399278aff58e355538104f1317589da3a42b61256a2558b4d4945342a19b4189e18fcc97342c3c4c1476d05fe9b3c52599fd60ba528b1a1dd89afb6f6b626ed150044faeb599864bf51a3253b072e21163a1b27b673eef9b1230261eb35b3263ee7c022818940b911a718320d2689e64cead1375cfd9aec413c56923d8b06a532bd0a7cfce1ab758ae8546303c3e3879d0ad282e69ac075d8c3e2b65a26a055842d493248e45c31081f1f86b0f26802cac42212dd6c84ad6785efcd7b0f7109e562f92cfe9bd72ee1be32b22bf38db2de59f4d86979596127f9b638f4c49ff9fa57467a90147052507c6f924031c5351de5c7f27bdd02cb2e5e91fa076b690dea96b00eda15cedbaa7beb65054ab3861ea52a852fb318a481849cece70fd65a945b07e4e78ccc38ae9fd14db2c59892b25ac1bb0e51ff8c476953dc99d2a1dc126e73e5a1730ffe696792e5e2136933ec3badda302033e3cff907fc332f54ab1374a49945bf5890574c553b6d26814274dc509e16605f0290564006dcaeac3a035bece9a7af6666f8ea11b88e783aaa0", @ANYRESHEX=r0, @ANYRES16=r0, @ANYRES64=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x7c) io_setup(0x3, &(0x7f0000000180)) eventfd(0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000000)) r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) readv(r5, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) sendto(0xffffffffffffffff, &(0x7f0000001900)="b67f17f479be0ec94c69d04dac004bd47322981ab11937aaee8cd39197c4bbd25e28bb650dfec9b1c76a7f1b871088ef693219afe7cb2787bad0a2c8e7121c265611d30d78e13b09396b4e6b362710b0e1361b6104de50cdcf13c4bd18b5030503a0ba2cbd193fd80124c4c48444f900b4d9baba8eb6d5a26126941e7d508f542837fc0ffe445ef415be03326e558114dfbc9bc40bfad0d12b3c66d31fedda8c53928b6e0e3a1fd18a546a0c8cb4a920f95593c60d6b3a82d20cfe83a622d83ca12dd24eb3d45fb048f310e12204168fad133d98f422d7f70e5dbda8409407fb03aa2f034f131c8fe4e2b1f9dde1760e2348926b6367454cc6f75c167b537d9adb57a15002c9ed287274cf3bc9d679767323e2", 0x113, 0x4080, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x49, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4, 0x1}, 0x80) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x9755, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x10000000}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x69, 0x4, 0x5, 0x0, r6}, 0x48) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r7}, &(0x7f0000000080), &(0x7f00000000c0)=r6}, 0x20) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r8 = socket(0x1e, 0x4, 0x0) recvmmsg(r8, &(0x7f0000006000)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000007c0)=""/242, 0xf2}], 0x1, &(0x7f00000004c0)=""/75, 0x4b}}], 0x1, 0x0, 0x0) sendmsg$tipc(r8, &(0x7f0000000000)={&(0x7f0000000200)=@id={0x1e, 0x3, 0x3, {0x4e20}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r10 = fcntl$dupfd(r9, 0x0, r9) write$sndseq(r10, &(0x7f0000000180)=[{0x0, 0x1, 0x0, 0x0, @tick, {}, {0xfe}, @raw32}, {0x0, 0x2, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) ioctl$SG_GET_REQUEST_TABLE(r10, 0x2275, &(0x7f00000018c0)) 436.72µs ago: executing program 4 (id=2574): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_buf(r2, 0x29, 0x1b, &(0x7f0000000000)=""/144, &(0x7f0000000180)=0x90) perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xc8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x101c0ca, &(0x7f0000000400)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c666d61736b3d30303030303030303030303030303030303030303036362c696f636861727365743d69736f383835392d312c6572726f72733d636f6e74696e75652c756e695f786c6174653d302c696f636861727365743d61736369692c726f6469722c73686f72746e616d653d6d697865642c756e695f786c6174653d302c757466383d302c757466383d302c756e695f786c6174653d312c64656275672c756e695f786c6174653d312c666d61736b3d30303030303030303030303030303030303030303030332c6e6f63617365aec489af6ba9723d4b17106f6d47b9ade1c253d4e3b08066427cae9f41fd1e1dd25a22ec22ad6e8bf6f67e052de91b544f2f4541f87a0c0b36e8d444150b35c110bda57fe7a9c06ba087cc975447082aaf95213301f3e04b70ea67a8aa0d582ca1a9525dba7116d80f126f782a78428b878fc79c0be9ad98cb6950995e6edba78e5301e8c8e69cc85beceb8b54f84a84787815ef9a18f1fe1c81b4c1830102f7e3236e2533e486ecb46ee53991c5bfe6289a474582b2e57741fd8de78f42097851bee74d4201c7767e0e0f4b34523150639b1291441ad01f2f72ed3679d7bca0e8b4e0689f883196af0d0dfe7344f276c1b4bd333882cf7879248ad423e3f21cd0cae2309519f9d40df23cf05d9c8d8f9d07da771ea1e3bcd8478fb989f770da17f700000000000000"], 0x6, 0x2c0, &(0x7f0000000900)="$eJzs3U9rK1UUAPAz+TOJukgWrkRwQBeuHu+9rZsUeQ/ErnxkoS60+FqQJggtFKri2JVbNy78DILgB3HjNxDcCu6sUBiZyaRJ2pg2palof79Fe3vnnLlnboZ2WujJx6+O959nsXfy5a/R7SbRGMQgTpPoRyOmvo4Fg28DAPgvOy2K+KOYWCcviYju5soCADboej//W7PhT3dSFgCwQc/e/+Ddre3tJ+9lWTeejr85Gpa/2ZefJ8e39uLTGMVuPIxenEVUDwrtqJ4WyuHToijyVlbqxxvj/GhYZo4/+rk+/9bv9R8LSv3q4/nTRpX/zvaTR9nEXH5e1vFivf6gXP9x9OLl8+SF/MdL8mOYxpuvz9X/IHrxyyfxWYzieVXELP+rR1n2dvHdn198WJZX5if50bBTxc0UzTt8WQAAAAAAAAAAAAAAAAAAAAAA+J97UPfO6UTVv6ecqvvvNM/KL9qRTfUX+/NM8qetfRb6AxVFkVftcib9dR5mWVbUgbP8VrzSmm8sCAAAAAAAAAAAAAAAAAAAAPfX4fHn+zuj0e7BrQym3QBaEfHXs4ibnmcwN/NarA7u1GvujEaNergY05qfieY0JolYWUZ5Ebe0LVcNXrhUcz344cd1T9i9Oqa9fK3D4+ZNX6/84sz07trfSZbvYSemM9160e/TiFlMGtdcPf2nQ0Wsc/ulSw/11t6N9KVqkK+IiWRVYW/9Ntm5eia5eBVptatL09v1YC79wr1xrfs5upP0y98rEt06AAAAAAAAAAAAAAAAAABgo2b//bvk4MnK1EbR2VhZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCnZu//v8Ygj4h2fYIrgtM4OPyXLxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB74O8AAAD//0aWVl0=") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x112dd10, 0x0) r3 = open(&(0x7f0000000a40)='./bus\x00', 0x141a42, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x100801700) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) r8 = socket(0x22, 0x2, 0x2) getsockopt$inet_sctp_SCTP_ASSOCINFO(r8, 0x84, 0x1, 0x0, &(0x7f0000000180)) 0s ago: executing program 4 (id=2575): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10) syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000cc0)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX, @ANYBLOB="00006b746769643d0092", @ANYRESOCT, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1", @ANYRESOCT], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=") kernel console output (not intermixed with test programs): n (100), value rounded to 0 ms [ 177.902939][T10171] dump_stack+0x15/0x20 [ 177.907212][T10171] should_fail_ex+0x229/0x230 [ 177.911933][T10171] ? vm_area_dup+0x98/0x130 [ 177.912926][T10177] loop1: detected capacity change from 0 to 2048 [ 177.916483][T10171] should_failslab+0x8f/0xb0 [ 177.916528][T10171] kmem_cache_alloc_noprof+0x4c/0x290 [ 177.916563][T10171] vm_area_dup+0x98/0x130 [ 177.916587][T10171] __split_vma+0xf7/0x690 [ 177.926501][T10177] msdos: Unknown parameter 'sys_enter' [ 177.927591][T10171] do_vmi_align_munmap+0x1a5/0xa60 [ 177.952557][T10171] do_vmi_munmap+0x1fb/0x250 [ 177.957206][T10171] do_munmap+0x7a/0xb0 [ 177.961367][T10171] __se_sys_mremap+0xabc/0xf20 [ 177.962200][T10181] loop1: detected capacity change from 0 to 512 [ 177.966205][T10171] ? bpf_trace_run2+0x123/0x1d0 [ 177.977347][T10171] __x64_sys_mremap+0x67/0x80 [ 177.980152][T10181] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 177.982094][T10171] x64_sys_call+0x2747/0x2d60 [ 177.997096][T10171] do_syscall_64+0xc9/0x1c0 [ 178.001625][T10171] ? clear_bhb_loop+0x55/0xb0 [ 178.006325][T10171] ? clear_bhb_loop+0x55/0xb0 [ 178.011093][T10171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.017097][T10171] RIP: 0033:0x7f09339c9ef9 [ 178.021590][T10171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.041253][T10171] RSP: 002b:00007f0932647038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 178.049855][T10171] RAX: ffffffffffffffda RBX: 00007f0933b65f80 RCX: 00007f09339c9ef9 [ 178.057839][T10171] RDX: 0000000000200000 RSI: 0000000000600600 RDI: 0000000020000000 [ 178.065914][T10171] RBP: 00007f0932647090 R08: 0000000020a00000 R09: 0000000000000000 [ 178.073957][T10171] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 178.081930][T10171] R13: 0000000000000000 R14: 00007f0933b65f80 R15: 00007ffe5d4a53e8 [ 178.089913][T10171] [ 178.095222][ T3335] tipc: Node number set to 2886997007 [ 178.118879][T10187] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2052'. [ 178.178352][T10193] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2054'. [ 178.231068][T10195] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2055'. [ 178.258329][T10195] loop4: detected capacity change from 0 to 128 [ 178.264835][T10195] vfat: Unknown parameter '0000000000000000000000001777777777777777777777ÿ' [ 178.307676][T10204] loop4: detected capacity change from 0 to 512 [ 178.318935][T10204] ext4 filesystem being mounted at /88/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 178.369557][T10209] bond3: entered allmulticast mode [ 178.380820][T10209] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 178.388597][T10209] batadv1: entered allmulticast mode [ 178.394186][T10209] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 178.491123][T10215] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms [ 178.522317][T10215] loop4: detected capacity change from 0 to 2048 [ 178.529099][T10215] msdos: Unknown parameter 'sys_enter' [ 178.622711][ T29] audit: type=1326 audit(1724957192.937:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10221 comm="syz.4.2062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9ae59ef9 code=0x7ffc0000 [ 178.646381][ T29] audit: type=1326 audit(1724957192.937:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10221 comm="syz.4.2062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9ae59ef9 code=0x7ffc0000 [ 178.670218][ T29] audit: type=1326 audit(1724957192.937:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10221 comm="syz.4.2062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4a9ae59ef9 code=0x7ffc0000 [ 178.693747][ T29] audit: type=1326 audit(1724957192.937:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10221 comm="syz.4.2062" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a9ae59ef9 code=0x7ffc0000 [ 178.813760][T10225] sch_fq: defrate 0 ignored. [ 178.982514][T10232] loop3: detected capacity change from 0 to 512 [ 178.999250][T10232] ext4 filesystem being mounted at /175/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 179.070813][T10243] loop1: detected capacity change from 0 to 512 [ 179.088915][T10243] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 179.221996][T10263] loop1: detected capacity change from 0 to 256 [ 179.229602][T10263] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 179.255960][T10265] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 179.299872][T10270] loop1: detected capacity change from 0 to 512 [ 179.328844][T10270] ext4 filesystem being mounted at /55/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 179.413337][T10279] loop1: detected capacity change from 0 to 512 [ 179.428994][T10279] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 179.674585][ T3283] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.850140][T10286] chnl_net:caif_netlink_parms(): no params data found [ 179.886709][T10286] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.893914][T10286] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.901283][T10286] bridge_slave_0: entered allmulticast mode [ 179.907863][T10286] bridge_slave_0: entered promiscuous mode [ 179.914690][T10286] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.921830][T10286] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.929918][T10286] bridge_slave_1: entered allmulticast mode [ 179.936391][T10286] bridge_slave_1: entered promiscuous mode [ 179.954670][T10286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.965449][T10286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.991713][T10286] team0: Port device team_slave_0 added [ 179.998656][T10286] team0: Port device team_slave_1 added [ 180.016612][T10286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.023662][T10286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.049773][T10286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.061261][T10286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.068331][T10286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.094497][T10286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.125446][T10286] hsr_slave_0: entered promiscuous mode [ 180.135276][T10286] hsr_slave_1: entered promiscuous mode [ 180.143902][T10286] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 180.152587][T10286] Cannot create hsr debugfs directory [ 180.185589][T10313] loop4: detected capacity change from 0 to 256 [ 180.195183][T10313] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 180.226834][T10318] loop4: detected capacity change from 0 to 512 [ 180.242107][T10318] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 180.288937][T10324] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 180.371296][T10338] loop3: detected capacity change from 0 to 512 [ 180.379499][T10338] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2103: corrupted in-inode xattr: invalid ea_ino [ 180.393169][T10338] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2103: couldn't read orphan inode 15 (err -117) [ 181.174423][T10346] loop4: detected capacity change from 0 to 256 [ 181.182268][T10346] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 181.285214][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 181.285233][ T29] audit: type=1400 audit(1724957195.597:3440): avc: denied { ioctl } for pid=10365 comm="syz.3.2111" path="socket:[39212]" dev="sockfs" ino=39212 ioctlcmd=0x9429 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 181.317079][ T29] audit: type=1400 audit(1724957195.597:3441): avc: denied { ioctl } for pid=10365 comm="syz.3.2111" path="pid:[4026532393]" dev="nsfs" ino=4026532393 ioctlcmd=0x9363 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 181.342551][ T29] audit: type=1400 audit(1724957195.607:3442): avc: denied { shutdown } for pid=10365 comm="syz.3.2111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 181.507881][ T29] audit: type=1400 audit(1724957195.827:3443): avc: denied { ioctl } for pid=10369 comm="syz.3.2113" path="/dev/sg0" dev="devtmpfs" ino=111 ioctlcmd=0x2275 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 181.974931][T10369] syz.3.2113 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 181.986006][T10369] CPU: 0 UID: 0 PID: 10369 Comm: syz.3.2113 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 181.996801][T10369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 182.006942][T10369] Call Trace: [ 182.010235][T10369] [ 182.013209][T10369] dump_stack_lvl+0xf2/0x150 [ 182.017974][T10369] dump_stack+0x15/0x20 [ 182.022210][T10369] dump_header+0x83/0x2d0 [ 182.026571][T10369] oom_kill_process+0x341/0x4c0 [ 182.031493][T10369] out_of_memory+0x9af/0xbe0 [ 182.036192][T10369] ? __rcu_read_unlock+0x4e/0x70 [ 182.041165][T10369] mem_cgroup_out_of_memory+0x13e/0x190 [ 182.046820][T10369] try_charge_memcg+0x51b/0x810 [ 182.051695][T10369] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 182.057878][T10369] __read_swap_cache_async+0x2b7/0x520 [ 182.063487][T10369] swap_cluster_readahead+0x276/0x3f0 [ 182.068986][T10369] swapin_readahead+0xe4/0x760 [ 182.073878][T10369] ? __filemap_get_folio+0x420/0x5b0 [ 182.079197][T10369] ? __lruvec_stat_mod_folio+0xdb/0x120 [ 182.084795][T10369] ? swap_cache_get_folio+0x77/0x210 [ 182.090163][T10369] do_swap_page+0x3da/0x1ef0 [ 182.094837][T10369] ? cgroup_rstat_updated+0x99/0x550 [ 182.100158][T10369] ? __rcu_read_lock+0x36/0x50 [ 182.105169][T10369] ? pte_offset_map_nolock+0x124/0x1d0 [ 182.110705][T10369] handle_mm_fault+0x8cb/0x2a30 [ 182.115681][T10369] exc_page_fault+0x3b9/0x650 [ 182.120496][T10369] asm_exc_page_fault+0x26/0x30 [ 182.125435][T10369] RIP: 0033:0x7f093389d9ac [ 182.129863][T10369] Code: 72 64 0f 1f 40 00 69 3d 06 7d df 00 e8 03 00 00 48 8d 1d e7 85 2c 00 e8 b2 c4 12 00 eb 0c 48 81 c3 d8 00 00 00 48 39 dd 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 d8 00 00 [ 182.149650][T10369] RSP: 002b:00007ffe5d4a5550 EFLAGS: 00010206 [ 182.156206][T10369] RAX: 0000000000000000 RBX: 00007f0933b65f80 RCX: 0000000000000000 [ 182.164272][T10369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000555575d19808 [ 182.172878][T10369] RBP: 00007f0933b67a80 R08: 0000000000000000 R09: 7fffffffffffffff [ 182.180860][T10369] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000002c79e [ 182.188836][T10369] R13: 00007ffe5d4a5650 R14: 0000000000000032 R15: ffffffffffffffff [ 182.196897][T10369] [ 182.200508][T10369] memory: usage 114584kB, limit 307200kB, failcnt 10730 [ 182.207654][T10369] memory+swap: usage 106992kB, limit 9007199254740988kB, failcnt 0 [ 182.215575][T10369] kmem: usage 95932kB, limit 9007199254740988kB, failcnt 0 [ 182.222834][T10369] Memory cgroup stats for /syz3: [ 182.226203][T10369] cache 368640 [ 182.234557][T10369] rss 8192 [ 182.237742][T10369] shmem 0 [ 182.240747][T10369] mapped_file 364544 [ 182.244640][T10369] dirty 364544 [ 182.248104][T10369] writeback 0 [ 182.251413][T10369] workingset_refault_anon 8 [ 182.255921][T10369] workingset_refault_file 0 [ 182.260471][T10369] swap 212992 [ 182.263780][T10369] swapcached 16384 [ 182.267551][T10369] pgpgin 290239 [ 182.271063][T10369] pgpgout 290144 [ 182.274619][T10369] pgfault 290248 [ 182.278290][T10369] pgmajfault 11 [ 182.281811][T10369] inactive_anon 0 [ 182.285445][T10369] active_anon 20480 [ 182.289380][T10369] inactive_file 0 [ 182.292819][T10377] loop1: detected capacity change from 0 to 256 [ 182.293070][T10369] active_file 368640 [ 182.293080][T10369] unevictable 0 [ 182.302919][T10377] msdos: Bad value for 'gid' [ 182.303442][T10369] hierarchical_memory_limit 314572800 [ 182.306967][T10377] msdos: Bad value for 'gid' [ 182.311511][T10369] hierarchical_memsw_limit 9223372036854771712 [ 182.327713][T10369] total_cache 368640 [ 182.331611][T10369] total_rss 8192 [ 182.335168][T10369] total_shmem 0 [ 182.338740][T10369] total_mapped_file 364544 [ 182.343199][T10369] total_dirty 364544 [ 182.347125][T10369] total_writeback 0 [ 182.350987][T10369] total_workingset_refault_anon 8 [ 182.356063][T10369] total_workingset_refault_file 0 [ 182.361121][T10369] total_swap 212992 [ 182.364942][T10369] total_swapcached 16384 [ 182.369204][T10369] total_pgpgin 290239 [ 182.373252][T10369] total_pgpgout 290144 [ 182.376890][T10380] loop1: detected capacity change from 0 to 256 [ 182.377360][T10369] total_pgfault 290248 [ 182.377370][T10369] total_pgmajfault 11 [ 182.377379][T10369] total_inactive_anon 0 [ 182.377388][T10369] total_active_anon 20480 [ 182.388525][T10380] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 182.391707][T10369] total_inactive_file 0 [ 182.414939][T10369] total_active_file 368640 [ 182.419410][T10369] total_unevictable 0 [ 182.423458][T10369] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz3,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.2113,pid=10369,uid=0 [ 182.438467][T10369] Memory cgroup out of memory: Killed process 10369 (syz.3.2113) total-vm:91360kB, anon-rss:520kB, file-rss:18376kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 182.440537][T10370] syz.3.2113 (10370) used greatest stack depth: 9272 bytes left [ 182.467687][ T3283] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.520507][ T3283] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.581217][ T3283] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.646709][ T3283] bridge_slave_1: left allmulticast mode [ 182.652694][ T3283] bridge_slave_1: left promiscuous mode [ 182.658443][ T3283] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.666264][ T3283] bridge_slave_0: left allmulticast mode [ 182.671988][ T3283] bridge_slave_0: left promiscuous mode [ 182.677750][ T3283] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.800181][ T3283] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.810977][ T3283] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.821486][ T3283] bond0 (unregistering): Released all slaves [ 182.999872][ T3283] hsr_slave_0: left promiscuous mode [ 183.005649][ T3283] hsr_slave_1: left promiscuous mode [ 183.015362][ T3283] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 183.023086][ T3283] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 183.033592][ T3283] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.041134][ T3283] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 183.055342][ T3283] veth1_macvtap: left promiscuous mode [ 183.060973][ T3283] veth0_macvtap: left promiscuous mode [ 183.066523][ T3283] veth1_vlan: left promiscuous mode [ 183.071848][ T3283] veth0_vlan: left promiscuous mode [ 183.140439][T10408] loop4: detected capacity change from 0 to 512 [ 183.158737][T10408] ext4 filesystem being mounted at /110/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 183.200177][ T3283] team0 (unregistering): Port device team_slave_1 removed [ 183.203322][T10413] loop3: detected capacity change from 0 to 256 [ 183.217409][ T3283] team0 (unregistering): Port device team_slave_0 removed [ 183.226064][T10413] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 183.393133][T10286] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 183.407046][T10286] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 183.424298][T10286] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 183.440819][T10286] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 183.531489][T10286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.556211][T10286] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.570667][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.577957][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.612768][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.615442][T10437] loop3: detected capacity change from 0 to 1024 [ 183.619987][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.626775][T10437] ext4: Unknown parameter 'func' [ 183.653084][ T29] audit: type=1326 audit(1724957197.967:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10436 comm="syz.3.2137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09339c9ef9 code=0x7ffc0000 [ 183.688066][T10437] loop3: detected capacity change from 0 to 512 [ 183.690496][T10286] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 183.697985][ T29] audit: type=1326 audit(1724957197.997:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10436 comm="syz.3.2137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f09339c9ef9 code=0x7ffc0000 [ 183.728285][ T29] audit: type=1326 audit(1724957197.997:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10436 comm="syz.3.2137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f09339c9f33 code=0x7ffc0000 [ 183.752223][ T29] audit: type=1326 audit(1724957197.997:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10436 comm="syz.3.2137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f09339c89df code=0x7ffc0000 [ 183.776031][ T29] audit: type=1326 audit(1724957197.997:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10436 comm="syz.3.2137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f09339c9f87 code=0x7ffc0000 [ 183.800943][ T29] audit: type=1326 audit(1724957198.007:3449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10436 comm="syz.3.2137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f09339c8890 code=0x7ffc0000 [ 183.834716][T10286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.846548][T10437] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2137: corrupted in-inode xattr: invalid ea_ino [ 183.862349][T10437] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2137: couldn't read orphan inode 15 (err -117) [ 183.976093][T10286] veth0_vlan: entered promiscuous mode [ 183.986320][T10286] veth1_vlan: entered promiscuous mode [ 184.013483][T10286] veth0_macvtap: entered promiscuous mode [ 184.022535][T10286] veth1_macvtap: entered promiscuous mode [ 184.034039][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.044540][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.044561][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.044620][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.044634][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.044647][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.044662][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.044675][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.115882][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 184.115903][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.117528][T10286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.118728][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.118747][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.118759][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.118839][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.118850][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.118864][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.118875][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.118888][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.118899][T10286] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 184.118921][T10286] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 184.119715][T10286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.121148][T10286] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.121253][T10286] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.121286][T10286] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.121425][T10286] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.298038][T10485] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms [ 184.309090][T10490] loop2: detected capacity change from 0 to 512 [ 184.313579][T10490] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 184.347048][T10485] loop4: detected capacity change from 0 to 2048 [ 184.359448][T10490] EXT4-fs error (device loop2): __ext4_iget:4985: inode #11: block 1556: comm syz.2.2152: invalid block [ 184.364825][T10485] msdos: Unknown parameter 'sys_enter' [ 184.377983][T10490] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2152: couldn't read orphan inode 11 (err -117) [ 184.551770][T10509] loop2: detected capacity change from 0 to 512 [ 184.561129][T10511] loop4: detected capacity change from 0 to 256 [ 184.570282][T10509] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 184.585700][ T8782] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 184.594253][ T8782] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 184.714202][T10518] __nla_validate_parse: 4 callbacks suppressed [ 184.714228][T10518] netlink: 536 bytes leftover after parsing attributes in process `syz.1.2164'. [ 184.796558][T10523] FAULT_INJECTION: forcing a failure. [ 184.796558][T10523] name failslab, interval 1, probability 0, space 0, times 0 [ 184.809280][T10523] CPU: 1 UID: 0 PID: 10523 Comm: syz.1.2166 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 184.820182][T10523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 184.830249][T10523] Call Trace: [ 184.833534][T10523] [ 184.836478][T10523] dump_stack_lvl+0xf2/0x150 [ 184.841138][T10523] dump_stack+0x15/0x20 [ 184.845316][T10523] should_fail_ex+0x229/0x230 [ 184.850015][T10523] ? skb_clone+0x154/0x1f0 [ 184.854469][T10523] should_failslab+0x8f/0xb0 [ 184.859129][T10523] kmem_cache_alloc_noprof+0x4c/0x290 [ 184.864519][T10523] skb_clone+0x154/0x1f0 [ 184.868848][T10523] __netlink_deliver_tap+0x2bd/0x4c0 [ 184.874233][T10523] netlink_unicast+0x64a/0x670 [ 184.879087][T10523] netlink_sendmsg+0x5cc/0x6e0 [ 184.883871][T10523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.889224][T10523] __sock_sendmsg+0x140/0x180 [ 184.893974][T10523] ____sys_sendmsg+0x312/0x410 [ 184.898823][T10523] __sys_sendmsg+0x1e9/0x280 [ 184.903545][T10523] __x64_sys_sendmsg+0x46/0x50 [ 184.908378][T10523] x64_sys_call+0x2689/0x2d60 [ 184.913075][T10523] do_syscall_64+0xc9/0x1c0 [ 184.917613][T10523] ? clear_bhb_loop+0x55/0xb0 [ 184.922415][T10523] ? clear_bhb_loop+0x55/0xb0 [ 184.927103][T10523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.933092][T10523] RIP: 0033:0x7f3eb6e19ef9 [ 184.937516][T10523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.957261][T10523] RSP: 002b:00007f3eb5a91038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.965699][T10523] RAX: ffffffffffffffda RBX: 00007f3eb6fb5f80 RCX: 00007f3eb6e19ef9 [ 184.973860][T10523] RDX: 0000000000000000 RSI: 0000000020001200 RDI: 0000000000000005 [ 184.981879][T10523] RBP: 00007f3eb5a91090 R08: 0000000000000000 R09: 0000000000000000 [ 184.989856][T10523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.997833][T10523] R13: 0000000000000000 R14: 00007f3eb6fb5f80 R15: 00007fff6ab56e48 [ 185.005838][T10523] [ 185.066744][T10528] loop3: detected capacity change from 0 to 1024 [ 185.081395][T10528] EXT4-fs: Ignoring removed orlov option [ 185.087130][T10528] EXT4-fs: Ignoring removed nomblk_io_submit option [ 185.113576][T10531] loop2: detected capacity change from 0 to 512 [ 185.130231][T10536] loop1: detected capacity change from 0 to 512 [ 185.170770][T10531] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 185.184683][ T328] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.199850][T10536] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 185.240623][ T328] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.305080][ T328] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.363495][T10557] loop2: detected capacity change from 0 to 512 [ 185.392251][T10557] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.2174: corrupted in-inode xattr: invalid ea_ino [ 185.407059][ T328] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.420042][T10557] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2174: couldn't read orphan inode 15 (err -117) [ 185.472751][T10533] chnl_net:caif_netlink_parms(): no params data found [ 185.546481][T10567] EXT4-fs error (device loop2): ext4_find_dest_de:2067: inode #2: block 13: comm syz.2.2174: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 185.573371][ T328] bridge_slave_1: left allmulticast mode [ 185.579097][ T328] bridge_slave_1: left promiscuous mode [ 185.584891][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.593593][ T328] bridge_slave_0: left allmulticast mode [ 185.599496][ T328] bridge_slave_0: left promiscuous mode [ 185.605268][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.750671][ T328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.764122][ T328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.774640][ T328] bond0 (unregistering): Released all slaves [ 185.783680][ T328] bond1 (unregistering): Released all slaves [ 185.793134][ T328] bond2 (unregistering): Released all slaves [ 185.802761][ T328] bond3 (unregistering): (slave batadv1): Releasing backup interface [ 185.811650][ T328] batadv1: left allmulticast mode [ 185.818391][ T328] bond3 (unregistering): Released all slaves [ 185.829883][ T328] bond4 (unregistering): Released all slaves [ 185.841109][ T328] bond5 (unregistering): Released all slaves [ 185.872542][T10564] netlink: 264 bytes leftover after parsing attributes in process `syz.3.2169'. [ 185.914216][T10533] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.921346][T10533] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.930115][T10533] bridge_slave_0: entered allmulticast mode [ 185.936766][T10533] bridge_slave_0: entered promiscuous mode [ 185.945220][T10533] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.952356][T10533] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.960290][T10533] bridge_slave_1: entered allmulticast mode [ 185.966884][T10533] bridge_slave_1: entered promiscuous mode [ 185.982852][ T328] hsr_slave_0: left promiscuous mode [ 185.989699][ T328] hsr_slave_1: left promiscuous mode [ 185.995584][ T328] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.003054][ T328] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.010921][ T328] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.018390][ T328] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.028421][ T328] veth1_macvtap: left promiscuous mode [ 186.034025][ T328] veth0_macvtap: left promiscuous mode [ 186.039723][ T328] veth1_vlan: left promiscuous mode [ 186.044959][ T328] veth0_vlan: left promiscuous mode [ 186.136057][T10582] loop3: detected capacity change from 0 to 256 [ 186.156941][ T8342] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 186.165122][ T8342] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 186.176681][ T328] team0 (unregistering): Port device team_slave_1 removed [ 186.190266][ T328] team0 (unregistering): Port device team_slave_0 removed [ 186.211715][T10584] loop2: detected capacity change from 0 to 512 [ 186.232490][T10584] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 186.257800][T10578] pim6reg1: entered promiscuous mode [ 186.263185][T10578] pim6reg1: entered allmulticast mode [ 186.290411][T10533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.302673][T10533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.349458][T10533] team0: Port device team_slave_0 added [ 186.356087][T10533] team0: Port device team_slave_1 added [ 186.372685][T10533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.379711][T10533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.405668][T10533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.417070][T10533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.424092][T10533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.450111][T10533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.500408][T10533] hsr_slave_0: entered promiscuous mode [ 186.509581][T10533] hsr_slave_1: entered promiscuous mode [ 186.515670][T10533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 186.524168][T10533] Cannot create hsr debugfs directory [ 186.538565][T10598] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2188'. [ 186.598675][T10598] loop1: detected capacity change from 0 to 512 [ 186.641945][T10598] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.667271][T10598] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 186.776446][T10617] loop1: detected capacity change from 0 to 256 [ 186.792975][T10617] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 186.810154][ T328] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.842601][T10619] loop1: detected capacity change from 0 to 512 [ 186.852693][T10619] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.2193: corrupted in-inode xattr: invalid ea_ino [ 186.874551][ T328] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.877488][T10619] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2193: couldn't read orphan inode 15 (err -117) [ 186.910889][T10602] chnl_net:caif_netlink_parms(): no params data found [ 186.954516][T10602] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.957459][T10633] EXT4-fs error (device loop1): ext4_find_dest_de:2067: inode #2: block 13: comm syz.1.2193: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 186.961777][T10602] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.990457][T10602] bridge_slave_0: entered allmulticast mode [ 186.997326][T10602] bridge_slave_0: entered promiscuous mode [ 187.007949][ T328] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.021375][T10602] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.028627][T10602] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.038338][T10602] bridge_slave_1: entered allmulticast mode [ 187.044929][T10602] bridge_slave_1: entered promiscuous mode [ 187.061687][T10634] pim6reg1: entered promiscuous mode [ 187.067114][T10634] pim6reg1: entered allmulticast mode [ 187.076418][T10602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.088683][ T328] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.105298][T10602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.136360][T10602] team0: Port device team_slave_0 added [ 187.145959][T10602] team0: Port device team_slave_1 added [ 187.157585][T10533] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 187.172587][T10602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.179641][T10602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.205941][T10602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.221810][T10533] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 187.232213][T10602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.239299][T10602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.265608][T10602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.287693][T10533] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 187.296765][T10533] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 187.333087][T10602] hsr_slave_0: entered promiscuous mode [ 187.347136][T10602] hsr_slave_1: entered promiscuous mode [ 187.354867][T10602] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.362933][T10602] Cannot create hsr debugfs directory [ 187.380796][T10649] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 187.421527][ T328] bridge_slave_1: left allmulticast mode [ 187.422418][T10652] loop2: detected capacity change from 0 to 512 [ 187.427422][ T328] bridge_slave_1: left promiscuous mode [ 187.439388][ T328] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.447600][ T328] bridge_slave_0: left allmulticast mode [ 187.453280][T10652] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 187.453343][ T328] bridge_slave_0: left promiscuous mode [ 187.469542][ T328] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.570333][ T328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.580846][ T328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.591007][ T328] bond0 (unregistering): Released all slaves [ 187.600348][ T328] bond1 (unregistering): Released all slaves [ 187.609749][ T328] bond2 (unregistering): (slave batadv1): Releasing backup interface [ 187.618508][ T328] batadv1: left allmulticast mode [ 187.624804][ T328] bond2 (unregistering): Released all slaves [ 187.634713][ T328] bond3 (unregistering): (slave batadv2): Releasing backup interface [ 187.643801][ T328] batadv2: left allmulticast mode [ 187.650307][ T328] bond3 (unregistering): Released all slaves [ 187.659374][ T328] bond4 (unregistering): (slave batadv3): Releasing backup interface [ 187.669356][ T328] batadv3: left allmulticast mode [ 187.675943][ T328] bond4 (unregistering): Released all slaves [ 187.685002][ T328] bond5 (unregistering): Released all slaves [ 187.694822][ T328] bond6 (unregistering): Released all slaves [ 187.704021][ T328] bond7 (unregistering): (slave batadv4): Releasing backup interface [ 187.712981][ T328] batadv4: left allmulticast mode [ 187.719800][ T328] bond7 (unregistering): Released all slaves [ 187.765905][T10663] loop2: detected capacity change from 0 to 256 [ 187.772744][T10533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.774956][T10663] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 187.793355][ T328] tipc: Disabling bearer [ 187.798399][ T328] tipc: Left network mode [ 187.811833][T10533] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.814491][T10666] loop2: detected capacity change from 0 to 512 [ 187.822971][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.832137][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.846901][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.854111][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.867048][T10666] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 187.910338][ T328] hsr_slave_0: left promiscuous mode [ 187.915949][ T328] hsr_slave_1: left promiscuous mode [ 187.922266][ T328] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 187.929924][ T328] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 187.938037][ T328] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 187.945463][ T328] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 187.946429][T10672] loop2: detected capacity change from 0 to 256 [ 187.960856][T10672] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 187.971621][ T328] veth1_macvtap: left promiscuous mode [ 187.977424][ T328] veth0_macvtap: left promiscuous mode [ 187.983054][ T328] veth1_vlan: left promiscuous mode [ 187.988541][ T328] veth0_vlan: left promiscuous mode [ 188.085872][ T328] team0 (unregistering): Port device team_slave_1 removed [ 188.098058][ T328] team0 (unregistering): Port device team_slave_0 removed [ 188.119190][T10681] loop2: detected capacity change from 0 to 512 [ 188.126995][T10681] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.2213: casefold flag without casefold feature [ 188.143403][T10681] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.2213: couldn't read orphan inode 15 (err -117) [ 188.156195][T10681] EXT4-fs mount: 69 callbacks suppressed [ 188.156227][T10681] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.181318][ T29] kauditd_printk_skb: 67 callbacks suppressed [ 188.181335][ T29] audit: type=1400 audit(1724957202.497:3517): avc: denied { mounton } for pid=10680 comm="syz.2.2213" path="/27/file0/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 188.212088][ T29] audit: type=1400 audit(1724957202.527:3518): avc: denied { unlink } for pid=10286 comm="syz-executor" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 188.213106][T10533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.242622][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.322604][ T29] audit: type=1400 audit(1724957202.637:3519): avc: denied { write } for pid=10687 comm="syz.2.2214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 188.389814][T10702] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 188.392492][T10602] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 188.412065][T10533] veth0_vlan: entered promiscuous mode [ 188.421626][T10602] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 188.450821][T10602] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 188.465442][T10533] veth1_vlan: entered promiscuous mode [ 188.478462][T10602] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 188.493234][T10533] veth0_macvtap: entered promiscuous mode [ 188.503471][T10533] veth1_macvtap: entered promiscuous mode [ 188.533533][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.544373][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.554376][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.564863][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.574857][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.585454][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.595548][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.606018][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.618208][T10533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.635571][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.646060][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.656181][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.666983][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.676886][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.687442][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.697288][T10533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.707730][T10533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.719901][T10533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.729191][T10533] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.738058][T10533] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.746909][T10533] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.755861][T10533] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.802505][T10602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.895444][T10602] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.917976][ T3283] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.925119][ T3283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.951939][ T3283] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.959089][ T3283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.074157][ T29] audit: type=1326 audit(1724957203.387:3520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.076623][T10738] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.124357][ T29] audit: type=1326 audit(1724957203.417:3521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.134429][T10738] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.148082][ T29] audit: type=1326 audit(1724957203.427:3522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.178933][ T29] audit: type=1326 audit(1724957203.427:3523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.202612][ T29] audit: type=1326 audit(1724957203.427:3524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.226549][ T29] audit: type=1326 audit(1724957203.437:3525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.250191][ T29] audit: type=1326 audit(1724957203.437:3526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10735 comm="syz.2.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f7d2ad69ef9 code=0x7ffc0000 [ 189.471692][T10602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.879291][T10602] veth0_vlan: entered promiscuous mode [ 189.910096][T10602] veth1_vlan: entered promiscuous mode [ 189.984431][T10602] veth0_macvtap: entered promiscuous mode [ 189.999461][T10602] veth1_macvtap: entered promiscuous mode [ 190.028369][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.038904][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.048820][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.048840][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.048931][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.048997][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.049016][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.049032][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.049049][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.123874][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.151928][T10602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.174610][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.185128][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.185145][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.205466][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.215340][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.215361][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.215445][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.215461][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.215478][T10602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.215516][T10602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.217676][T10602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.298037][T10602] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.306901][T10602] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.315893][T10602] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.315935][T10602] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.354232][T10790] loop4: detected capacity change from 0 to 256 [ 190.364322][T10790] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 190.403005][T10794] loop4: detected capacity change from 0 to 512 [ 190.422961][T10794] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.443096][T10794] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 190.459664][T10799] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2246'. [ 190.468684][T10799] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2246'. [ 190.491825][T10799] 9pnet_fd: Insufficient options for proto=fd [ 190.503749][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.527615][T10805] loop4: detected capacity change from 0 to 512 [ 190.538985][T10805] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.552050][T10805] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 190.625501][T10805] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 190.645064][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.758839][T10830] loop4: detected capacity change from 0 to 512 [ 190.771017][T10830] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.783899][T10830] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 190.810587][T10834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2258'. [ 190.811598][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.819540][T10834] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2258'. [ 190.846879][T10837] loop4: detected capacity change from 0 to 512 [ 190.859143][T10837] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.871821][T10837] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 190.909077][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.963599][T10843] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 190.971862][T10843] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 190.998747][T10847] loop4: detected capacity change from 0 to 512 [ 191.009030][T10847] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.022152][T10847] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 191.066701][T10847] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 191.086483][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.117043][T10855] FAULT_INJECTION: forcing a failure. [ 191.117043][T10855] name failslab, interval 1, probability 0, space 0, times 0 [ 191.130062][T10855] CPU: 0 UID: 0 PID: 10855 Comm: syz.4.2264 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 191.141043][T10855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 191.151199][T10855] Call Trace: [ 191.154581][T10855] [ 191.157520][T10855] dump_stack_lvl+0xf2/0x150 [ 191.162131][T10855] dump_stack+0x15/0x20 [ 191.166315][T10855] should_fail_ex+0x229/0x230 [ 191.171171][T10855] ? skb_clone+0x154/0x1f0 [ 191.175626][T10855] should_failslab+0x8f/0xb0 [ 191.180259][T10855] kmem_cache_alloc_noprof+0x4c/0x290 [ 191.185668][T10855] skb_clone+0x154/0x1f0 [ 191.189979][T10855] __netlink_deliver_tap+0x2bd/0x4c0 [ 191.195343][T10855] netlink_unicast+0x64a/0x670 [ 191.200184][T10855] netlink_sendmsg+0x5cc/0x6e0 [ 191.205021][T10855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.210342][T10855] __sock_sendmsg+0x140/0x180 [ 191.215223][T10855] ____sys_sendmsg+0x312/0x410 [ 191.220103][T10855] __sys_sendmsg+0x1e9/0x280 [ 191.224790][T10855] __x64_sys_sendmsg+0x46/0x50 [ 191.229575][T10855] x64_sys_call+0x2689/0x2d60 [ 191.234346][T10855] do_syscall_64+0xc9/0x1c0 [ 191.238970][T10855] ? clear_bhb_loop+0x55/0xb0 [ 191.243747][T10855] ? clear_bhb_loop+0x55/0xb0 [ 191.248517][T10855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.254554][T10855] RIP: 0033:0x7f39d2179ef9 [ 191.258992][T10855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.278851][T10855] RSP: 002b:00007f39d0df7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 191.287524][T10855] RAX: ffffffffffffffda RBX: 00007f39d2315f80 RCX: 00007f39d2179ef9 [ 191.295572][T10855] RDX: 0000000000000000 RSI: 0000000020001200 RDI: 0000000000000003 [ 191.303797][T10855] RBP: 00007f39d0df7090 R08: 0000000000000000 R09: 0000000000000000 [ 191.311872][T10855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.320082][T10855] R13: 0000000000000000 R14: 00007f39d2315f80 R15: 00007ffeec2edee8 [ 191.328114][T10855] [ 191.462240][T10866] loop4: detected capacity change from 0 to 512 [ 191.479360][T10866] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.492011][T10866] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 191.518837][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.541769][T10871] loop4: detected capacity change from 0 to 256 [ 191.549792][T10871] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 191.581591][T10874] loop4: detected capacity change from 0 to 512 [ 191.611330][T10874] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.624377][T10874] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 191.658117][T10881] pim6reg1: entered promiscuous mode [ 191.663470][T10881] pim6reg1: entered allmulticast mode [ 191.689482][T10883] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 191.717087][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.758654][T10891] loop4: detected capacity change from 0 to 512 [ 191.769752][T10891] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.782550][T10891] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 191.840545][T10891] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 191.862365][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.896471][T10909] loop4: detected capacity change from 0 to 256 [ 191.905817][T10909] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 191.933447][T10914] loop4: detected capacity change from 0 to 512 [ 191.943160][T10910] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2285'. [ 191.950943][T10914] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 191.952089][T10910] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2285'. [ 191.966308][T10914] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 191.977076][T10912] pim6reg1: entered promiscuous mode [ 191.989147][T10912] pim6reg1: entered allmulticast mode [ 192.029118][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.047946][T10919] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 192.089691][T10923] loop4: detected capacity change from 0 to 512 [ 192.100730][T10923] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.113511][T10923] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 192.159621][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.305167][T10945] loop2: detected capacity change from 0 to 512 [ 192.320972][T10945] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.334536][T10945] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 192.373724][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.485758][T10961] loop4: detected capacity change from 0 to 512 [ 192.498739][T10961] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.511678][T10961] ext4 filesystem being mounted at /35/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 192.548709][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.651205][T10972] loop2: detected capacity change from 0 to 512 [ 192.669092][T10972] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.681908][T10972] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 192.708217][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.787995][T10979] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2309'. [ 192.971707][ T11] bridge_slave_1: left allmulticast mode [ 192.977644][ T11] bridge_slave_1: left promiscuous mode [ 192.983838][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.012076][ T11] bridge_slave_0: left allmulticast mode [ 193.017807][ T11] bridge_slave_0: left promiscuous mode [ 193.023465][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.260469][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.271181][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.281927][ T11] bond0 (unregistering): Released all slaves [ 193.291506][ T11] bond1 (unregistering): Released all slaves [ 193.299407][T10985] netlink: 264 bytes leftover after parsing attributes in process `syz.0.2312'. [ 193.405521][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 193.405539][ T29] audit: type=1326 audit(1724957207.717:3563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.435391][ T29] audit: type=1326 audit(1724957207.717:3564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.435428][ T29] audit: type=1326 audit(1724957207.717:3565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.435461][ T29] audit: type=1326 audit(1724957207.717:3566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.435503][ T29] audit: type=1326 audit(1724957207.717:3567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.435571][ T29] audit: type=1326 audit(1724957207.717:3568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.475105][ T29] audit: type=1326 audit(1724957207.747:3569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.475148][ T29] audit: type=1326 audit(1724957207.747:3570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.475413][ T29] audit: type=1326 audit(1724957207.787:3571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.475549][ T29] audit: type=1326 audit(1724957207.787:3572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10993 comm="syz.1.2315" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 193.478707][ T11] hsr_slave_0: left promiscuous mode [ 193.528057][ T11] hsr_slave_1: left promiscuous mode [ 193.589139][T11002] loop3: detected capacity change from 0 to 256 [ 193.610238][T11003] FAULT_INJECTION: forcing a failure. [ 193.610238][T11003] name failslab, interval 1, probability 0, space 0, times 0 [ 193.624119][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 193.624170][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 193.639522][T10602] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 193.653180][T11003] CPU: 0 UID: 0 PID: 11003 Comm: syz.0.2318 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 193.678623][T10602] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 193.681806][T11003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 193.756636][T11003] Call Trace: [ 193.756651][T11003] [ 193.756672][T11003] dump_stack_lvl+0xf2/0x150 [ 193.767916][T11003] dump_stack+0x15/0x20 [ 193.772194][T11003] should_fail_ex+0x229/0x230 [ 193.776995][T11003] ? alloc_fdtable+0x72/0x190 [ 193.781714][T11003] should_failslab+0x8f/0xb0 [ 193.786481][T11003] __kmalloc_cache_noprof+0x4b/0x2a0 [ 193.791822][T11003] alloc_fdtable+0x72/0x190 [ 193.796495][T11003] dup_fd+0x56d/0x6c0 [ 193.800527][T11003] copy_files+0xc1/0x130 [ 193.804183][T11007] loop4: detected capacity change from 0 to 512 [ 193.804797][T11003] copy_process+0xe45/0x1f90 [ 193.815674][T11003] kernel_clone+0x167/0x5e0 [ 193.820256][T11003] __x64_sys_clone+0xe8/0x120 [ 193.820421][T11007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.824964][T11003] x64_sys_call+0x2d23/0x2d60 [ 193.839928][T11007] ext4 filesystem being mounted at /39/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 193.842323][T11003] do_syscall_64+0xc9/0x1c0 [ 193.842352][T11003] ? clear_bhb_loop+0x55/0xb0 [ 193.842373][T11003] ? clear_bhb_loop+0x55/0xb0 [ 193.842393][T11003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.872405][T11003] RIP: 0033:0x7fbd89939ef9 [ 193.876872][T11003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.896516][T11003] RSP: 002b:00007fbd885b0fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 193.904954][T11003] RAX: ffffffffffffffda RBX: 00007fbd89ad5f80 RCX: 00007fbd89939ef9 [ 193.912931][T11003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 193.920905][T11003] RBP: 00007fbd885b1090 R08: 0000000000000000 R09: 0000000000000000 [ 193.928973][T11003] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 193.936959][T11003] R13: 0000000000000000 R14: 00007fbd89ad5f80 R15: 00007ffe62cac0f8 [ 193.945021][T11003] [ 193.948591][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 193.956081][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 193.969267][ T11] veth1_macvtap: left promiscuous mode [ 193.974853][ T11] veth0_macvtap: left promiscuous mode [ 193.980695][ T11] veth1_vlan: left promiscuous mode [ 193.985959][ T11] veth0_vlan: left promiscuous mode [ 193.997101][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.055840][T11015] loop4: detected capacity change from 0 to 1024 [ 194.085575][T11015] EXT4-fs: Ignoring removed orlov option [ 194.091500][T11015] EXT4-fs: Ignoring removed nomblk_io_submit option [ 194.110553][T11015] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.145532][ T11] team0 (unregistering): Port device team_slave_1 removed [ 194.156717][ T11] team0 (unregistering): Port device team_slave_0 removed [ 194.221804][T11021] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 194.230080][T11021] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 194.590188][T11015] netlink: 264 bytes leftover after parsing attributes in process `syz.4.2324'. [ 194.618685][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.666165][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.723732][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.751535][T11046] chnl_net:caif_netlink_parms(): no params data found [ 194.781837][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.792705][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.816358][T11046] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.823790][T11046] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.831067][T11046] bridge_slave_0: entered allmulticast mode [ 194.837705][T11046] bridge_slave_0: entered promiscuous mode [ 194.844648][T11046] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.851757][T11046] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.858993][T11046] bridge_slave_1: entered allmulticast mode [ 194.865577][T11046] bridge_slave_1: entered promiscuous mode [ 194.895799][T11046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.911561][T11046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.920932][ T11] bridge_slave_1: left allmulticast mode [ 194.926624][ T11] bridge_slave_1: left promiscuous mode [ 194.932323][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.940259][ T11] bridge_slave_0: left allmulticast mode [ 194.945907][ T11] bridge_slave_0: left promiscuous mode [ 194.946155][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.050209][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.061490][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.071884][ T11] bond0 (unregistering): Released all slaves [ 195.100919][T11046] team0: Port device team_slave_0 added [ 195.107815][T11046] team0: Port device team_slave_1 added [ 195.126076][T11046] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.133253][T11046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.159539][T11046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.172805][T11046] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.179940][T11046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.206564][T11046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.255068][T11070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2342'. [ 195.289626][ T11] hsr_slave_0: left promiscuous mode [ 195.296102][ T11] hsr_slave_1: left promiscuous mode [ 195.301579][T11076] loop2: detected capacity change from 0 to 256 [ 195.309510][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.317590][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.327062][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.334566][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.346175][ T11] veth1_macvtap: left promiscuous mode [ 195.351852][ T11] veth0_macvtap: left promiscuous mode [ 195.357485][ T11] veth1_vlan: left promiscuous mode [ 195.362806][ T11] veth0_vlan: left promiscuous mode [ 195.369303][T11076] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 195.491610][ T11] team0 (unregistering): Port device team_slave_1 removed [ 195.503414][ T11] team0 (unregistering): Port device team_slave_0 removed [ 195.552405][T11046] hsr_slave_0: entered promiscuous mode [ 195.559234][T11046] hsr_slave_1: entered promiscuous mode [ 195.565309][T11046] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 195.572997][T11046] Cannot create hsr debugfs directory [ 195.702477][T11104] loop2: detected capacity change from 0 to 256 [ 195.709110][T11104] msdos: Bad value for 'gid' [ 195.713737][T11104] msdos: Bad value for 'gid' [ 195.764359][T11106] loop2: detected capacity change from 0 to 2048 [ 195.780141][T11106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.804566][T11113] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 195.804566][T11113] The task syz.1.2355 (11113) triggered the difference, watch for misbehavior. [ 195.846661][T11116] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2358'. [ 195.920538][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.942032][T11119] loop2: detected capacity change from 0 to 256 [ 195.951290][T11119] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 195.994473][T11046] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 196.005306][T11122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2360'. [ 196.014458][T11122] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2360'. [ 196.033099][T11046] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 196.043847][T11046] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 196.055026][T11046] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 196.100860][T11046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.115351][T11046] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.145023][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.152166][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.181482][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.188699][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.264735][T11046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.364944][T11046] veth0_vlan: entered promiscuous mode [ 196.384378][T11046] veth1_vlan: entered promiscuous mode [ 196.402977][T11116] syz.4.2358 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 196.414065][T11116] CPU: 1 UID: 0 PID: 11116 Comm: syz.4.2358 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 196.424885][T11116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 196.435393][T11116] Call Trace: [ 196.438708][T11116] [ 196.441666][T11116] dump_stack_lvl+0xf2/0x150 [ 196.446275][T11116] dump_stack+0x15/0x20 [ 196.450437][T11116] dump_header+0x83/0x2d0 [ 196.454811][T11116] oom_kill_process+0x341/0x4c0 [ 196.459819][T11116] out_of_memory+0x9af/0xbe0 [ 196.464434][T11116] ? __rcu_read_unlock+0x4e/0x70 [ 196.469533][T11116] mem_cgroup_out_of_memory+0x13e/0x190 [ 196.475188][T11116] try_charge_memcg+0x51b/0x810 [ 196.480060][T11116] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 196.486237][T11116] __read_swap_cache_async+0x2b7/0x520 [ 196.491795][T11116] swap_cluster_readahead+0x276/0x3f0 [ 196.497223][T11116] swapin_readahead+0xe4/0x760 [ 196.502072][T11116] ? __filemap_get_folio+0x420/0x5b0 [ 196.507465][T11116] ? swap_cache_get_folio+0x77/0x210 [ 196.512929][T11116] do_swap_page+0x3da/0x1ef0 [ 196.518167][T11116] ? strlen+0x19/0x30 [ 196.522191][T11116] ? __rcu_read_lock+0x36/0x50 [ 196.527058][T11116] ? pte_offset_map_nolock+0x124/0x1d0 [ 196.532535][T11116] handle_mm_fault+0x8cb/0x2a30 [ 196.537663][T11116] exc_page_fault+0x296/0x650 [ 196.542389][T11116] asm_exc_page_fault+0x26/0x30 [ 196.547298][T11116] RIP: 0010:__import_iovec+0x10c/0x520 [ 196.552851][T11116] Code: 6f e8 78 da 73 ff 4c 89 e7 e8 20 52 8c ff 49 c7 04 24 00 00 00 00 e9 11 03 00 00 4d 85 f6 0f 88 8e 03 00 00 0f 01 cb 0f ae e8 <49> 8b 5e 08 4d 89 e7 49 8b 2e 45 31 e4 31 ff 48 89 de e8 1d df 73 [ 196.572562][T11116] RSP: 0018:ffffc90003c93cc8 EFLAGS: 00050206 [ 196.578664][T11116] RAX: ffff888107a65d00 RBX: 0000000000000001 RCX: ffffffff81bbf859 [ 196.586654][T11116] RDX: 000000000000057c RSI: 0000000000000000 RDI: ffffc90003c93dc8 [ 196.594657][T11116] RBP: 0000000000000000 R08: 0001c90003c93dcf R09: 0000000000000000 [ 196.602637][T11116] R10: 0001ffffffffffff R11: 0001c90003c93dc8 R12: ffffc90003c93dc8 [ 196.610885][T11116] R13: ffffc90003c93dd0 R14: 00000000200018c0 R15: 0000000000000008 [ 196.618867][T11116] ? __import_iovec+0x49/0x520 [ 196.623768][T11116] ? __import_iovec+0x49/0x520 [ 196.628576][T11116] import_iovec+0xbc/0xd0 [ 196.632970][T11116] vfs_readv+0xec/0x660 [ 196.637148][T11116] ? restore_sigcontext+0x1b5/0x220 [ 196.642464][T11116] do_readv+0xf8/0x220 [ 196.646545][T11116] __x64_sys_readv+0x45/0x50 [ 196.651186][T11116] x64_sys_call+0x2bd9/0x2d60 [ 196.655889][T11116] do_syscall_64+0xc9/0x1c0 [ 196.660540][T11116] ? clear_bhb_loop+0x55/0xb0 [ 196.665227][T11116] ? clear_bhb_loop+0x55/0xb0 [ 196.670040][T11116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.675959][T11116] RIP: 0033:0x7f39d2179ef9 [ 196.680457][T11116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.700262][T11116] RSP: 002b:00007f39d0df7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 196.708933][T11116] RAX: ffffffffffffffda RBX: 00007f39d2315f80 RCX: 00007f39d2179ef9 [ 196.716916][T11116] RDX: 0000000000000001 RSI: 00000000200018c0 RDI: 0000000000000005 [ 196.725387][T11116] RBP: 00007f39d21e793e R08: 0000000000000000 R09: 0000000000000000 [ 196.733424][T11116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 196.741404][T11116] R13: 0000000000000000 R14: 00007f39d2315f80 R15: 00007ffeec2edee8 [ 196.749527][T11116] [ 196.752890][T11116] memory: usage 307184kB, limit 307200kB, failcnt 2502 [ 196.759870][T11116] memory+swap: usage 299600kB, limit 9007199254740988kB, failcnt 0 [ 196.767828][T11116] kmem: usage 285520kB, limit 9007199254740988kB, failcnt 0 [ 196.775124][T11116] Memory cgroup stats for /syz4: [ 196.779061][T11046] veth0_macvtap: entered promiscuous mode [ 196.805467][T11116] cache 172032 [ 196.810245][T11116] rss 40960 [ 196.813481][T11116] shmem 0 [ 196.817204][T11116] mapped_file 167936 [ 196.821109][T11116] dirty 167936 [ 196.824485][T11116] writeback 40960 [ 196.828154][T11116] workingset_refault_anon 12 [ 196.832091][T11136] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 196.832740][T11116] workingset_refault_file 0 [ 196.832752][T11116] swap 139264 [ 196.849325][T11116] swapcached 90112 [ 196.853156][T11116] pgpgin 188028 [ 196.856665][T11116] pgpgout 187964 [ 196.860348][T11116] pgfault 213582 [ 196.863986][T11116] pgmajfault 8 [ 196.867556][T11116] inactive_anon 40960 [ 196.871693][T11116] active_anon 49152 [ 196.875562][T11116] inactive_file 167936 [ 196.879763][T11116] active_file 4096 [ 196.883492][T11116] unevictable 0 [ 196.886960][T11116] hierarchical_memory_limit 314572800 [ 196.892452][T11116] hierarchical_memsw_limit 9223372036854771712 [ 196.898854][T11116] total_cache 172032 [ 196.902900][T11116] total_rss 40960 [ 196.906551][T11116] total_shmem 0 [ 196.910084][T11116] total_mapped_file 167936 [ 196.914525][T11116] total_dirty 167936 [ 196.918461][T11116] total_writeback 40960 [ 196.922718][T11116] total_workingset_refault_anon 12 [ 196.927855][T11116] total_workingset_refault_file 0 [ 196.933004][T11116] total_swap 139264 [ 196.936808][T11116] total_swapcached 90112 [ 196.941082][T11116] total_pgpgin 188028 [ 196.945067][T11116] total_pgpgout 187964 [ 196.949168][T11116] total_pgfault 213582 [ 196.953411][T11116] total_pgmajfault 8 [ 196.957351][T11116] total_inactive_anon 40960 [ 196.961856][T11116] total_active_anon 49152 [ 196.966195][T11116] total_inactive_file 167936 [ 196.970986][T11116] total_active_file 4096 [ 196.975493][T11116] total_unevictable 0 [ 196.979596][T11116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.2358,pid=11115,uid=0 [ 196.994626][T11116] Memory cgroup out of memory: Killed process 11116 (syz.4.2358) total-vm:89312kB, anon-rss:520kB, file-rss:18228kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 197.020073][T11046] veth1_macvtap: entered promiscuous mode [ 197.033769][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.044317][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.054280][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.065028][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.075267][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.085893][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.095861][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.106312][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.150429][T11046] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.160519][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.171076][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.181072][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.191662][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.201513][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.212003][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.222065][T11046] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.232581][T11046] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.244595][T11046] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.254493][T11046] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.263805][T11046] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.272662][T11046] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.281456][T11046] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.306719][T11155] usb usb8: usbfs: process 11155 (syz.0.2365) did not claim interface 0 before use [ 197.334052][T11163] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 197.360249][T11167] sch_fq: defrate 0 ignored. [ 197.374654][T11169] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms [ 197.478940][T11185] pim6reg1: entered promiscuous mode [ 197.484319][T11185] pim6reg1: entered allmulticast mode [ 197.495362][T11187] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2380'. [ 197.511669][T11187] tmpfs: Bad value for 'mpol' [ 197.532660][T11192] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2381'. [ 197.573421][T11194] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 197.585902][T11196] sch_fq: defrate 0 ignored. [ 197.631907][T11203] loop4: detected capacity change from 0 to 512 [ 197.652241][T11203] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 197.666983][T11203] ext4 filesystem being mounted at /52/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 197.683982][T11208] FAULT_INJECTION: forcing a failure. [ 197.683982][T11208] name failslab, interval 1, probability 0, space 0, times 0 [ 197.696832][T11208] CPU: 1 UID: 0 PID: 11208 Comm: syz.1.2387 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 197.707968][T11208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 197.718052][T11208] Call Trace: [ 197.721373][T11208] [ 197.724364][T11208] dump_stack_lvl+0xf2/0x150 [ 197.729168][T11208] dump_stack+0x15/0x20 [ 197.733358][T11208] should_fail_ex+0x229/0x230 [ 197.738228][T11208] ? __kvmalloc_node_noprof+0x72/0x170 [ 197.743718][T11208] should_failslab+0x8f/0xb0 [ 197.748451][T11208] __kmalloc_node_noprof+0xa8/0x380 [ 197.753998][T11208] __kvmalloc_node_noprof+0x72/0x170 [ 197.759349][T11208] alloc_netdev_mqs+0x9d/0x8d0 [ 197.764333][T11208] ? __pfx_vti6_dev_setup+0x10/0x10 [ 197.769637][T11208] ? selinux_capable+0x1f2/0x260 [ 197.774711][T11208] vti6_locate+0x30a/0x3c0 [ 197.779167][T11208] vti6_siocdevprivate+0x57b/0x910 [ 197.784319][T11208] ? __pfx_vti6_siocdevprivate+0x10/0x10 [ 197.790104][T11208] dev_ifsioc+0x84e/0xa10 [ 197.794466][T11208] dev_ioctl+0x8e9/0xab0 [ 197.798755][T11208] sock_ioctl+0x5c0/0x640 [ 197.803212][T11208] ? __pfx_sock_ioctl+0x10/0x10 [ 197.808092][T11208] __se_sys_ioctl+0xd3/0x150 [ 197.812722][T11208] __x64_sys_ioctl+0x43/0x50 [ 197.817346][T11208] x64_sys_call+0x15cc/0x2d60 [ 197.822042][T11208] do_syscall_64+0xc9/0x1c0 [ 197.826623][T11208] ? clear_bhb_loop+0x55/0xb0 [ 197.831319][T11208] ? clear_bhb_loop+0x55/0xb0 [ 197.836049][T11208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.841976][T11208] RIP: 0033:0x7f3eb6e19ef9 [ 197.846398][T11208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.866044][T11208] RSP: 002b:00007f3eb5a91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.874549][T11208] RAX: ffffffffffffffda RBX: 00007f3eb6fb5f80 RCX: 00007f3eb6e19ef9 [ 197.882705][T11208] RDX: 0000000020000900 RSI: 00000000000089f1 RDI: 0000000000000004 [ 197.890772][T11208] RBP: 00007f3eb5a91090 R08: 0000000000000000 R09: 0000000000000000 [ 197.898800][T11208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.906780][T11208] R13: 0000000000000000 R14: 00007f3eb6fb5f80 R15: 00007fff6ab56e48 [ 197.915028][T11208] [ 197.950006][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.045463][T11218] loop4: detected capacity change from 0 to 512 [ 198.055218][T11218] EXT4-fs error (device loop4): ext4_orphan_get:1391: inode #15: comm syz.4.2390: casefold flag without casefold feature [ 198.069791][T11218] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.2390: couldn't read orphan inode 15 (err -117) [ 198.083606][T11218] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 198.116787][T11218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.160730][T11218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.189820][T11230] pim6reg1: entered promiscuous mode [ 198.195223][T11230] pim6reg1: entered allmulticast mode [ 198.232662][T11233] sch_fq: defrate 0 ignored. [ 198.262659][T11235] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11235 comm=syz.4.2390 [ 198.320388][T11234] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 198.378057][T11241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2399'. [ 198.386997][T11241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2399'. [ 198.399826][T11245] ebt_limit: overflow, try lower: 0/0 [ 198.460392][ T29] kauditd_printk_skb: 116 callbacks suppressed [ 198.460407][ T29] audit: type=1326 audit(1724957212.777:3689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.490946][ T29] audit: type=1326 audit(1724957212.777:3690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.516409][ T29] audit: type=1326 audit(1724957212.807:3691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.539994][ T29] audit: type=1326 audit(1724957212.807:3692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.563626][ T29] audit: type=1326 audit(1724957212.807:3693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.587402][ T29] audit: type=1326 audit(1724957212.827:3694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.610956][ T29] audit: type=1326 audit(1724957212.827:3695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.625158][T11260] pim6reg1: entered promiscuous mode [ 198.634502][ T29] audit: type=1326 audit(1724957212.827:3696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.639899][T11260] pim6reg1: entered allmulticast mode [ 198.686754][ T29] audit: type=1326 audit(1724957212.827:3697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11251 comm="syz.1.2402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 198.817451][T11265] sch_fq: defrate 0 ignored. [ 198.882234][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.888068][T11273] FAULT_INJECTION: forcing a failure. [ 198.888068][T11273] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 198.904567][T11273] CPU: 1 UID: 0 PID: 11273 Comm: syz.3.2411 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 198.915380][T11273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 198.925473][T11273] Call Trace: [ 198.928916][T11273] [ 198.931928][T11273] dump_stack_lvl+0xf2/0x150 [ 198.936542][T11273] dump_stack+0x15/0x20 [ 198.940711][T11273] should_fail_ex+0x229/0x230 [ 198.945591][T11273] should_fail_alloc_page+0xfd/0x110 [ 198.950933][T11273] __alloc_pages_noprof+0x109/0x360 [ 198.956160][T11273] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 198.961603][T11273] alloc_pages_noprof+0xe1/0x100 [ 198.966613][T11273] pte_alloc_one+0x32/0xf0 [ 198.971106][T11273] ? __rcu_read_unlock+0x4e/0x70 [ 198.976062][T11273] handle_mm_fault+0x10c1/0x2a30 [ 198.981042][T11273] exc_page_fault+0x296/0x650 [ 198.985780][T11273] asm_exc_page_fault+0x26/0x30 [ 198.990706][T11273] RIP: 0010:__get_user_4+0x11/0x20 [ 198.995967][T11273] Code: 01 ca c3 cc cc cc cc 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 c2 48 c1 fa 3f 48 09 d0 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 199.015924][T11273] RSP: 0018:ffffc90001823db8 EFLAGS: 00050206 [ 199.022020][T11273] RAX: 0000000020000100 RBX: ffff88810056d040 RCX: 0000000000000000 [ 199.030001][T11273] RDX: 0000000000000000 RSI: 0000000000000107 RDI: 0000000000000107 [ 199.038538][T11273] RBP: 0000000000000107 R08: ffffffff848f7eb2 R09: 0000000000000000 [ 199.046521][T11273] R10: ffffc90001823dd0 R11: 0001c90001823df4 R12: 0000000020000100 [ 199.054501][T11273] R13: 0000000000000006 R14: ffff8881188e4000 R15: 0000000000000006 [ 199.062607][T11273] ? packet_getsockopt+0x82/0x6f0 [ 199.067693][T11273] packet_getsockopt+0x92/0x6f0 [ 199.072687][T11273] do_sock_getsockopt+0x121/0x1a0 [ 199.077933][T11273] ? __pfx_packet_getsockopt+0x10/0x10 [ 199.083497][T11273] __sys_getsockopt+0x19a/0x210 [ 199.088395][T11273] __x64_sys_getsockopt+0x66/0x80 [ 199.093490][T11273] x64_sys_call+0x11cd/0x2d60 [ 199.098309][T11273] do_syscall_64+0xc9/0x1c0 [ 199.102825][T11273] ? clear_bhb_loop+0x55/0xb0 [ 199.107815][T11273] ? clear_bhb_loop+0x55/0xb0 [ 199.112501][T11273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.118499][T11273] RIP: 0033:0x7fac63fd9ef9 [ 199.123061][T11273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.142921][T11273] RSP: 002b:00007fac62c51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 199.151731][T11273] RAX: ffffffffffffffda RBX: 00007fac64175f80 RCX: 00007fac63fd9ef9 [ 199.159858][T11273] RDX: 0000000000000006 RSI: 0000000000000107 RDI: 0000000000000003 [ 199.167920][T11273] RBP: 00007fac62c51090 R08: 0000000020000100 R09: 0000000000000000 [ 199.176030][T11273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.184008][T11273] R13: 0000000000000000 R14: 00007fac64175f80 R15: 00007ffd1e0348b8 [ 199.192046][T11273] [ 199.210503][T11271] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 199.255166][T11278] loop4: detected capacity change from 0 to 164 [ 199.262831][T11278] Unable to read rock-ridge attributes [ 199.269570][ T29] audit: type=1400 audit(1724957213.587:3698): avc: denied { mount } for pid=11277 comm="syz.4.2412" name="/" dev="loop4" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 199.274280][T11286] pim6reg1: entered promiscuous mode [ 199.297557][T11286] pim6reg1: entered allmulticast mode [ 199.325275][T11289] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2418'. [ 199.361735][T11293] loop4: detected capacity change from 0 to 1024 [ 199.369372][T11293] EXT4-fs: Ignoring removed orlov option [ 199.380735][T11293] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 199.408537][T11301] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 199.432381][T11293] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2419'. [ 199.514597][T11318] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2419'. [ 199.536176][T11312] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 199.590961][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.632303][T11329] loop4: detected capacity change from 0 to 512 [ 199.639728][T11329] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 199.666787][T11333] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 200.301540][T11353] loop3: detected capacity change from 0 to 512 [ 200.310423][T11354] loop4: detected capacity change from 0 to 512 [ 200.317663][T11354] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 200.326933][T11354] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 200.338198][T11354] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 200.349108][T11354] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 200.357234][T11354] System zones: 0-2, 18-18, 34-34 [ 200.363139][T11354] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1137: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 200.378955][T11353] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.392438][T11353] ext4 filesystem being mounted at /7/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 200.403208][T11354] EXT4-fs (loop4): 1 truncate cleaned up [ 200.410239][T11354] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.506353][T11363] EXT4-fs error (device loop4): ext4_generic_delete_entry:2678: inode #12: block 13: comm syz.4.2440: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=4096 fake=0 [ 200.535572][T11353] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 200.539801][T11363] EXT4-fs error (device loop4) in ext4_delete_entry:2749: Corrupt filesystem [ 200.561270][T11371] loop2: detected capacity change from 0 to 512 [ 200.571957][T11372] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 200.586913][T11046] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.600776][T11371] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.613662][T11378] loop3: detected capacity change from 0 to 256 [ 200.614321][T11378] msdos: Bad value for 'gid' [ 200.614339][T11378] msdos: Bad value for 'gid' [ 200.615637][T11371] ext4 filesystem being mounted at /72/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 200.684318][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.845052][T11408] sch_fq: defrate 0 ignored. [ 200.890889][T11414] loop2: detected capacity change from 0 to 512 [ 200.908982][T11414] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.919059][T11417] FAULT_INJECTION: forcing a failure. [ 200.919059][T11417] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.921754][T11414] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 200.934571][T11417] CPU: 0 UID: 0 PID: 11417 Comm: syz.0.2461 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 200.934604][T11417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 200.965966][T11417] Call Trace: [ 200.965979][T11417] [ 200.965990][T11417] dump_stack_lvl+0xf2/0x150 [ 200.966026][T11417] dump_stack+0x15/0x20 [ 200.966052][T11417] should_fail_ex+0x229/0x230 [ 200.966083][T11417] should_fail+0xb/0x10 [ 200.966190][T11417] should_fail_usercopy+0x1a/0x20 [ 200.966281][T11417] strncpy_from_user+0x25/0x270 [ 200.966318][T11417] ? kmem_cache_alloc_noprof+0x10c/0x290 [ 200.966356][T11417] getname_flags+0xb0/0x3b0 [ 200.966402][T11417] getname+0x17/0x20 [ 200.966434][T11417] do_sys_openat2+0x67/0x120 [ 200.966459][T11417] __x64_sys_openat+0xf3/0x120 [ 200.966488][T11417] x64_sys_call+0x1025/0x2d60 [ 200.966576][T11417] do_syscall_64+0xc9/0x1c0 [ 200.966607][T11417] ? clear_bhb_loop+0x55/0xb0 [ 200.966626][T11417] ? clear_bhb_loop+0x55/0xb0 [ 200.966647][T11417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.966712][T11417] RIP: 0033:0x7fbd89938890 [ 200.966731][T11417] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44 [ 200.966755][T11417] RSP: 002b:00007fbd8858ff00 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 200.966814][T11417] RAX: ffffffffffffffda RBX: 0000000000004100 RCX: 00007fbd89938890 [ 200.966829][T11417] RDX: 0000000000004100 RSI: 00007fbd8858ffa0 RDI: 00000000ffffff9c [ 200.966844][T11417] RBP: 00007fbd8858ffa0 R08: 0000000000000000 R09: 00007fbd8858fd17 [ 200.966858][T11417] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 200.966874][T11417] R13: 0000000000000000 R14: 00007fbd89ad6058 R15: 00007ffe62cac0f8 [ 200.966898][T11417] [ 200.988650][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.208170][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.279172][T11432] loop4: detected capacity change from 0 to 512 [ 201.292120][T11432] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.304834][T11432] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 201.336518][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.339487][T11438] sch_fq: defrate 0 ignored. [ 201.373692][T11442] loop2: detected capacity change from 0 to 512 [ 201.390423][T11442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.403463][T11442] ext4 filesystem being mounted at /83/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 201.428835][T11447] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms [ 201.459086][T10286] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.467466][T11447] loop4: detected capacity change from 0 to 2048 [ 201.475134][T11447] msdos: Unknown parameter 'sys_enter' [ 201.500284][T11453] __nla_validate_parse: 2 callbacks suppressed [ 201.500300][T11453] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2476'. [ 201.660337][T11465] pim6reg1: entered promiscuous mode [ 201.665681][T11465] pim6reg1: entered allmulticast mode [ 201.725229][T11467] sch_fq: defrate 0 ignored. [ 201.953673][T11477] (unnamed net_device) (uninitialized): peer notification delay (31) is not a multiple of miimon (100), value rounded to 0 ms [ 201.978895][T11489] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2489'. [ 202.059597][T11498] sch_fq: defrate 0 ignored. [ 202.184407][T11506] pim6reg1: entered promiscuous mode [ 202.184901][T11508] loop2: detected capacity change from 0 to 128 [ 202.189842][T11506] pim6reg1: entered allmulticast mode [ 202.200172][T11508] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 202.214159][T11508] ext4 filesystem being mounted at /86/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 202.277273][T11508] loop2: detected capacity change from 128 to 64 [ 202.285703][T11508] EXT4-fs error (device loop2): __ext4_new_inode:1070: comm syz.2.2498: reserved inode found cleared - inode=5 [ 202.306218][T10286] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 4: comm syz-executor: bad entry in directory: inode out of bounds - offset=0, inode=201326592, rec_len=256, size=1024 fake=0 [ 202.326286][T10286] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5810: Out of memory [ 202.337661][T10286] EXT4-fs error (device loop2): ext4_dirty_inode:6014: inode #2: comm syz-executor: mark_inode_dirty error [ 202.357716][T10286] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 202.514176][T11524] sch_fq: defrate 0 ignored. [ 202.728762][T11540] loop4: detected capacity change from 0 to 256 [ 202.736402][T11540] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 202.844051][T11559] loop3: detected capacity change from 0 to 512 [ 202.874743][T11561] loop4: detected capacity change from 0 to 512 [ 202.884664][T11561] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 202.894435][T11559] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.907066][T11559] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 202.909274][T11561] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.945316][T11561] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 202.957035][ T3283] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.017010][T11559] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 203.032078][ T3283] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.044647][T11577] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2527'. [ 203.069962][T11046] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.095780][ T3283] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.105035][T11583] loop3: detected capacity change from 0 to 256 [ 203.113939][T11583] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 203.128297][T11561] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2521'. [ 203.139483][T11561] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2521'. [ 203.151710][T11587] FAULT_INJECTION: forcing a failure. [ 203.151710][T11587] name failslab, interval 1, probability 0, space 0, times 0 [ 203.164523][T11587] CPU: 1 UID: 0 PID: 11587 Comm: syz.3.2529 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 203.169963][T11541] chnl_net:caif_netlink_parms(): no params data found [ 203.175302][T11587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 203.192156][T11587] Call Trace: [ 203.195460][T11587] [ 203.198400][T11587] dump_stack_lvl+0xf2/0x150 [ 203.203023][T11587] dump_stack+0x15/0x20 [ 203.207244][T11587] should_fail_ex+0x229/0x230 [ 203.212008][T11587] ? skb_clone+0x154/0x1f0 [ 203.216432][T11587] should_failslab+0x8f/0xb0 [ 203.221049][T11587] kmem_cache_alloc_noprof+0x4c/0x290 [ 203.226446][T11587] skb_clone+0x154/0x1f0 [ 203.230721][T11587] __netlink_deliver_tap+0x2bd/0x4c0 [ 203.236364][T11587] netlink_unicast+0x64a/0x670 [ 203.241154][T11587] netlink_sendmsg+0x5cc/0x6e0 [ 203.245969][T11587] ? __pfx_netlink_sendmsg+0x10/0x10 [ 203.251281][T11587] __sock_sendmsg+0x140/0x180 [ 203.256051][T11587] ____sys_sendmsg+0x312/0x410 [ 203.260850][T11587] __sys_sendmsg+0x1e9/0x280 [ 203.265517][T11587] __x64_sys_sendmsg+0x46/0x50 [ 203.270301][T11587] x64_sys_call+0x2689/0x2d60 [ 203.275001][T11587] do_syscall_64+0xc9/0x1c0 [ 203.279522][T11587] ? clear_bhb_loop+0x55/0xb0 [ 203.284289][T11587] ? clear_bhb_loop+0x55/0xb0 [ 203.289017][T11587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.295028][T11587] RIP: 0033:0x7fac63fd9ef9 [ 203.299522][T11587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.319162][T11587] RSP: 002b:00007fac62c51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 203.327725][T11587] RAX: ffffffffffffffda RBX: 00007fac64175f80 RCX: 00007fac63fd9ef9 [ 203.335702][T11587] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005 [ 203.343713][T11587] RBP: 00007fac62c51090 R08: 0000000000000000 R09: 0000000000000000 [ 203.351730][T11587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.359709][T11587] R13: 0000000000000000 R14: 00007fac64175f80 R15: 00007ffd1e0348b8 [ 203.367702][T11587] [ 203.383899][ T3283] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.427666][T10533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.438224][T11541] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.445335][T11541] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.454381][T11541] bridge_slave_0: entered allmulticast mode [ 203.456296][T11600] loop3: detected capacity change from 0 to 512 [ 203.460989][T11541] bridge_slave_0: entered promiscuous mode [ 203.480914][T11541] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.488113][T11541] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.498060][T11600] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.2532: corrupted in-inode xattr: invalid ea_ino [ 203.513869][T11600] EXT4-fs error (device loop3): ext4_orphan_get:1396: comm syz.3.2532: couldn't read orphan inode 15 (err -117) [ 203.520709][T11541] bridge_slave_1: entered allmulticast mode [ 203.529459][T11600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.535531][T11541] bridge_slave_1: entered promiscuous mode [ 203.567438][T11541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.591801][T11541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.606234][ T3283] bridge_slave_1: left allmulticast mode [ 203.611967][ T3283] bridge_slave_1: left promiscuous mode [ 203.617618][ T3283] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.625538][ T3283] bridge_slave_0: left allmulticast mode [ 203.628512][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 203.628585][ T29] audit: type=1400 audit(1724957217.937:3704): avc: denied { append } for pid=11599 comm="syz.3.2532" path="/20/file0/file0/memory.events.local" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 203.631244][ T3283] bridge_slave_0: left promiscuous mode [ 203.667616][ T3283] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.769993][ T3283] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 203.781095][ T3283] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 203.791406][ T3283] bond0 (unregistering): Released all slaves [ 203.827252][T11541] team0: Port device team_slave_0 added [ 203.835697][T11541] team0: Port device team_slave_1 added [ 203.865706][T11541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.872759][T11541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.899078][T11541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.912697][T11541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.919803][T11541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.945899][T11541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.967755][T11571] chnl_net:caif_netlink_parms(): no params data found [ 204.004417][T11541] hsr_slave_0: entered promiscuous mode [ 204.010632][T11541] hsr_slave_1: entered promiscuous mode [ 204.016576][T11541] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 204.024180][T11541] Cannot create hsr debugfs directory [ 204.032906][ T3283] hsr_slave_0: left promiscuous mode [ 204.038616][ T3283] hsr_slave_1: left promiscuous mode [ 204.044389][ T3283] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.051959][ T3283] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.060148][ T3283] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.067766][ T3283] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.077751][ T3283] veth1_macvtap: left promiscuous mode [ 204.083267][ T3283] veth0_macvtap: left promiscuous mode [ 204.088876][ T3283] veth1_vlan: left promiscuous mode [ 204.094209][ T3283] veth0_vlan: left promiscuous mode [ 204.184980][ T3283] team0 (unregistering): Port device team_slave_1 removed [ 204.195367][ T3283] team0 (unregistering): Port device team_slave_0 removed [ 204.249225][T11622] pim6reg1: entered promiscuous mode [ 204.254605][T11622] pim6reg1: entered allmulticast mode [ 204.267621][T11571] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.274793][T11571] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.282165][T11571] bridge_slave_0: entered allmulticast mode [ 204.282705][T11571] bridge_slave_0: entered promiscuous mode [ 204.283819][T11571] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.283864][T11571] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.283974][T11571] bridge_slave_1: entered allmulticast mode [ 204.284640][T11571] bridge_slave_1: entered promiscuous mode [ 204.323453][T11046] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.352918][T11571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.371136][T11571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.420200][T11571] team0: Port device team_slave_0 added [ 204.431792][T11571] team0: Port device team_slave_1 added [ 204.454147][T11571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.461712][T11571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.475624][ T29] audit: type=1326 audit(1724957218.777:3705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11637 comm="syz.3.2542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fac63fd9ef9 code=0x0 [ 204.487719][T11571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.522666][T11571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.529671][T11571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.529764][T11571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.592117][T11571] hsr_slave_0: entered promiscuous mode [ 204.599031][T11571] hsr_slave_1: entered promiscuous mode [ 204.605683][T11571] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 204.613944][T11571] Cannot create hsr debugfs directory [ 204.623430][T11641] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2543'. [ 204.627463][T11642] Process accounting resumed [ 204.761044][ T3283] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.791543][T11541] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 204.800192][T11541] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 204.809225][T11541] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 204.817868][T11541] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 204.830293][ T3283] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.881303][ T3283] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.895187][T11541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.907820][T11541] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.920515][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.927756][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.941970][ T3283] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.955068][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.962314][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.033712][ T3283] bridge_slave_1: left allmulticast mode [ 205.039492][ T3283] bridge_slave_1: left promiscuous mode [ 205.045172][ T3283] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.062819][ T3283] bridge_slave_0: left allmulticast mode [ 205.068629][ T3283] bridge_slave_0: left promiscuous mode [ 205.074417][ T3283] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.159765][ T3283] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 205.170165][ T3283] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.180109][ T3283] bond0 (unregistering): Released all slaves [ 205.196999][T11541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.270238][T11541] veth0_vlan: entered promiscuous mode [ 205.280752][T11541] veth1_vlan: entered promiscuous mode [ 205.298090][T11541] veth0_macvtap: entered promiscuous mode [ 205.305842][T11541] veth1_macvtap: entered promiscuous mode [ 205.320139][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.330803][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.340810][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.340832][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.340851][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.340878][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.340895][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.340911][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.342501][T11541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.366671][ T3283] hsr_slave_0: left promiscuous mode [ 205.421285][ T3283] hsr_slave_1: left promiscuous mode [ 205.426919][ T3283] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.434432][ T3283] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.442693][ T3283] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.450408][ T3283] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.462078][ T3283] veth1_macvtap: left promiscuous mode [ 205.467634][ T3283] veth0_macvtap: left promiscuous mode [ 205.473207][ T3283] veth1_vlan: left promiscuous mode [ 205.478817][ T3283] veth0_vlan: left promiscuous mode [ 205.480561][ T29] audit: type=1400 audit(1724957219.797:3706): avc: denied { write } for pid=11687 comm="syz.3.2555" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 205.480592][ T29] audit: type=1400 audit(1724957219.797:3707): avc: denied { nlmsg_read } for pid=11687 comm="syz.3.2555" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 205.624558][ T3283] team0 (unregistering): Port device team_slave_1 removed [ 205.635730][ T3283] team0 (unregistering): Port device team_slave_0 removed [ 205.675690][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.686197][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.696198][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.706731][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.706750][T11541] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.727111][T11541] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.739428][T11541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.750494][T11688] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (64) [ 205.762644][T11541] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.771544][T11541] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.780438][T11541] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.780479][T11541] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.812952][T11694] pim6reg1: entered promiscuous mode [ 205.818427][T11694] pim6reg1: entered allmulticast mode [ 205.858529][T11571] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 205.868237][T11699] loop2: detected capacity change from 0 to 256 [ 205.869361][T11571] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 205.885348][T11701] loop3: detected capacity change from 0 to 512 [ 205.898152][T11541] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 205.908224][T11571] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 205.910112][T11541] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 205.924929][T11571] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 205.948387][T11701] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.975552][T11701] ext4 filesystem being mounted at /29/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 206.068735][T11571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.087072][T11571] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.101029][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.108233][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.120620][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.127836][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.156179][T11046] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.203336][T11716] loop3: detected capacity change from 0 to 512 [ 206.229777][T11716] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.254209][T11571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.260026][T11716] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 206.274401][T11726] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 206.331547][T11046] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.352180][T11571] veth0_vlan: entered promiscuous mode [ 206.368352][T11571] veth1_vlan: entered promiscuous mode [ 206.389738][T11571] veth0_macvtap: entered promiscuous mode [ 206.399785][T11571] veth1_macvtap: entered promiscuous mode [ 206.412613][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.423227][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.433114][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.443651][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.443670][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.443687][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.473823][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 206.473843][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.475427][T11571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 206.503534][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.514018][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.523951][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.534472][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.544464][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.544538][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.544554][T11571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 206.544569][T11571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.546348][T11571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.597353][T11571] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.597397][T11571] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.597453][T11571] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.597488][T11571] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.627889][ T29] audit: type=1326 audit(1724957220.937:3708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11747 comm="syz.1.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 206.660356][ T29] audit: type=1326 audit(1724957220.937:3709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11747 comm="syz.1.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 206.660417][ T29] audit: type=1326 audit(1724957220.937:3710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11747 comm="syz.1.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 206.660443][ T29] audit: type=1326 audit(1724957220.937:3711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11747 comm="syz.1.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 206.660469][ T29] audit: type=1326 audit(1724957220.947:3712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11747 comm="syz.1.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 206.660498][ T29] audit: type=1326 audit(1724957220.947:3713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11747 comm="syz.1.2573" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3eb6e19ef9 code=0x7ffc0000 [ 206.697741][T11752] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2526'. [ 206.839609][T11755] loop4: detected capacity change from 0 to 256 [ 206.858821][T10533] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 206.866714][T10533] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 207.156396][T11751] ================================================================== [ 207.164507][T11751] BUG: KCSAN: data-race in mem_cgroup_iter / mem_cgroup_iter [ 207.171899][T11751] [ 207.174227][T11751] read to 0xffff888114376668 of 4 bytes by task 11753 on cpu 1: [ 207.181856][T11751] mem_cgroup_iter+0x93/0x380 [ 207.186540][T11751] shrink_node+0x74a/0x1d40 [ 207.191052][T11751] do_try_to_free_pages+0x3c6/0xc50 [ 207.196271][T11751] try_to_free_mem_cgroup_pages+0x1f3/0x4f0 [ 207.202185][T11751] try_charge_memcg+0x2bc/0x810 [ 207.207045][T11751] obj_cgroup_charge_pages+0xbd/0x1a0 [ 207.212432][T11751] __memcg_kmem_charge_page+0x9d/0x170 [ 207.217910][T11751] __alloc_pages_noprof+0x1bc/0x360 [ 207.223133][T11751] alloc_pages_mpol_noprof+0xb1/0x1e0 [ 207.228523][T11751] alloc_pages_noprof+0xe1/0x100 [ 207.233477][T11751] __vmalloc_node_range_noprof+0x736/0xec0 [ 207.239297][T11751] bpf_map_area_alloc+0xd8/0x110 [ 207.244250][T11751] array_map_alloc+0x1c2/0x390 [ 207.249036][T11751] map_create+0x83c/0xb90 [ 207.253376][T11751] __sys_bpf+0x667/0x7a0 [ 207.257625][T11751] __x64_sys_bpf+0x43/0x50 [ 207.262152][T11751] x64_sys_call+0x2625/0x2d60 [ 207.266846][T11751] do_syscall_64+0xc9/0x1c0 [ 207.271374][T11751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.277292][T11751] [ 207.279619][T11751] read-write to 0xffff888114376668 of 4 bytes by task 11751 on cpu 0: [ 207.287774][T11751] mem_cgroup_iter+0x28e/0x380 [ 207.292557][T11751] shrink_node+0x74a/0x1d40 [ 207.297090][T11751] do_try_to_free_pages+0x3c6/0xc50 [ 207.302313][T11751] try_to_free_mem_cgroup_pages+0x1f3/0x4f0 [ 207.308231][T11751] try_charge_memcg+0x2bc/0x810 [ 207.313091][T11751] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 207.319179][T11751] __read_swap_cache_async+0x2b7/0x520 [ 207.324682][T11751] swap_cluster_readahead+0x276/0x3f0 [ 207.330091][T11751] swapin_readahead+0xe4/0x760 [ 207.334869][T11751] do_swap_page+0x3da/0x1ef0 [ 207.339474][T11751] handle_mm_fault+0x8cb/0x2a30 [ 207.344336][T11751] exc_page_fault+0x3b9/0x650 [ 207.349033][T11751] asm_exc_page_fault+0x26/0x30 [ 207.353906][T11751] [ 207.356229][T11751] value changed: 0x00000099 -> 0x0000009a [ 207.361948][T11751] [ 207.364275][T11751] Reported by Kernel Concurrency Sanitizer on: [ 207.370427][T11751] CPU: 0 UID: 0 PID: 11751 Comm: syz.0.2526 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 207.381209][T11751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 207.391489][T11751] ================================================================== [ 207.422781][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.466855][T11571] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 207.477836][T11571] CPU: 0 UID: 0 PID: 11571 Comm: syz-executor Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 207.488836][T11571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 207.498953][T11571] Call Trace: [ 207.502292][T11571] [ 207.505245][T11571] dump_stack_lvl+0xf2/0x150 [ 207.509860][T11571] dump_stack+0x15/0x20 [ 207.514120][T11571] dump_header+0x83/0x2d0 [ 207.518569][T11571] oom_kill_process+0x341/0x4c0 [ 207.523476][T11571] out_of_memory+0x9af/0xbe0 [ 207.528138][T11571] ? __rcu_read_unlock+0x4e/0x70 [ 207.533110][T11571] mem_cgroup_out_of_memory+0x13e/0x190 [ 207.538758][T11571] try_charge_memcg+0x51b/0x810 [ 207.543698][T11571] ? _rtl_pci_rx_interrupt+0x350/0xc60 [ 207.549381][T11571] mem_cgroup_swapin_charge_folio+0x107/0x1a0 [ 207.555577][T11571] __read_swap_cache_async+0x2b7/0x520 [ 207.561086][T11571] swap_cluster_readahead+0x276/0x3f0 [ 207.566597][T11571] swapin_readahead+0xe4/0x760 [ 207.571389][T11571] ? __filemap_get_folio+0x420/0x5b0 [ 207.576793][T11571] ? save_fpregs_to_fpstate+0x102/0x160 [ 207.582432][T11571] ? swap_cache_get_folio+0x77/0x210 [ 207.587779][T11571] do_swap_page+0x3da/0x1ef0 [ 207.592399][T11571] ? hrtimer_start_range_ns+0x53d/0x580 [ 207.597986][T11571] ? hrtimer_try_to_cancel+0x106/0x1d0 [ 207.603529][T11571] ? __rcu_read_lock+0x36/0x50 [ 207.608896][T11571] ? pte_offset_map_nolock+0x124/0x1d0 [ 207.614433][T11571] handle_mm_fault+0x8cb/0x2a30 [ 207.619335][T11571] exc_page_fault+0x3b9/0x650 [ 207.624127][T11571] asm_exc_page_fault+0x26/0x30 [ 207.629091][T11571] RIP: 0033:0x7f9bc05cbfa5 [ 207.633534][T11571] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 05 14 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74 [ 207.653295][T11571] RSP: 002b:00007ffed3719298 EFLAGS: 00010246 [ 207.659382][T11571] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 00007f9bc05cbfa3 [ 207.667596][T11571] RDX: 00007ffed37192b0 RSI: 0000000000000000 RDI: 0000000000000000 [ 207.675637][T11571] RBP: 00007ffed371930c R08: 0000000008490c0a R09: 7fffffffffffffff [ 207.683663][T11571] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 207.691658][T11571] R13: 0000000000032863 R14: 000000000003275f R15: 00007ffed3719360 [ 207.699660][T11571] [ 207.703008][T11571] memory: usage 307200kB, limit 307200kB, failcnt 2560 [ 207.709909][T11571] memory+swap: usage 307400kB, limit 9007199254740988kB, failcnt 0 [ 207.717907][T11571] kmem: usage 307088kB, limit 9007199254740988kB, failcnt 0 [ 207.725267][T11571] Memory cgroup stats for /syz0: [ 207.735676][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.771920][T11571] cache 114688 [ 207.775348][T11571] rss 0 [ 207.778284][T11571] shmem 0 [ 207.781223][T11571] mapped_file 110592 [ 207.785128][T11571] dirty 110592 [ 207.788655][T11571] writeback 0 [ 207.792043][T11571] workingset_refault_anon 8 [ 207.796560][T11571] workingset_refault_file 0 [ 207.801112][T11571] swap 172032 [ 207.804510][T11571] swapcached 32768 [ 207.808400][T11571] pgpgin 211568 [ 207.811875][T11571] pgpgout 211532 [ 207.815670][T11571] pgfault 218515 [ 207.819285][T11571] pgmajfault 11 [ 207.822755][T11571] inactive_anon 0 [ 207.826460][T11571] active_anon 32768 [ 207.830328][T11571] inactive_file 0 [ 207.833968][T11571] active_file 114688 [ 207.837935][T11571] unevictable 0 [ 207.841468][T11571] hierarchical_memory_limit 314572800 [ 207.846901][T11571] hierarchical_memsw_limit 9223372036854771712 [ 207.853128][T11571] total_cache 114688 [ 207.857230][T11571] total_rss 0 [ 207.860537][T11571] total_shmem 0 [ 207.864009][T11571] total_mapped_file 110592 [ 207.868680][T11571] total_dirty 110592 [ 207.872588][T11571] total_writeback 0 [ 207.876474][T11571] total_workingset_refault_anon 8 [ 207.881739][T11571] total_workingset_refault_file 0 [ 207.886775][T11571] total_swap 172032 [ 207.890645][T11571] total_swapcached 32768 [ 207.894966][T11571] total_pgpgin 211568 [ 207.898977][T11571] total_pgpgout 211532 [ 207.903050][T11571] total_pgfault 218515 [ 207.907188][T11571] total_pgmajfault 11 [ 207.911256][T11571] total_inactive_anon 0 [ 207.915420][T11571] total_active_anon 32768 [ 207.919796][T11571] total_inactive_file 0 [ 207.924015][T11571] total_active_file 114688 [ 207.928471][T11571] total_unevictable 0 [ 207.932464][T11571] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2526,pid=11751,uid=0 [ 207.947536][T11571] Memory cgroup out of memory: Killed process 11753 (syz.0.2526) total-vm:89240kB, anon-rss:512kB, file-rss:18292kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 208.002617][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.071342][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.140798][ T11] bridge_slave_1: left allmulticast mode [ 208.146646][ T11] bridge_slave_1: left promiscuous mode [ 208.152413][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.161858][ T11] bridge_slave_0: left allmulticast mode [ 208.167623][ T11] bridge_slave_0: left promiscuous mode [ 208.173307][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.290608][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.302436][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.312855][ T11] bond0 (unregistering): Released all slaves [ 208.323639][ T11] bond1 (unregistering): Released all slaves [ 208.429561][ T11] hsr_slave_0: left promiscuous mode [ 208.436958][ T11] hsr_slave_1: left promiscuous mode [ 208.442916][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.450418][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.459787][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.467240][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.476679][ T11] veth1_macvtap: left promiscuous mode [ 208.482359][ T11] veth0_macvtap: left promiscuous mode [ 208.487981][ T11] veth1_vlan: left promiscuous mode [ 208.493243][ T11] veth0_vlan: left promiscuous mode [ 208.601063][ T11] team0 (unregistering): Port device team_slave_1 removed [ 208.612198][ T11] team0 (unregistering): Port device team_slave_0 removed [ 209.016316][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.762614][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.822006][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.870707][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.943158][ T11] bridge_slave_1: left allmulticast mode [ 211.948873][ T11] bridge_slave_1: left promiscuous mode [ 211.954530][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.962536][ T11] bridge_slave_0: left allmulticast mode [ 211.968246][ T11] bridge_slave_0: left promiscuous mode [ 211.973984][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.101609][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.112417][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.123999][ T11] bond0 (unregistering): Released all slaves [ 212.251506][ T11] hsr_slave_0: left promiscuous mode [ 212.257517][ T11] hsr_slave_1: left promiscuous mode [ 212.263363][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.270874][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.279656][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.287060][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.296509][ T11] veth1_macvtap: left promiscuous mode [ 212.302092][ T11] veth0_macvtap: left promiscuous mode [ 212.307683][ T11] veth1_vlan: left promiscuous mode [ 212.313065][ T11] veth0_vlan: left promiscuous mode [ 212.413556][ T11] team0 (unregistering): Port device team_slave_1 removed [ 212.424011][ T11] team0 (unregistering): Port device team_slave_0 removed